Prioritizing Product Vulnerabilities for Windows Assets
From the Prioritized Products tab, you can see the total number of detected product vulnerabilities from the last two years. When you click the Prioritized Products tab, you can see the Patch Automation and Risk Reduction Recommendation tabs.
Patch Automation tab: You can see the Prioritized Product report from the Patch Automation tab. The Prioritized Product report proactively helps you to prioritize the current products for patching the Windows assets. You can remediate these vulnerabilities for your Windows assets by creating a job.
Risk Reduction Recommendation tab: You can see a maximum of 50 entries of recommended, latest patches based on the top high and critical QID count. You can achieve a risk reduction on your Windows assets by creating jobs using these suggested latest patches.
Know More about Prioritized Product Report
Viewing Prioritized Product Vulnerabilities
Creating a Job to Remediate Prioritized Product Vulnerabilities
Know More about Prioritized Product Report
- The Prioritized Product report considers superseded and non-superseded patches while calculating the number of vulnerabilities. However, you can add only the non-superseded patches while creating a job.
- The Prioritized Product report considers the software installed in your environment based on logs of patches installed or other system logs. Some patches might apply to multiple app families. Hence, the vulnerability count includes the other app families in the report. For example, some patches fix Internet Explorer and Windows vulnerabilities. In this case, the count is shown for both app families.
- The vulnerabilities listed in the Prioritized Product report are shown in the descending order of the number of vulnerabilities linked to a product.
- The Prioritized Products report shows all the vulnerabilities for a product; however, a user can only patch vulnerabilities for the assets within their scope.
For example, for a total of 100 assets, 245 vulnerabilities are shown for Microsoft, but the user has access to only 50 assets. If so, the user can create a patch job to mitigate vulnerabilities only for 50 assets.
- Generating the Prioritized Products report might take time based on the number of assets in your environment and the associated vulnerabilities. We recommend that you don’t refresh the page or interrupt the request, as the request might time out. Once the report is generated, the report data is stored in the cache for a few hours, ensuring that it will be quicker the next time you access the report.
Viewing Prioritized Product Vulnerabilities
From the Prioritized Products > Patch Automation tab, you can view all vulnerabilities detected in the last two years.
(1) The Actions menu lets you view the related patches or create a new job using the filtered vulnerabilities.
(2) You can use the Filters menu to view vulnerabilities based on severity. Note that the severity is linked to the vulnerability and not the patches. You can apply the filter based on the vulnerability severity.
(3) You can also filter open vulnerabilities by using asset tags. Click the Tags menu and select the preferred tags.
Creating a Job to Remediate Prioritized Product Vulnerabilities
You can filter based on vulnerability severity or Patch Status and create a job using the filtered query. For more information, see Managing Patch Jobs for Windows Assets.
Risk Reduction Recommendation
From the Prioritized Products > Risk Reduction Recommendation tab, You can see a maximum of 50 entries of recommended, latest patches based on the top critical and high QID count. You can achieve a risk reduction on your Windows assets by creating jobs using these suggested latest patches.
Note: The High and Critical QID count is cumulative across all assets. The criticality of the QID depends upon the Qualys Detection Score (QDS).
- For the critical QIDs, the QDS range is 90 - 100.
- For the high QIDs, the QDS range is 70 - 89.
(1) The list of the missing patches is shown for assets tagged with the Cloud Agent tag, which is the default tag. By clicking Tags, you can select the different tags as well.
(2) You can select an individual patch and click Patch Now to create a job that includes the selected patch.
(3) You can select multiple patches and include them in a patch job. To do so, click Actions > Create Job.
(4) You can filter the latest recommended patches based on the product name and get visibility to corresponding critical and high QIDs product-wise. To do so, go to Group By > Product Name.
- When you click the count from the CRITICAL QIDs or HIGH QIDs column, you can see the MAX QDS SCORE column in the pop-up. The Max QDS Score is the score found for assets where the listed QIDs are missing.
- By using the Patch Now option, you can mitigate the vulnerabilities. When you click the Patch Now option, a QQL-based new job is created.