Things to Change After ETM Enablement
As an existing customer, when you enable ETM application for your subscription, you start noticing the following changes. There is no need for additional action, all these changes start appearing automatically once you enable ETM.
| CVE Based Findings View |
Once you enable ETM, the findings view changes from QID to CVE-based. We empowered the Qualys Enterprise TruRisk™ Management (ETM) by enhancing vulnerability tracking from the Qualys Detection ID (QID) system to the globally recognized Common Vulnerabilities and Exposures (CVE) framework, consolidating vulnerabilities from multiple tools into a single, unified platform.
ETM is based on CVE, which is the common denominator in ETM. CVE-based findings expand QID with multiple CVEs.
Example:
QID1 → CVE1, CVE2
QID2 → CVE2, CVE3
QID3 → No CVE
3 findings are displayed in ETM: CVE1, CVE2, CVE3.
This enables you to:
- Simplify vulnerability management by consolidating data from various sources.
- Prioritize based on CVSS.
The following image illustrates the CVE based findings view in ETM:
However, the QID view within the VMDR platform is maintained to ensure that existing workflows and reports remain uninterrupted. Preserving the QID capabilities alongside the new CVE capabilities in ETM helps with seamless transition and flexibility so that you can adapt to the new system at your own pace without disrupting your current security operations.
The following image illustrates the QID based findings view within VMDR:
| Improved TruRisk Score Formula |
Once you enable the ETM, the TruRisk formula TruRisk™ 1.0 is automatically upgraded to version TruRisk™ 2.0 for better accuracy and consistency, impacting all screens and features wherever the TruRisk score is displayed across all Qualys modules.
The existing TruRisk calculation TruRisk™ 1.0 is based on average risk (QDS) across critical, high, medium, and low buckets.
The new TruRisk score TruRisk™ 2.0 leverages the maximum risk (QDS) and the number of occurrences of risks.
|
New TruRisk Score Formula (2.0): |
Existing TruRisk Score Formula (1.0): |
For more information about TruRisk score, refer to the topic TruRisk Score Model.
| TruRisk Score Update Frequency |
Once you enable ETM, TruRisk scores are updated every hour. This replaces the existing scan-based TruRisk score updates and impacts all screens and features where the TruRisk score is displayed across all Qualys applications.
For more frequent and real-time assessments, risk scores are updated every hour as new vulnerabilities are detected and existing ones are remediated. This responsiveness allows the scoring to reflect real-time changes in an asset’s risk profile, helping organizations adapt their security measures more effectively.
| TruRisk Score Widget Change in Unified Dashboard |
Once you enable ETM, you notice the following updated counts change for contributing risk factors.
The TruRisk widget in ETM reflects the new TruRisk scoring formula (TruRisk™2.0). The updated counts are based on CVE instead of QID for contributing risk factors. In order to standardize vulnerability counts, TruRisk™ 2.0 uses CVE IDs for counts. This allows us to correlate and deduplicate vulnerabilities from third-party sources to provide an aggregated risk score for an asset.
The TruRisk score widget in VMDR also reflects the new TruRisk scoring formula (TruRisk™2.0). However, updated counts are based on QID for contributing risk factors.
Since the base used for calculating updated counts for TruRisk score contributing factors is different (CVE for ETM and QID for VMDR), the number of updated count shown in ETM and VMDR varies.
Still have questions?Still have questions?
- Does enabling ETM impact the default vulnerability view of my VMDR application?
No, the vulnerabilities view continues to be QID based. The QID view within the VMDR platform is maintained to ensure that existing workflows and reports remain uninterrupted. Preserving the QID capabilities alongside the new CVE capabilities in ETM helps with seamless transition and flexibility so that you can adapt to the new system at your own pace without disrupting your current security operations. - Can I view third-party vulnerabilities in VMDR?
No, you can only view the vulnerabilities scanned and detected by your VMDR application. - Does TruRisk score differ in VMDR and ETM?
No, Once you enable ETM, the TruRisk formula TruRisk™ 1.0 is automatically upgraded to version TruRisk™ 2.0 for better accuracy and consistency, impacting all screens and features wherever the TruRisk score is displayed across all Qualys applications. However, the number of updated counts for TruRisk score contributing factors varies in ETM and VMDR as the base used for calcuating updated count is different (CVE for ETM and QID for VMDR), - Does enabling ETM impact ServiceNow and Jira integrations configured with VMDR?
No, these integrations continue to work based on QIDs. However, in the future, ETM connectors for ServiceNow and Jira will support ticket creation for every finding, including CVEs. - Does enabling ETM impact API/ integrations?
No, all existing APIs and integrations remain unchanged. The only difference is that the TruRisk score is calculated using new TruRisk™ 2.0 calculation model. TruRisk Score Model - Does enabling ETM impact existing reports?
No, the only change is the updated TruRisk score based on the new TruRisk™ 2.0 calculation model.
TruRisk Score Model - Can I prevent the changes introduced by enabling ETM?
Yes, you can choose not to use ETM. However, we recommend upgrading to ETM for enhanced functionality, including the ability to ingest third-party findings and access the new TruRisk™ 2.0 calculation model.