Things to Change After Variable "short_product_name" is not defined Enablement
As an existing customer, when you enable Variable "short_product_name" is not defined application for your subscription, you start noticing the following changes. There is no need for additional action, all these changes start appearing automatically once you enable Variable "short_product_name" is not defined.
| CVE Based Findings View |
Once you enable Variable "short_product_name" is not defined, the findings view changes from QID to CVE-based. We empowered the Qualys Enterprise TruRisk™ Management (Variable "short_product_name" is not defined) by enhancingvulnerability tracking from the Qualys Detection ID (QID) system to the globally recognized Common Vulnerabilities and Exposures (CVE) framework, consolidating vulnerabilities from multiple tools into a single, unified platform.
Variable "short_product_name" is not defined is based on CVE, which is the common denominator in Variable "short_product_name" is not defined. CVE-based findings expand QID with multiple CVEs.
Example:
QID1 → CVE1, CVE2
QID2 → CVE2, CVE3
QID3 → No CVE
3 findings are displayed in Variable "short_product_name" is not defined: CVE1, CVE2, CVE3.
This enables you to:
- Simplify vulnerability management by consolidating data from various sources.
- Prioritize based on CVSS.
The following image illustrates the CVE based findings view in Variable "short_product_name" is not defined:
However, the QID view within the VMDR platform is maintained to ensure that existing workflows and reports remain uninterrupted. Preserving the QID capabilities alongside the new CVE capabilities in Variable "short_product_name" is not defined helps with seamless transition and flexibility so that you can adapt to the new system at your own pace without disrupting your current security operations.
The following image illustrates the QID based findings view within VMDR:
| Improved TruRisk Score Formula |
Once you enable the Variable "short_product_name" is not defined, the TruRisk formula TruRisk™ 1.0 is automatically upgraded to version TruRisk™ 2.0 for better accuracy and consistency, impacting all screens and features wherever the TruRisk score is displayed across all Qualys applications.
The existing TruRisk calculation, TruRisk™ 1.0, is based on average risk (QDS) across the critical, high, medium, and low buckets.
The new TruRisk score , TruRisk™ 2.0, leverages the maximum risk (QDS) and the number of occurrences of risks.
|
New TruRisk Score Formula (2.0): |
Existing TruRisk Score Formula (1.0): |
For more information about TruRisk score, refer to the topic TruRisk™ Score Model.
| TruRisk Score Update Frequency |
Once you enable ETM, TruRisk scores are now updated twice a day. This replaces the existing scan-based TruRisk score updates and impacts all screens and features where the TruRisk score is displayed across all Qualys applications.
Risk scores are updated twice a day to provide more frequent and real-time assessments. This update occurs as new vulnerabilities are detected and existing ones are addressed. Such responsiveness ensures that the scoring accurately reflects real-time changes in an asset's risk profile, enabling organizations to adapt their security measures more effectively.
| TruRisk Score Widget Change in Unified Dashboard |
Once you enable Variable "short_product_name" is not defined, you notice the following updated counts change for contributing risk factors.
The TruRisk widget in Variable "short_product_name" is not defined reflects the new TruRisk scoring formula (TruRisk™2.0). The updated counts are based on CVE instead of QID for contributing risk factors. In order to standardize vulnerability counts, TruRisk™ 2.0 uses CVE IDs for counts. This allows us to correlate and deduplicate vulnerabilities from third-party sources to provide an aggregated risk score for an asset.
The TruRisk score widget in VMDR also reflects the new TruRisk scoring formula (TruRisk™2.0). However, updated counts are based on QID for contributing risk factors.
Since the base used for calculating updated counts for TruRisk score contributing factors is different (CVE for Variable "short_product_name" is not defined and QID for VMDR), the number of updated count shown in Variable "short_product_name" is not defined and VMDR varies.
Still have questions?Still have questions?
- Does enabling ETM impact the default vulnerability view of my VMDR application?
No, the vulnerabilities view continues to be QID based. The QID view within the VMDR platform is maintained to ensure that existing workflows and reports remain uninterrupted. Preserving the QID capabilities alongside the new CVE capabilities in Variable "short_product_name" is not defined helps with seamless transition and flexibility so that you can adapt to the new system at your own pace without disrupting your current security operations. - Can I view third-party vulnerabilities in VMDR?
No, you can only view the vulnerabilities scanned and detected by your VMDR application. - Does TruRisk score differ in VMDR and ETM?
No, Once you enable ETM, the TruRisk formula TruRisk™ 1.0 is automatically upgraded to version TruRisk™ 2.0 for better accuracy and consistency, impacting all screens and features wherever the TruRisk score is displayed across all Qualys applications. However, the number of updated counts for TruRisk score contributing factors varies in Variable "short_product_name" is not defined and VMDR as the base used for calcuating updated count is different (CVE for Variable "short_product_name" is not defined and QID for VMDR), - Does enabling Variable "short_product_name" is not defined impact ServiceNow and Jira integrations configured with VMDR?
No, these integrations continue to work based on QIDs. However, in the future, ETM connectors for ServiceNow and Jira will support ticket creation for every finding, including CVEs. - Does enabling ETM impact API/ integrations?
No, all existing APIs and integrations remain unchanged. The only difference is that the TruRisk score is calculated using new TruRisk™ 2.0 calculation model. TruRisk™ Score Model - Does enabling ETM impact existing reports?
No, the only change is the updated TruRisk score based on the new TruRisk™ 2.0 calculation model.
TruRisk™ Score Model - Can I prevent the changes introduced by enabling Variable "short_product_name" is not defined?
Yes, you can choose not to use Variable "short_product_name" is not defined. However, we recommend upgrading to Variable "short_product_name" is not defined for enhanced functionality, including the ability to ingest third-party findings and access the new TruRisk™ 2.0 calculation model.