Qualys Insights

Qualys Insights consolidates malware detection data from various risk factors in the Asset and Vulnerability fields. Using this data, you can get the list of assets that are at risk and take action on the affected assets. The assets and risk factors displayed in widgets simplify and fasten your search by allowing you to customize or append the existing queries. Qualys Insights option is available if you have a Variable "vmdr_short" is not defined full subscription. 

Asset Widgets in Qualys Insights

  • TruRisk > 700: Displays the number of assets with a TruRisk Score of 700 or above.
  • Asset Criticality Score > 4: Displays the number of assets with an Asset Criticality Score of 4 or above 4.
  • Public Facing Assets: Displays the number of assets with Shodan, External, EASM, or Internet Facing Assets tags. 
  • Not Scanned - 30 days: Displays the number of assets that did not undergo a scan from the last 30 days. 

The following screenshot displays the Qualys Insights for the Asset field with the sample asset values:

Qualys Insights for Asset fields

Vulnerability Widgets in Qualys Insights

  • CISA KEV: Displays the number of CISA Known Exploited Vulnerability (KEV) detected out of the total number of detections. 
  • Ransomware Vulnerabilities: Displays the number of ransomware vulnerabilities and exposures detected out of the total number of detections.
  • Critical Patchable Vulnerabilities: Displays the number of vulnerabilities between the detection score 90-100 and are Qualys patchable. 
  • Critical Vulnerabilities: Displays the number of vulnerabilities between detection scores 90 to 100. 

The following screenshot displays the Qualys Insights for the Vulnerability field with the sample vulnerabilities values:

Qualys Insights for Vulnerability field

Example: View the Asset lists with Criticality Score 4 or above

Perform the following steps to view Asset Criticality Score > 4 widget data:

  1. From the Variable "vmdr_short" is not defined application click the Vulnerabilities tab.
  2. Click the Asset field. In this example, the Total Assets are 1.94K

    Total Assets count, in the Asset field.

  3. Click View Qualys Insights or Toggle Graph  

    toggle graph

  4. Click the Asset Criticality Score > 4 widget. Qualys Query Language (QQL) gets generated in the Asset query field. The Total Assets value changes from 1.94K to 1.91K as this value is of only those assets with a criticality score between 4 and 5.

    Asset Criticality widget example, in the Asset field.

Example: View the list of QIDs with CISA KEV

Perform the following steps to view the CISA KEV detections:

1. From the Variable "vmdr_short" is not defined application, click the Vulnerabilities tab.

2. Click the Vulnerability field. In this example, the Total Detections are 17.7K

Total Detections count, in Vulnerability field.

3. Click View Qualys Insights or Toggle Graph  toggle graph

4. Click the CISA KEV widget. Qualys Query Language (QQL) gets generated in the Vulnerability query field. The Total Detections value changes from 17.7K to 324 as it lists the value of CISA KEV detections only. 

CISA KEV example, in Vulnerability field.

Example: View Assets with TruRisk Score above 700 with Critical Patchable Vulnerabilities

1. From the Variable "vmdr_short" is not defined  application, click the Vulnerabilities tab.

2. Click View Qualys Insights or Toggle Graph  toggle graph

3. Click the Asset field and select the TruRisk > 700 widget.

4. Click the Vulnerability field and select the Critical Patchable Vulnerabilities widget.

This example lists 12 Assets with a risk score of 700 or above and has 103 Detections.

Qualys Insights for Asset and Vulnerability.

Example: Appending and Customizing Queries using Widgets

Along with using Qualys Insights widgets, you can also customize the queries. This results in a filtered and easily accessible search of assets and detections. In the following example, along with the Qualys Insights widgets, we have appended and customized the Asset query:

1. From the Variable "vmdr_short" is not defined  application, click the Vulnerabilities tab.

2. Click View Qualys Insights or Toggle Graph  toggle graph

3. Click the Vulnerability field and select the Critical Patchable Vulnerabilities widget.

4. Click the Asset field and select TruRisk > 700 and Not Scanned - 30 days widget. Customize the query by adding another asset token. We added the `operating.system:Windows` token in this example. Note that the `AND` operator divides the entire Asset query. Thus, appending and customizing the query changes the values of the Total Assets and Total Detections. See the following screenshot for reference:

Combined result of assets and detections.