Filters in Assets and Vulnerabilities Details

The filters in the Asset and Vulnerability field of the Vulnerabilities tab help you generate vulnerability findings based on your search criteria. The Filters for these fields are divided into Excluded Vulnerabilities and Scoped Vulnerabilities. The list of Filters in the Asset and Vulnerability field are the same.

The following screenshot is an example of the Filters in the Asset field:

Filters option in the Asset field of the Vulnerability tab.

Excluded Vulnerabilities

The excluded vulnerabilities filter excludes the assets so they don't appear as actionable issues for your vulnerability management program. The Excluded Vulnerabilities have the following types of vulnerabilities:

Information

The Information vulnerabilities are, by default, excluded as they are informative vulnerabilities and do not cause any harm to the asset. To view and identify the list of Informative vulnerabilities, deselect the Information from the Filters and use the token - vulnerabilities.typeDetected: Information

The following screenshot is an example that highlights the vulnerabilities.typeDetected: Information token and the Information filter disabled:

Fixed

The Fixed vulnerabilities are, by default, excluded as these include the list of fixed vulnerabilities. To view the list of fixed vulnerabilities, deselect the Fixed from the Filters and use the token - vulnerabilities.status: Fixed

To get the list of vulnerabilities fixed during a particular span, use a date range or specific date to define when findings were last fixed. For examplevulnerabilities.lastFixed:[2016-01-01 ... now-1M]

The following screenshot is an example that highlights the vulnerabilities.status: Fixed token and the Fixed filter disabled:

Disabled

The Disabled vulnerabilities are, by default, excluded as these include the list of Disabled vulnerabilities. To view the list of Disabled vulnerabilities, deselect the Disabled from the Filters and use the token - vulnerabilities.disabled: True

The following screenshot is an example that highlights the vulnerabilities.disabled: True token and the Disabled filter:

Ignored

The Ignored vulnerabilities are, by default, excluded and do not appear as actionable issues in the asset or vulnerability list. These vulnerabilities do not appear in dashboard reports. To view the list of Ignored vulnerabilities, deselect the Ignored from the Filters and use the token - vulnerabilities.ignored: True

The following screenshot is an example that highlights the vulnerabilities.ignored: True token and the Ignored filter disabled:

Non-Running Kernel

The Non-Running Kernel vulnerabilities exclude the vulnerabilities on the actual Linux kernel. 

To view the list of Non-Running Kernel vulnerabilities, deselect the Non-Running Kernel from the Filters and use the token - vulnerabilities.nonRunningKernel: True

The following screenshot is an example that highlights the vulnerabilities.nonRunningKernel: True token and the Non-Running Kernel filter disabled:

Patch Superseded

If a patch similar to the previously released patch is released, the superseding patch replaces the earlier patch based on the patch-related QIDs. For example, if QID 2 is patched on a given target host and fixes any instances of QID 1 on the same target host, then QID 2 supersedes QID 1.

When you use the Patch Supersedence token, the vulnerabilities found on the host are analyzed. The token results include the QIDs that are flagged on hosts and not if the patches are installed or missing on the host.

The Patch Superseded filter is also available for widgets in the Unified Dashboard application. The filter is available for only the Vulnerability Management application.

Benefits
  • Since the superseding patch replaces all the previous versions, you have a manageable set of vulnerabilities to patch.
  • Endless vulnerability patch cycles can be avoided, thus saving time in patching multiple vulnerabilities individually.
Prerequisites
  • VMDR version: 3.16.2
  • VMSP should be enabled. Contact Qualys Support or TAM for more information.
  • TruRisk should be enabled.

You can also exclude the vulnerabilities by selecting the Patch Superseded option from the Filters drop-down.

To view the list of excluded Patch Superseded vulnerabilities, deselect the Patch Superseded from the Filters and use the token - vulnerabilities.hidePatchSuperseded: True

The following screenshot is an example that highlights the vulnerabilities.hidePatchSuperseded: True token and the Patch Superdeded filter disabled:

Additional Resource

KB article: Patch Supercedence: How it works in detail

Scoped Vulnerabilities

My Scoped Vulnerabilities

The My Scoped Vulnerabilities filter is available only for the Vulnerability Management application. The filter provides the list of assets tagged for a specific vulnerability from the Roles and Scopes section of the Qualys Administration application. You can view or edit the Roles and Scopes from the existing user or create a new user from the Qualys Administration application. 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.