Assets

To navigate to Criticality and TruRisk details using the Assets tab, refer to the following steps:

  1. Select Posture tab.
    The Posture tab with the Controls toggle selected is displayed.
  2. Select Assets.

  3. In the TruRisk Score column, select the score for which you want more details.
    The Asset Details page is displayed.

In the left pane, the TruRisk Score Details tab is selected by default. On this page, the user can view the following:

  • TruRisk Score
  • Level of TruRisk Score (Critical, High, Medium, or Low)
  • Risk contribution factors because of which the TruRisk score is given
  • Business Criticality score
  • Asset Exposure with the right tags
  • Vulnerabilities, Unsanctioned ports, EoS Software, Missing Software, Unauthorized Software, and Misconfigurations tab. The Misconfigurations tab is selected by default.

The Misconfigurations tab displays the controls associated with the asset. You can select a control and view its QDS. To do so, in the QDS column, select the score for which you want more details. The Posture Details page for the control is displayed. For information on QDS, refer to the Controls section.

Understanding TruRisk Score

TruRisk score is the overall risk score assigned to the asset based on the following contributing factors:

  • Asset Criticality Score (ACS)
  • Qualys Detection Score (QDS) scores for each control level
  • Auto-assigned weighting factor (w) for each criticality level of controls

TruRisk Formula for Managed Asset

The TruRisk formula for managed assets includes the number of misconfigurations; the asset with greater misconfiguration gets a higher score. The TruRisk formula for managed assets has the following features:

  • The weighting factor (w) based on the severity of the controls
  • The maximum risk score restricted to 1000
  • The new formula listing the External tags
  • In case of an external asset, the entire TruRisk Score value is multiplied by 1.2

where,

ACS – Asset Criticality Score

W – Weighing factor for each severity level of controls [criticality (C), high (h), medium (m), and low (l)]

Avg(QDS) – Average of Qualys Detection Score for each severity level of controls

np.power – Value of np.power is constant to 0.01

 

 

© Qualys, Inc. All rights reserved. Privacy Policy.