Qualys Enterprise TruRisk™ Platform (VMDR)
Limited Customer Release Notes
Version 2.3
April 01, 2025
What is a TruRisk™ Report
In this release, we have introduced a new type of report, the TruRisk™ Report. This report provides a clear and actionable assessment of your enterprise's security posture, highlighting critical vulnerabilities and risks while offering strategic guidance for their mitigation.
The TruRisk™ Report empowers decision-makers at all levels:
- CISOs: Support for board-level reporting and strategic resource allocation
- Security Teams: Focused remediation guidance that maximizes impact with available resources
- Executives: Clear visibility into security posture without technical complexity
By moving beyond traditional vulnerability metrics to business-centric security intelligence, the TruRisk™ Report enables organizations to make informed security decisions aligned with enterprise risk management objectives.
What Insights Does This Report Offer
Key Insights in the TruRisk™ Report
The report provides the following insights:
| Key Insights | Descriptions |
| TruRisk™ Contributing Factors |
Gain a detailed breakdown of factors influencing the TruRisk™ score, such as associated threat actors, external-facing assets, and other risk indicators for selected asset tags. |
| External Asset Landscape | Analyze exploitable assets and critical vulnerabilities, including ransomware vulnerabilities, CISA-listed threats, weaponized exploits, malware, and more. |
| Tags Analysis | Identify the top risky asset tags based on their TruRisk™ score, helping teams focus on the most critical areas. |
| Asset Landscape | Evaluate the vulnerable asset landscape based on contributing TruRisk™ factors, providing a clear picture of exposure levels. |
| Assets with Critical TruRisk™ | Assess high-risk external-facing assets and those with critical vulnerabilities, enabling targeted mitigation. |
| Weekly Insights Assets | Get a seven-day snapshot of assets, tracking newly detected TruRisk™s and changes over time. |
| Vulnerabilities Landscape | Analyze critical vulnerabilities, their types, affected assets, and patch availability, streamlining remediation efforts. |
| CVSS vs Qualys Detection Score (QDS) | Compare vulnerabilities using CVSS, EPSS (Exploit Prediction Scoring System), and QDS, enabling risk-based prioritization. |
| Weekly Insights Vulnerabilities | View a seven-day summary of newly detected vulnerabilities, helping security teams stay ahead of emerging threats. |
Risk Reduction Recommendation
The Appendix section of the TruRisk™ Report provides additional security insights, offering deeper visibility into asset risks, vulnerability trends, and exploitability.
| Security Insights | Recommendation |
| Asset Criticality Overview | Understand asset importance and risk exposure based on the Asset Criticality Score (ACS). |
| Risk Distribution | Analyze asset risk levels using score ranges and assess the vulnerability landscape with the Qualys Detection Score (QDS). |
| MITRE ATT&CK® Matrix | Gain insight into your environment's MITRE ATT&CK® prioritization metrics from an attacker's perspective. |
| MITRE Top 10 Vulnerabilities | Identify the top 10 vulnerabilities linked to MITRE ATT&CK® tactics and techniques. |
| Top 10 CISA Known Exploited Vulnerabilities | Track vulnerabilities that are actively exploited, as identified by CISA. |
| Top 10 Ransomware Vulnerabilities | Pinpoint vulnerabilities frequently targeted by ransomware attacks. |
| Risk Overview | Identify assets running End of Support (EOS) software and operating systems, along with relevant patch details. |
How Do You Access this Report
Here are the various navigation options available to generate the TruRisk™ Report:
- Navigate to VMDR > Reports > TruRisk™ Summary Report banner > click Generate Report.
- Navigate to VMDR > Reports > New > TruRisk™ Report.
- Navigate to VMDR > Dashboard > TruRisk™ Report banner > click Generate.
- Navigate to VMDR > Dashboard > Platform Inbox > Notifications > click Generate.
When you generate a TruRisk™ Report, providing an email allows the report to be sent directly to that address. You can also download it from the Reports > Quick Actions menu. This report is only accessible to Manager Users.
What Are the Steps to Generate This Report
To generate this report, perform the following steps:
- Use one of the various navigation options listed in this section to generate this report.
- Click Generate Report.
- In the TruRisk™ Report window, perform the following steps:
- Select asset tags when generating a TruRisk™ Report, though this step is optional. If no tags are selected, the report will be generated based on all assets in your subscription.
- Add recipients to send the report as a PDF; this step is optional.
- While your report is being generated, you will receive a UI notification indicating that it will be available on the Report Listing page once ready. You can also click the URL to view the report status.
- Navigate to Reports. In the Reports tab, filter by TruRisk™ Reports.
- Locate your report in the Report listing. Hover your mouse to see the Quick Actions menu.
- Click the Quick Actions menu and then click Download. The report will be downloaded to your local system.
