What is VMDR?
Vulnerability Management, Detection, and Response (VMDR) empowers you to provide a secure infrastructure to the organization you always envisioned. It is a single solution that quantifies risk and gradually reduces it with various solutions embedded within VMDR. It instantly discovers, assesses, and prioritizes threats in real-time across global, hybrid, remote IT, or Internet of Things (IoT) environments.
Implementing VMDR in your infrastructure starts with asset discovery and inventory. Ensure you have an accurate account in your environment to secure your discoverable assets.
Benefits of VMDR
- Discovery of every asset in the infrastructure, including unmanaged assets appearing on the network.
- Inventory of all the hardware and software, tags, and much more using the Qualys Query Language (QQL).
- Summarized information about the vulnerabilities based on the TruRisk factors
- Consolidated data using Qualys Insights to get an enhanced view
- The Prioritization feature, VMDR identifies and remediates the vulnerabilities in your business
VMDR Concepts and Terminologies
Following are some of the common concepts and terminologies that you might come across while using VMDR:
| Terms | Description |
| ACS | ACS is an acronym for Asset Criticality Score. ACS has a criticality range from 1 to 5 and is calculated based on the asset tags assigned. For more information, see Understanding Asset Criticality Score. |
| Dashboard | Dashboard visualizes a graphical summary of data such as vulnerabilities, assets, and other information. You can perform multiple actions in the dashboard, such as print dashboard, report scheduling, and version history. For more information, see Manage Dashboards. |
| QDS | QDS is an acronym for Qualys Detection Score. It is assigned to vulnerabilities detected by Qualys. This score needs to be one of your focus points while prioritizing vulnerabilities. QDS has a range from 1 to 100, divided into Critical (90-100), High (70-89), Medium (40-69), and Low (1-39). For more information, see Understanding the Qualys Detection Score. |
| QID | QID is an acronym for Qualys Identification. QID is a unique Qualys ID assigned to the vulnerability. |
| QQL | QQL is an acronym for Qualys Query Language. Using QQL, you can search queries to retrieve information from the Qualys database. The query is a string of attributes called search tokens. For more information, see Search Tokens for VMDR. |
| Tags | Tags are a flexible and scalable method to discover and organize assets in your infrastructure. For more information, see Configure Tags. |
| TruRisk Score | TruRisk Score is a framework that allows you to identify the riskiest asset in your organization. Asset Criticality is the primary factor when the TruRisk score determines an asset's risk. For more information, see Prioritize Vulnerabilities using Qualys TruRisk. |
| Widgets | Data displayed in dashboards is summarized using the widgets. You can use widgets such as Numerical, Bar, Table, and TruRisk Score to display specific information. Widgets can be added to new or existing dashboards. For more information, see Knowing Widgets. |
Additional Resources