Prioritize using Age, RTI, and Attack Surface

Qualys offers you an option to prioritize and remediate vulnerabilities based on filters like Age, Real-Time Threat Indicators (RTI), and Attack Surface.

Prerequisite:- Before you start generating the VMDR Prioritization report, ensure that:

  • You have gathered the vulnerability posture for the assets. You could build your asset inventory using Cloud Agents or other methods such as Scanners, Passive Sensors, Cloud Inventory, Container Inventory, and Mobile Device Inventory. Learn more
  • You have the Create Report global permission for your user role. Contact your manager if you do not have adequate permissions.

Perform the following steps to generate Prioritize report using Age, RTI, and Attack surface parameters:

  1. In the Prioritization tab, click Reports.
  2. Click Start Prioritizing.
  3. Select at least one Asset tag to display the prioritized list of vulnerabilities associated with the assets.
  4. Click Arrow button to proceed with VMDR prioritization report. to proceed with Prioritization. Show meShow me

    Select asset tags to shortlist the assets to be considered for prioritization.

  5. In the Asset Tags section, from Include and Exclude menu, select one of the following options:
    •    Any: to include or exclude all assets that might have any of the selected tags
    •    All: to include or exclude only those assets which have all the selected tags
  6. Select Detection or Vulnerability in the Age bar graph
    •  Detection: is based on when the vulnerability was first detected (by a scanner or cloud agent). Select detection age ranges (0-30, 31-60, etc.) to include in the report. For example, select 180+ to prioritize vulnerabilities that have been active in your environment the longest.
    •  Vulnerability: it is the number of days since the vulnerability was disclosed. Select detection age ranges (0-30, 31-60, etc.) to include in the report. For example, select 0-30 to include the vulnerabilities that have been recently disclosed.
    Detection Age
  7. In the Real-Time Threat Indicators (RTI) parameter, select the indicators from the Potential Impact or Active Threats. You can toggle between the options Match Any (logical OR) and Match All (logical AND) for the selected RTI filters.
    •  Match Any: Vulnerabilities that match at least ONE of the selected RTIs are picked for prioritization. For example, if you opt for Match Any and select three Potential Impact RTIs and two active threats, we prioritize all the assets that are detected with at least one of the five selected vulnerabilities.
    •  Match All: Vulnerabilities that match ALL of the selected RTIs are picked for prioritization. For example, if you opt for Match All and select three Potential Impact RTIs and two active threats, we prioritize only those assets that are detected with all five selected vulnerabilities.

      For information on each individual RTIs, see the KB article

    RTI
  8. In the Attack Surface parameter, select the filters to remove vulnerabilities from the report that are not the highest priority.

    For information about Attack Surface, see the Attack Vectors

    RTI

  9. Click Prioritize Now to enable the threat intelligence to prioritize the riskiest vulnerabilities on your network for the assets you selected.

    The filters for Threat Prioritization Report

Once you generate the report, you could proceed with patching the vulnerabilities (if the Patch Management application is enabled in your subscription), export the report in the form of a widget to your dashboard, or download the report in CSV format.

A patch job can contain only 50 asset tags in a single job. Ensure that you modify the Prioritization Report to patch the vulnerabilities.

Related Topics