VMDR Release 2.4
May 12, 2025
New Report: TruRisk
The TruRisk Report delivers a clear, actionable assessment of your organization’s security posture. It highlights critical vulnerabilities and risks while providing strategic guidance to support effective mitigation.
Designed to empower decision-makers at all levels:
-
CISOs: Enables board-level reporting and informed strategic resource allocation
-
Security Teams: Offers focused remediation guidance to maximize impact with existing resources
-
Executives: Provides high-level visibility into security posture without technical complexity
By moving beyond traditional vulnerability metrics and focusing on business-centric security intelligence, the TruRisk Report enables organizations to make informed security decisions aligned with enterprise risk management objectives.
TruRisk Report Summary
The TruRisk Report provides a concise yet comprehensive overview of your organization’s risk posture. Each section highlights a different aspect of the security landscape, including:
- A high-level risk summary
- Deeper insights into asset risks, vulnerability trends, and exploitability
This structured layout helps you quickly understand where your organization stands and where to focus your efforts.
Generate and Share the TruRisk Report
There are multiple ways of generating this report.
| From the Reports tab |
Go to VMDR > Reports > TruRisk Summary Report banner > click Generate Report. Go to VMDR > Reports > open New drop-down> click TruRisk Report. |
| From the Dashboard tab |
Go to VMDR > Dashboard > TruRisk Report banner > click Generate. Go to VMDR > Dashboard > open Platform Inbox > Notifications > click Generate Report. |
When generating a TruRisk Report, you can:
- Select asset tags to tailor the scope of the report.
- Enter email addresses of recipients to share the report via email.
Verify that all email addresses are accurate. If any address is incorrect, the email notification for the generated report may not reach any recipients.
Download the TruRisk Report
Perform the following steps:
- Go to VMDR > Reports > Reports.
- Open New drop-down > click Download.
For more information, refer to the VMDR Online Help.
Enhancements in Vulnerabilities Listing
The following enhancements have been added to the Asset Details section on the Vulnerabilities Listing page:
AgentPlatform Token
Refer to the table below to learn more about the new QQL token added for Asset Details on the Vulnerabilities Listing page and on the Prioritization window.
| Token | Description |
| agentPlatform |
Use this token to identify the operating system on which a Qualys Cloud Agent is installed and actively running. Example Show endpoints where the Qualys Cloud Agent is installed on Windows OS
|
For more information, refer to the VMDR Online Help.
Group By Filter
We have extended support for the Agent Platform to the Group By filter, allowing you to categorize and analyze endpoints based on the platform type (for example, Windows, macOS, Linux) where the Qualys Cloud Agent is deployed. This addition offers more granular reporting and providing insights into platform-specific vulnerabilities and trends.
Enhanced Trending Data
We have enhanced the Trending Data configuration in VMDR dashboards to provide visibility for up to 365 days. This update offers insight into long-term security trends powered by optimized data processing and customizable reporting to support strategic, informed decision-making.
Content Enhancements
We have expanded and improved the documentation for one of our long-supported features, "CISA Known Exploitable Vulnerabilities." We have added a comprehensive new topic that provides in-depth coverage and clarification, ensuring you have a better understanding of its capabilities.
We have also added examples demonstrating how to use vulnerabilities.riskFactor.cisaKEVDueDate Search token.
For more information, see VMDR Online Help.
Issues Addressed
The following reported and notable customer issues are fixed in this release.
| Category/Component | Issue |
| Vulnerability Listing |
We fixed an issue where exporting vulnerabilities data in CSV format showed the first and last detected details in a date format (DD/MM/YYYY or MM/DD/YYYY), but did not include the time (HH:MM) information. This fix will be included in the Qualys Enterprise TruRisk™ Platform 3.21.0 release. |
| Asset Listing |
We fixed an issue where the TruRisk Score displayed in the UI differed from the value shown in the CSV export. This fix will be included in the Qualys Enterprise TruRisk™ Platform 3.21.0 release. |