VMDR Incidents
You can view the incidents categorized based on incidents assignment, that is, incidents assigned to you and your group, based on the status of the incidents, that is, open or fixed.
- The administrators can view all vulnerability Incidents in all statuses.
- If you are a part of a remediation team, you can view only the incidents that are assigned to your own group.
View Vulnerability Incident Details
You can view a list of all the vulnerability incidents that are created in the application.
You can click a vulnerability incident number to view details of the vulnerability incident. You can view basic information about a vulnerability incident, such as the incident number and status, Qualys detection ID, associated connector, vulnerability status, and assignment details.
Host Information provides host and host network information.
Vulnerability Details provides details of a vulnerability that is available from Qualys VMDR.
The Detection tab provides the detection logic, type of vulnerability, tracking method and results of the detection.
The Detection tab also provides details of scan dates.
You can add notes to the ticket in the Notes/Activity tab. Any changes or updates in the incidents is also seen in the Notes/Activity tab.
On the vulnerability incidents page, you can also view additional details, such as, recent vulnerability scans, other open incidents on the same host, open incidents for the vulnerability that is selected, and SLA for the selected incidents.
Update incidents
You can update the incidents's state to Resolved. When the vulnerability's status is fixed, the incident state is automatically updated to Closed.
You can check whether the vulnerability is remediated completely in the following ways.
- If the Qualys agent detects the vulnerability, it polls every four hours. If the vulnerability is remediated, its status is updated to Fixed.
- If a virtual scanner detects a vulnerability, the change in the vulnerability status is updated during the next scanning.