Vulnerability Details

Under the Vulnerabilities tab, select Vulnerability to view the vulnerabilities detected on your assets. You can also use the various metadata filters, Group by options, and custom query capabilities.

Choose Vulnerability to view the vulnerabilities detected on your assets.

 You can download the vulnerability records if the list of vulnerabilities exceeds 200 per asset. The download is limited to 10,000 vulnerability records.

Following are some of the columns listed on the Assets page:

  • QID: The QID is the unique Qualys ID number assigned to the vulnerability. The QID column lists the vulnerability's unique number.  

  • Title:- The Title column lists the vulnerabilities detected on the assets.

  • QDS:- The QDS column lists the score assigned to Qualys detection. This score is the  Qualys Detection Score (QDS) and can range from 1 to 100, categorized into four severity levels. For more information, refer to Understanding Qualys Detection Score.

  • Severity:- The Severity column depicts the severity of the vulnerability. The severity value can be set by the user and by Qualys. For information about customer and Qualys severity, refer to Customer and Kb Severity Level.

  • Asset:- The Asset column shows the asset name on which the vulnerability was detected. Click the asset to view the Asset Details.

  • Tags:- The Tags column lists the tags you applied to assets. For more information about adding tags to the list in the Tags column, refer to Add Tags

View Vulnerability Details

From the QID column, select the QID to view the complete vulnerability information.

  • Detection Summary:- It displays asset details, tags, vulnerability results, vulnerability description, and detection logic.

  • QDS Details:- It displays the Contributing Factors for an asset. The QDS contributing factors for an asset are:

  • Highest Contributing CVE:- Click the CVE number, and the Additional Insights will display the Technical Attributes, Recency, and Remediation.
  • Associated Malware and Threat Actors:- Click on the Malware count to view the data in the Additional Insights section.
  • Exploitability:- It displays the date when the exploitability recently trended. The Recency section of the Additional Insights graph displays the time when the CVE trended.
  • Additional Insights:- When you click Additional Insights, it displays more information about the vulnerability's Technical Attributes, Temporal Attributes, Trending, and Remediation

QDS details.

Search Vulnerability Details

Our Vulnerabilities tab gives you an integrated, incremental search and browse experience to help you find all about your assets.

Choose Vulnerability to display vulnerability data or Asset for asset data. You can easily browse the data list and explore details. For example, click the QID 105170 to view details for that vulnerability.

Highlighted the Vulnerability tab that lists the vulnerabilities.

The Group By option helps you organize your data. For example, you can select Group By Severity and then click any value listed in the Detection Count column to view the list of assets with the assigned severity.

Using the group by option and sorting the vulnerabilities as 
per the severity.

The Filters option lets you choose the type of vulnerabilities to filter the vulnerabilities further.

Additional filter option to further narrow down search of 
vulnerabilities.

You will get a listing of severity 5 vulnerabilities. Notice the query selector shows your query.

Use of tokens to search vulnerabilities by their severity.

You will notice now that you have fewer total vulnerabilities (in this case, 68) Use the metadata filters on the right to narrow your search further. For example, select Windows 2012

Using the left pane filters of operating system packs to narrow down vulnerabilities.

Using the query box, you can add more query logic. For example, say you want to see only New vulnerabilities. Just type "and" , then start typing "status". Pick the token name vulnerabilities.status. Choose the token value ACTIVE and view syntax help on the right to help you form your query. Hit return to run the query when you are ready.

Token options for vulnerability status and you can choose from the options displayed to complete your search query.

Easily add another query by clicking . This way you'll search the vulnerability index and the asset index. The queries in the 2 boxes uses the AND operator together. Hit return when you are ready to run the queries. Our sample queries further narrowed results and we have 2 total vulnerabilities.

Formation of multiple queries for assets and vulnerabilities.

Using our advanced search capabilities, you can easily create robust queries using the many available search tokens. Looking for help with how to search? Click here

Using our Search Query menu search action menu options, you can easily view the frequently-used QQL queries and save and manage them. You can create widgets from frequently used queries for easy reference in the future. Looking for the different actions on the search queries, see  Search Actions.

You could also export the search results to your local system and share them with other users. You can export results in CSV format. It just takes a minute to export search results. Click the download Download button button.

The download button used to download the vulnerability details in CSV format.

You can download vulnerability data based on CVE or QID. Additionally, you can select specific check boxes based on the data you want to download.

Vulnerabilities Download

Contact Qualys Support if the CVE and QID options are not displayed in the Download formats window.

Click Download. The details are downloaded in CSV format.

Using the Group by Vulnerability option to download the vulnerability data, you can only download the data based on selected QID fields. The report contains the asset data on which the QID is detected.

Group by Vulnerability