Create Rules and Actions from Responses tab

The Responses tab in the VMDR application allows you to set up rule based alerting for the resources that might fail certain critical evaluations and thus helps in fixing resource misconfigurations. Instead of monitoring the system actively, using these alerts, you can be aware of changes or significant findings as soon as the rules are met.

Benefits

  • Triggers alerts using alerting tokens in the Rule Query.
  • Receive alerts using the Trigger Criteria such as Single Match, Time-Window Count Match, and Time-Window Scheduled Match.
  • Notifies alerts via Email or Slack messages.

Prerequisites

  • Contact your Technical Account Manager to enable this feature for your subscription.
  • Permissions: The permissions are assigned from the Qualys Administration application.
    • Manager: The Manager role has all the permissions to create, edit, view, and delete the rules.  
    • Reader and Unit Manager: The Reader and Unit Manager roles have permissions to view the rules. 

Related Topics

Alerting Tokens in VMDR

Use the following tokens to define alerting search criteria for Assets, RTIs, and Vulnerability in the Rule Query of the Responses tab:

Generic Tokens

The order of precedence to use the operators is NOT, AND, OR. However, you can use the parenthesis to override the precedence.

Alerting Tokens for Assets

Alerting Tokens for Real-Time Threat Indicators (RTI)

Alerting Tokens for Vulnerability