1. home icon for breadcrumbs >
  2. Discover and Manage Security Risks >
  3. View Findings Using Custom Attributes

View Findings Using Custom Attributes

Organizations encounter challenges when managing and categorizing Findings within cyber security platforms, primarily due to the varying business needs across different sectors. These complexities require a custom approach to ensure effective findings management and security.

  • Custom Attribute Creation

    Write your own formula to calculate custom attributes for each finding.

  • Flexible Tagging Options

    Flexibility in using custom attributes as QQL tokens for creating dashboard widgets and filtering all findings.

  • Improved Categorization

    With the ability to categorize findings using relevant attributes, users can enhance data organization and searchability.

To avail this feature, connect to your Technical Account Manager (TAM) or Qualys Support.

You can define and manage Custom Attributes for findings in Qualys ETM. We provide five static Custom Attributes that you can personalize and utilize according to your preferences. You can view these Custom Attributes on the Configuration tab. 

View location of custom attributes.

RBAC for Custom Attribute 

You can now control access to Custom Attributes in Qualys ETM through Role-Based Access Control (RBAC). This feature enables administrators to define permissions for viewing and modifying Custom Attributes based on user roles within your organization. This allows for granular control over who can see and modify attribute configurations, supporting proper segregation of duties across security teams.

With this release, we have added two permissions aligning with organizational security policies and compliance requirements.

  • ETM.CUSTOM_ATTRIBUTE.VIEW
  • ETM.CUSTOM_ATTRIBUTE.UPDATE

Role-Permission Mapping

The following table outlines the permissions granted to each role.

Role name

ETM.CUSTOM_
ATTRIBUTE.VIEW

ETM.CUSTOM_
ATTRIBUTE.UPDATE
ETM Manager Granted Granted
Unit Manager Granted Granted
Reader Granted Not Granted

ETM Viewer

 Granted Not Granted

How do I access RBAC Permissions?

You can find these permissions in the Administration application of your Qualys Enterprise TruRisk Platform account.

  1. Navigate to Administration, select the  user and click Edit from Quick Action menu.
  2. Go to Roles and Scopes > New User.
  3. Search for ETM and select the ETM tile.
  4. Click Change.
  5. Edit the View and Update permissions for Custom Attribute.

view permissions.

Creating Custom Attribute

For creating Custom Attribute, follow these steps:

  1. Navigate to Configuration > Custom Attributes.
  2. Select an attribute, and click Edit from Quick Actions menu.

    The Edit Custom Attribute page is displayed. It displays Token Name, Attribute Type information. 

  3. Provide a suitable Attribute Name for your attribute using  icon.

  4. Provide your calculation logic in the given WHEN, THEN, and ELSE conditions.
    You can Nested loops conditions if needed. 

  5. Click Validate to check logic of the your formula.

    • Currently, only numeric computations are permitted. The result of the calculated field type must be a numeric value. The result is rounded to the nearest integer.

    • Validation of the provided formula is based on assumed valuation.

    • Custom Attributes are updated every 6 hours.

  6. To view the result of the Custom Attribute and see the predefined values it uses, click How it works?

  7. To save the Custom Attribute settings, click Save.

     

Use Case: Creating a Custom Attribute

Let us consider an example to illustrate the effective use of this feature. The Qualys Detection Score attribute is designated to vulnerabilities identified by Qualys, with a default value set at 50. If you wish to develop a custom risk score that aligns with your specific needs and categorize your findings accordingly, you can create a custom attribute utilizing the provided formula.

Let us see one example where we want to develop a custom QDS attribute considering environmental factors. In the following script, we want to increase the risk score value if the asset is internet-facing; otherwise, the normal formula for the risk score value applies.

In the following example, 

asset.internetFacing,asset.criticalityScore are asset attributes and finding.qds is a finding attribute. For more information, you can refer Supported Attribute section. 

Currently, only numeric computations are permitted. The result of the calculated field type must be a numeric value. The result is rounded to the nearest integer.

Our formula to calculate QDS attribute

When asset.internetFacing == "TRUE"
THEN finding.qds * asset.criticalityScore * 1.2 
ELSE finding.qds * asset.criticalityScore 

To create Custom Attribute as Custom Risk Score, follow these steps.

  1. Navigate to Configuration > Custom Attributes.
  2. Select an attribute, and click Edit from Quick Actions menu.

    For demonstartion we have used customNumber1.

  3. Provide a suitable Attribute Name for your attribute. 
    For example, QDS Attribute in this case.
  4. Provide your calculation logic in the given WHEN, THEN, and ELSE conditions.
    When asset.internetFacing == "TRUE"
    THEN finding.qds * asset.criticalityScore * 1.2 
    ELSE finding.qds * asset.criticalityScore

  5. Click Validate.

    A validation successful message is displayed.

  6. To view the calculation logic and see the predefined values it uses, click How it works?

    Validation Details window is displayed.
    It displays Asset Attributes and Finding Attributes.

  7. Click Save to create Custom Attribute for Custom Score.

    The customNumber1 attribute is updated with your defined Custom Risk Score.

    Now using customNumber1 token you can filter your findings.

Search Findings Using Custom Attributes

You can use the customNumber tokens to search findings for specific Custom Attributes.

In the following example, you can see findings related to custom attribute with help of token customNumber1.

To filter the findings based on your created attribute, follow these steps.

  1. Navigate to Risk Management > Findings.
  2. Enter the token and value.

    All the findings that apply to this token are displayed.

  3. To view details of the findings, select View Details from Quick Actions menu.

    You can view your Custom Risk Score in details of the findings.

Currently, only numeric computations are permitted. The result of the calculated field type must be a numeric value. The result is rounded to the nearest integer.

Supported Attributes

To help with the logic writing, the evaluation engine injects the respective asset and finding object into the script during runtime evaluation. The current context determines these assets and finding objects.

You can access a range of attributes for both the asset and the finding, as outlined in the following details:

Assets Attributes

Attribute Name

Datatype

Possible Values

asset.name

string

 

asset.truRisk

number

0-1000

asset.criticalityScore

number

1 - 5

asset.assetID

string

TRUE/FALSE

asset.operatingSystem

string

 

asset.internetFacing

boolean

 

Findings Attributes

Attribute Name

Datatype

Possible Values

finding.id

String

 

finding.name

String

 

finding.severity

Number

1- 5

finding.qds

Number

0-100

finding.cvss2Base

Float

0.0 to 10.0

finding.cvss2Temporal

Float

0.0 to 10.0

finding.cvss3Base

Float

0.0 to 10.0

finding.cvss3Temporal

Float

0.0 to 10.0

finding.typeDetected 

String

 

finding.epss

Float

Probability score between 0 and 1 Includes decimal

finding.subType

String

 

finding.title

String

 

finding.type

String

“VULNERABILITY”, “MISCONFIGURATION”

finding.status

String

"PASS", "FAIL", "ACTIVE", "FIXED", "NEW", "REOPENED"

Supported Operators 

PLUS  +
MINUS  -
MULTIPLY  *
DIVIDE /
COMPARE_EQUAL  ==
COMPARE_NOT_EQUAL  !=
COMPARE_LESS_THAN  <
COMPARE_LESS_THAN_EQUAL  <=
COMPARE_GREATER_THAN  >
COMPARE_GREATER_THAN_EQUAL  >=
LOGICAL_AND  &&
LOGICAL_OR  ||

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.