Get Started with VMDR
Click to view help navigation


Get Started with VMDR

Vulnerability Management, Detection and Response (VMDR) enables you to discover, assess, prioritize, and identify patches for critical vulnerabilities and misconfigurations in real-time and across your global hybrid-IT landscape all in one solution.

It combines free unlimited asset inventory, vulnerability and configuration assessment, threat risk, and powerful vulnerability prioritization technology, integrated with patch management workflows helping organizations reduce Mean-Time-to-Remediate (MTTR) for vulnerabilities.

Qualys VMDR provides a single solution for internal, external, and PCI scanning needs and directly integrates with ITSM solutions such as ServiceNow to automate vulnerability management.

VMDR starts with asset discovery and inventory to make sure you have an accurate account of all devices in your environment. It performs continuous vulnerability assessments with cloud agents and a variety of sensors and leverages artificial intelligence to instantly assess and prioritize threats based on relevant context.

Know your subscription type

If you are a VM customer, you can be upgraded to experience VMDR features, and you can then choose to purchase VMDR to get additional features.

With this upgrade, you get

Once you purchase VMDR, you will also get

Patches are only deployed if you have a Patch Management subscription.

How does it work?

With VMDR, you will be able to accomplish real-time asset discovery and vulnerability information, prioritizing or shortlisting the vulnerabilities according to the threat intelligence and detecting and deploying the right remedial patches at the click of a button. 

Identify Assets

Start identifying assets by installing Cloud Agents or upgrading existing agents for VMDR. Assign tags to categorize and organize your assets.

Discover Vulnerabilities & Misconfigurations

Our signature database continuously discovers software vulnerabilities and identifies security misconfigurations

Prioritize Threats with TruRiskTM

Run the Prioritization report to prioritize the most critical threats on your assets based on real-time threat indicators and identify what to remediate first. With TruRisk, you can assess the risk scores of your assets and prevent attacks. You can quantify asset risks using TruRisk Score and Qualys Detection Score.

Asset Risk Score is renamed to TruRisk Score.

Remediate with ITSM & to Deploy Missing Patches

VMDR for IT Service Management (ITSM) manages the tracking of open vulnerabilities and remediation mapping by using the ServiceNow ITSM platform. ServiceNow tasks are automatically assigned to the group to deploy the most relevant patches.

Get started by installing Cloud Agents

Start building your inventory by installing Cloud Agents. With our lightweight agents, you’ll get continuous network security updates through the cloud. As soon as changes are discovered on your hosts, they’ll be assessed, and you’ll know about new security threats right away.

You can also identify assets using other methods like Scanners, Passive Sensors, Cloud Inventory, Container Inventory, and Mobile Device Inventory. Learn more about Qualys Cloud Agent. You can check out the tutorial about how to install Cloud Agent:

Manage Asset and Vulnerability Details

Get a complete view of vulnerability posture from an asset and vulnerability point of view. The Vulnerabilities tab lists all the assets identified by cloud agents and sensors. Know more about Manage Asset and Vulnerability Details

Run Prioritization Report

You can use the VMDR Prioritization report to automatically prioritize the riskiest vulnerabilities on your most critical assets – reducing potentially thousands of discovered vulnerabilities to the few that matter.

The VMDR Prioritization report helps you focus resources in the right area to patch the highest-risk vulnerabilities first. It increases your organization's security posture by identifying and remediating the vulnerabilities likely to be exploited in the wild by threat actors.

Deploy Patches

From the Prioritization report, you can view the assets or vulnerabilities that can be patched by Qualys. You can patch the vulnerabilities directly from the report. Know more about deploying patches

 Patches are only deployed if you have a Patch Management subscription.

Customizable dynamic dashboards

Dashboards help you visualize your assets, see your threat exposure, leverage saved searches, and quickly fix the priority of vulnerabilities.   

We have integrated Unified Dashboard (UD) with VMDR. UD brings information from all Qualys applications into a single place for visualization. UD provides a powerful new dashboard framework along with platform service that will be consumed and used by all other products to enhance the existing dashboard capabilities.

You can use the default VMDR dashboard provided by Qualys or easily configure widgets to pull information from other modules/applications and add them to your dashboard. You can also add as many dashboards as you like to customize your vulnerability posture view.

Search all your assets

Use guided search capabilities to help you search all your VM assets anywhere - on-premises, endpoints, and clouds - with 2-second visibility, using powerful search capabilities. Your latest vulnerability and security results are correlated from VM scans, cloud agents, and other sensors.

VMDR for IT Service Management

VMDR for IT Service Management (ITSM) offers you to track open vulnerabilities and map remediation tickets to the respective resolver group.

For this integration, we use the Qualys Core application that manages the connection between ServiceNow and Qualys Vulnerability Management, Detection and Response (VMDR), data import, import schedules, vulnerability detection rules, and service-level agreement (SLA) definition.

Qualys VMDR for ITSM.

Additional Resources