Glossary

Understanding the terminology related to the product is essential. It helps you navigate and explain the complexities of the subject quickly.

A | B | C | D | E | F | G| H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
A
  • Asset Criticality Score: Asset Criticality Score (ACS) represents the criticality of an asset in your business infrastructure. It is calculated based on multiple tags assigned to the asset with an ACS defined. If the tags associated with the asset don’t have criticality scores defined, then a score of ‘2’ is assigned by default. 
  • Asset ExposureAsset Exposure displays the name of external tags. This contributing factor is displayed only if any external tag is associated with the asset.
  • Asset Identification: Asset Identification is an attribute that identifies whether the assets identified by the third-party sources already exist in Qualys. 
B
  • Business Entity: Business Entity is your most valuable asset. It is created using a Qualys tag and can have more than one tag.  It is essentially a collection of assets supporting your business applications. You can also configure a Risk Appetite and add a business value and loss magnitudes for any type of loss to monitor financial risk across enterprises.

    Business entities can be based on industry, like a Checkout Application, Customer Support, Shipping Network, Inventory Platform, Order Management, Marketing and Sales analytics, or the you can define your own business entity.
C
  • Connectors: Connectors allow you to bring security findings from any external security tool you use into ETM to create a unified view of vulnerabilities and compliance issues for posture analysis. You can configure connectors for all external security tools to ingest security findings from cloud assets, host assets, web applications, and cloud resources such as buckets and containers. Security findings include vulnerabilities, misconfigurations, compliance findings, and incidents.
D
  • Dashboard: Dashboards bring information from all Qualys applications into a single place for visualization. You can customize and share the information with specific users. The dashboards allow you to view your organization's data in a single place, enabling you to understand your data better and make informed decisions.
F
  • Findings: Security findings categorized into vulnerabilities and misconfigurations.
L
  • Loss Type: The Loss Type field in Qualys Enterprise TruRisk Management (ETM) provides a list of losses that can occur due to a breach. Providing the range of potential business losses associated with the loss type helps you to prioritize and plan response strategies.
M
  • Misconfiguration Findings: Security findings  relating to:
    • Incorrect setup or configuration of software and systems.
    • Breaches of policies, standards, or regulatory requirements.  It includes actions or setups that deviate from established best practices, internal policies, or legal compliance obligations, potentially leading to legal, financial, and reputational consequences.
Q
  • Qualys Detection Score: Qualys Detection Score (QDS) is assigned to vulnerabilities and any security findings (misconfiguration, compliance) detected by Qualys. QDS has a range from 1 to 100, which is divided into Critical (90-100), High (70-89), Medium (40-69), and Low (1-39).
  • Qualys TruRisk Score: Qualys TruRisk Score for assets is calculated based on the Asset Criticality Score (ACS) and Qualys Detection Score (QDS) assigned to all findings (vulnerabilities and misconfigurations) from Qualys and third-party data sources. For more information on calculation of TruRisk score, refer to Calculating TruRisk Score.
R
  • Risk AppetiteRisk Appetite is a threshold indicating your organization's acceptable TruRisk score. The Risk Appetite for TruRisk slider in Qualys Enterprise TruRisk Management (ETM) helps you choose the risk scale your organization can accept while planning your risk mitigation strategies.
  • Risk Quantification: Risk quantification allows you to express cyber security risk in monetary terms. If you want to quantify the cybersecurity risk of a business entity.

    It is the process of determining the potential impact of risks on a business entity by assigning monetary values to the likelihood and consequences of those risks. It involves the use of quantitative techniques to measure and express risk in terms of financial loss, operational disruption, reputational damage, or other relevant metrics. The goal of risk quantification is to provide a clear and objective basis for decision-making to prioritize and manage risks effectively.
S
  • Source Finding IDSource Finding ID is a unique external finding identifier. 
T
  • Tags: Tags help you to organize assets in your organization. You can apply tags manually or configure rules for automatically classifying your assets in logical, hierarchical, business-contextual groups.
  • Trending: Trending encompasses the cybersecurity community's current threats or practices gaining significant attention.  It is the analysis of data over a period of time to identify patterns, movements, or changes that indicate a direction or tendency. It helps in understanding how specific metrics or behaviors are evolving, enabling informed decision-making and forecasting. 
V
  • Vulnerability Findings: Security findings encompassing weaknesses or flaws within systems, applications, or processes that could be exploited by attackers to gain unauthorized access or cause harm.
  • Vendor IDVendor ID is a unique source identifier.
W
  • Widgets: Widgets are the graphical elements that give real-time information about the metrics. Widgets can be exported to the Dashboard

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.