View Risk Elimination for Mitigation

There are two types of Mitigations: 

Fix: This type of mitigation provides a fix for the detected vulnerability that cannot be restored back. for example, uninstalling a service. After such mitigation is applied, the vulnerability status changes to Fix. 

Mitigation: This type of mitigation provides a temporary resolution for the detected vulnerability, for example, blocking a port. After such mitigation is applied, the vulnerability status changes to Mitigated. 

Method 1: View Risk Elimination from VMDR > Vulnerabilties tab

You can navigate to the VMDR > Vulnerabilities tab to view the list of vulnerabilities for the various Windows, Linux, and Mac assets. However, mitigation is available only for Windows and Linux assets. With this workflow, you can select total 200 assets, with one asset for each QID. Both Mitigation and Fix type vulnerabilities are supported in this type of workflow. 

1. On the VMDR > Vulnerabilities tab, you can view the QIDs that have the mitigation jobs available, 
2. The QDS refers to the severity level of the vulnerability for the particular QID. You can click on the score to view more details, such as the trending highest contributing CVE, associated malware and threat actions, and so on. 
3. To mitigate the QID, select it, and from the Quick Actions menu or Actions menu, select the View Risk Elimination option. This option navigates you to the Mitigation > Eliminations tab, where you can mitigate the selected QID. 

Method 2: View Risk Elimination from VMDR > Prioritization tab

You can navigate to the VMDR > Prioritization tab and select the required tag that allows you to select more than 200 QIDs and the associated assets. Only Fix type vulnerabilities are supported in this type of workflow. 

The View Risk Elimination option is enabled only when you select Group By: Vulnerability option. To enable this feature, contact your TAM. 

1. On the VMDR > Prioritization > Reports tab, click Start Prioritizing. Select the required Asset Tags and click Prioritize Now. 
2. Ensure you have the Group By: Vulnerability option selected. Select the required QIDs to be remediated or mitigated, and from the Actions menu, click View Risk Elimination. You will be navigated to the Mitigation > Eliminations tab. 
3. Select the required QIDs and from the Actions menu, select Create Mitigation or Create Remediation Job. The Mitigation Summary window appears. 
   
   
4. If you have multiple platforms associated with the QID,  separate Create Job option are displayed. 
   
   
   
   You can further create the respective mitigation or remediation job for the assets. For more information, see Create Mitigation Job.

Important to Know 

• A QID is mitigated only when all the CVEs associated with it are mitigated. Only then the QID status changes to Mitigated. 
• The color of the QDS score block changes after QID status changes to Mitigated.