View Risk Findings

Risk management is a critical framework designed to safeguard organizational assets, maintain uninterrupted operations, and defend your organization's reputation against cyber threats. It involves identifying vulnerabilities and misconfigurations, monitoring them, and mitigating the threats they poseThe . This section explains the Findings Overview and the listing of Vulnerabilities and Misconfigurations Findings.

Findings Overview

The Risk Management tab in ETM gives you an overview of Findings categorized as Vulnerabilities and Misconfigurations. The following screenshot displays the Findings Overview

Findings overview.

Vulnerabilities Findings

To view the vulnerabilities detected on your assets, navigate to the Risk Management > Findings page and select Vulnerability. You can also use various metadata filters, group by options, and custom query capabilities. Following is the Vulnerabilities data listed on the Findings page:

  • Vulnerability: This column lists the vulnerabilities detected on the assets. By clicking the Finding Name, you will be redirected to the Finding Summary page. 
  • QVSSQualys Vulnerability Scoring System (QVSS) is the scoring framework used in ETM to measure the severity of all security exposures, both vulnerabilities and misconfigurations, on a 0.0–10.0 scale.
  • Risk Factors:  Indicates the conditions or attributes that increase the likelihood or severity of a vulnerability being exploited.
  • Impact: Shows the potential damage or business effect if the vulnerability is successfully exploited.
  • EPSS Score: Displays the Exploit Prediction Scoring System value that estimates the probability of the vulnerability being exploited in the near term.
  • Detection Count: Represents the number of times this vulnerability has been identified across your monitored assets or environment.

  • The following Vulnerabilities screenshot under the Risk Management > Findings tab highlights its columns:

    Vulnerability findings tab.

View Vulnerability Finding Details

From the Vulnerability column, click View Details from the Quick Actions menu to view the following vulnerability details relating to the specific vulnerability:

This Findings Details page provides a complete risk, impact, and remediation view of a selected vulnerability (CVE).

Quick actions.

CVE Details page is displayed.

Refer to the following table for details on the fields.

Field  Information 

Header

This section displays the CVE ID, severity level (Medium), and Patch Available status.

  • A visual indicator to highlight when a CVE title is generated using AI. The  icon is displayed alongside the title on the CVE Details page

  • Displays the CVE ID, severity level (Medium), source, Real Threat Indicators (RTI), and Patch Available status.

  • Shows a short vulnerability description.

  • Includes Real Threat Indicators (RTI) such as Easy Exploit, Exploit Public, and Predicted High Risk.

  • The Impacting panel on the right shows:

    • Total affected assets 

    • Impacted business entities (if available)
CVSS vs QVSS Risk Comparison

This section compares technical severity with threat intelligence–based risk.

Use this section to understand whether the vulnerability is technically severe and whether it is actively exploited.

  • CVSS Base score Standard 
  • Threat Signals – Weaponized POC, malware presence, threat actors, CISA KEV status, EPSS probability, and trending status.
  • QVSS Base  – Contextual risk score adjusted using real-world threat intelligence.
Finding Details

Provides classification and mapping information.

Use this section to understand the findings. 

  • Impacted Asset Type

  • CWE ID

  • Type
  • MITRE ATT&CK mapping (if available).

Remediation & Actions

Use this section to identify how to fix the vulnerability.

  • Shows the number of available remediation steps.

  • Displays mitigation guidance status  (if available).

  • Summary of the recommendations at the base.

Your Impact

Provides environment-specific exposure details.

Use this to prioritize remediation based on exposure and external risk.

  • Total impacted assets
  • Internet-facing asset count
  • Business entity mapping (if configured)

Residual Exposure Gap

Provide deeper insights into vulnerability, exploitability, and remediation efficiency

Use this to understand attacker timelines with real-world exploit data and measure remediation performance across assets

  • Window of Weaponization (WOW):  The time taken by attackers to develop an exploit after a CVE is publicly disclosed.
  • Average Window of Exposure (AWE): The average time taken to remediate (patch) affected assets in your environment.
  • Remediation Efficiency Gap (REG): A comparative metric showing how your remediation speed aligns with attacker activity.

To know more about how to utilize these metrics, refer to the Residual Exposure Gap.
Vulnerability Lifecycle
 

Use this to understand how long the vulnerability has been active and exploited.

Timeline view showing:

  • First exploit POC date
  • Published date
  • First patch release date
    • CISA KEV added and due dates

Truconfirm

 

If you have TruConfirmed enabled, you can view the TruConfirm card on this page. The TruConfirm card gives security analysts a clear view of whether a vulnerability is truly exploitable in their environment, not just theoretically risky. By combining threat intelligence with validated evidence, these cards help teams prioritize what matters most.

This card contains the following information:

  • Real-world exploit status: Quickly see if a CVE is POC, Weaponized, or Actively Exploited.
  • Threat actor insights: Understand which attackers or groups are leveraging the vulnerability.
  • TruConfirm validation: Know if the exploit is Validated, Available for validation, or Ruled Out in your environment.
  • Direct evidence access: Drill down into host, port, and method details via View Evidence.
  • Faster prioritization: Focus on vulnerabilities that pose actual risk, not just theoretical severity.
  • Unified risk context: Combines CVSS, threat intelligence, and real exploit validation in one view.

Search Vulnerabilities

  1. Choose Vulnerability to display vulnerability data or Asset for asset data. You can easily browse the data list and explore details. For example, click the CVE 2021-40438 to view details for that vulnerability.
  2. The Group By option helps you organize your data. For example, you can select Group By Severity and then click any value listed in the Detection Count column to view the list of assets with the assigned severity.
  3. Use a filter. The filter option lets you choose the type of vulnerabilities to exclude from the data list.
  4. Use Quick Filters located in the left navigation. The Quick Filters option lets you choose the type of vulnerabilities to further filter them.
  5. Use search tokens to filter vulnerabilities further.  
  6. Customize the display of rows and columns as per your needs. You can choose which columns to show or hide based on their preferences

Misconfiguration Findings

To view the misconfigurations detected on your assets, navigate to the Risk Management > Findings page and select Misconfiguration. You can also use group-by options and custom query capabilities. Following is the Misconfiguration data listed on the Findings page:

  • Title: Indicates the rule or misconfiguration name
  • Technology/Category: Indicates Technology and Category of the misconfiguration
  • QVSS Base: Indicates QVSS Base Score, such as High, Critical, Low, and Medium
  • Sources: Indicates the source of the misconfiguration.
  • Impacted Asset: Indicates which asset is impacted
  • Lifecycle Information: Indicates when the issue was first detected and whether it is currently active (Fail)
  • Host Name: Indicates Host name
  • IP Address: Indicates the IP address of the assets,
  • TruRisk™ Score: Represents the score
  • ACS: Indicates Asset Criticality Score

  • Operating System: Indicates Operating System 

The following Misconfigurations screenshot under the Risk Management > Findings > Misconfigurations highlights its columns:

Misconfiguration tab.

View Misconfiguration Finding Details

Click View Details from the Quick Actions menu to view the following details about a specific misconfiguration.

Misconfiguration quick actions.

  • Summary: It displays basic details, reference ID, status, QDS, severity, and a description of the misconfiguration, along with details of the asset on which it is detected.

  • QDS Details: It displays the QDS contributing factors for the misconfiguration:

    • Highest Contributing CVE:- Click the CVE number, and theAdditional Insights display the Technical Attributes, Recency, and Remediation.
    • Associated Malware and Threat Actors: Click on the Malware count to view the data in the Additional Insightssection.
    • Exploitability: It displays the date when the exploitability recently trended. TheRecencysection of the Additional Insights graph displays the time when the CVE trended.
    • Additional Insights: When you click Additional Insights, it displays more information about the vulnerability' s Technical Attributes, Temporal Attributes, Trending, and Remediation. 
  • Detection Details: This section specifies:
    • The detection rationale a logic of how a security vulnerability is identified.
    • Misconfiguration impact and remediation guidance to fix the misconfiguration. 
  • Additional Details: Additional details about control/ CSAM rule and policy that is evaluated on an asset. It is supplementary information that provides further context about the policy and control.
  • MITRE ATT&CK: MITRE Tactics and Techniques associated with the control that was evaluated on an asset.
  • Sources: If the same misconfiguration is detected from multiple sources on the same asset, then this section displays the aggregated record created based on the merge rules and individual source records displaying the multiple sources from where the misconfiguration is detected.

Search Misconfigurations

Search misconfigurations.

  1. Choose Misconfiguration to display misconfiguration data or Asset for asset data.
    You can easily browse the data list and explore details.
    For example, click the Title: EOS: Google Chrome 84.0.4147.125 Stable Channel to view details for that misconfiguration.
  2. The Group By option helps you organize your data.
    For example, you can select Group By Severity and     then click any value listed in the Detection Count column to view the list of assets with the assigned severity.
  3. Use a filter.
    The filter option lets you choose the type of misconfiguration to exclude from the data list.
  4. Use quick filters located in the left navigation.
    The Quick Filters option lets you choose the type of misconfigurations to filter the misconfigurations further.
  5. Use search tokens to further filter the data list.
  6. Download the report.
  7. Toggle the display of the bar chart using  icon.
  8. Customize the display of rows and columns as per your needs. You can choose which columns to show or hide based on their preferences.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: April, 2026