Risk Management Overview

Risk Management is a comprehensive detection, analysis, and remediation of identity-related security risks, including vulnerabilities, misconfigurations, and Active Directory misconfigurations issues.

The Risk Management Identity module provides enterprise security teams with complete visibility into identity-related security risks across your infrastructure. Our system combines advanced detection capabilities with actionable remediation guidance to help you maintain a secure identity posture.

Key Capabilities
  • Detection of known vulnerabilities, configuration misalignment, and Active Directory issues 
  • MITRE ATT&CK mapping for threat intelligence correlation
  • Detailed remediation guidance for rapid issue resolution
  • Identity Criticality Scoring and TruRisk™ Calculation


- If your account has UAI enabled, you can view all types of misconfigurations in the Misconfigurations tab, a separate ID Miconfiguration tab is not visible.   
- The UAI feature is available upon request. To activate it for your account, contact Qualys Support or your Technical Account Manager (TAM).

Vulnerabilities

Identify and track known vulnerabilities in your identity infrastructure. Explore CVSS scores, risk factors, and remediation pathways.

Learn More →

Misconfigurations

Discover system configuration issues that create security gaps. Get detailed detection information and step-by-step remediation guidance.

Learn More →

ID Misconfiguration

Deep-dive into Active Directory configuration issues with detection rules and comprehensive remediation strategies.

Learn More →

Core Features Across All Modules

Risk Scoring QVSS-based severity assessment with TruRisk™ Calculation for prioritized remediation

  • MITRE ATT&CK Mapping
    Correlation with MITRE ATT&CK framework for threat intelligence alignment.
  • Remediation Guidance
    Instructions for resolving identified security issues.
  • Timeline Tracking
    First Detected and Last Detected timestamps for compliance and tracking.
  • Multi-Source Detection
    Integration with the source connectors.
  • Status Filtering
    Distinguish between active (Fail) and resolved (Pass) security findings.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: May, 2026