Reading the VMDR Prioritization Report
Using the VMDR Prioritization report, you can detect which vulnerabilities to remediate first. The VMDR Prioritization report contains of two sections: Summary and Details.
Summary
The Summary section of the VMDR Prioritization report displays the findings with the following three sections.
Prioritized AssetsPrioritized Assets
Depending on the asset tags that you choose, the assets are identified for this report. Prioritized Assets is the count of assets out of the total assets with vulnerabilities that meet the combination of the detection age, RTIs, and attack surface you selected.
In the above example, 208 assets matched the selected asset tags. Out of the 208 assets, 83 assets have vulnerabilities that met the combination of the selected Detection Age, RTIs, and Attack Surface.
Prioritized VulnerabilitiesPrioritized Vulnerabilities
The Prioritized Vulnerabilities section displays a summary of prioritized vulnerabilities that are detected on the assets.
Instances: The count indicates the total number of vulnerabilities that meet the combination of the detection age, RTIs, and attack surface you selected.
The count may include multiple occurrences of a single vulnerability (that is a single QID) detected on multiple assets.
In the above example, 3.17K vulnerabilities were detected. Out of the 3.17K vulnerabilities, 301 vulnerability instances met the combination of the selected detection age, RTIs, and attack surface across the 208 assets.
Unique: The count of unique vulnerabilities (excluding duplicate QID instances) out of the vulnerability instances identified/detected.
In the above example, out of the 301 instances, 87 are the unique vulnerabilities.
Available PatchesAvailable Patches
Count of the patches that are available with Qualys. Click Patch Now to initiate the process of patching the vulnerabilities.
Click Details link to view details such as number of vulnerabilities that will be fixed with the available patches, number of assets on which the vulnerabilities is detected and can be fixed with the patches.
- Assets: The count of assets on which the vulnerabilities can be fixed with the available patches. Click on the count to view all the assets in Assets tab below.
- Vuln Instances: The count is the total number of vulnerabilities that meet the combination of the detection age, RTIs, and attack surface you selected that can be fixed with the available patches.
- Unique Vuln: The count of unique vulnerabilities (excluding duplicate QID instances) that can be fixed with the available patches. Click on the count to view all the unique vulnerabilities in the Vulnerabilities tab below.
Note: The Patch Now option is enabled only when Qualys can automatically patch the vulnerability and the Patch Management app is enabled in your subscription.
You can view the patches listed for the operating systems or their missing patches using the Patch Now option. Patch Now supports Windows, Linux and Mac operating systems. For information about Zero-Touch Patch Job, click here.
- Windows/Linux/Mac Patches: Opens the Patch Summary to show details about the patches available for Windows, Linux or Mac. You can create a new job or add the patches to an existing job in the Patch Management module. Follow the instructions on the wizard and initiate the patching process. You can add maximum 200 patches to a single job. You cannot add patches to OnDemand or run-once (non recurring) jobs, once they are enabled.
The following screesnshot is an example of the Windows Patch Summary:
- View Missing Windows/Linux/Mac Patches: Displays the list of missing patches for the prioritized assets and vulnerabilities of Windows, Linux, or Mac. In case you have a free version of Patch Management then you can only view the list of missing patches. You will need to upgrade to the paid version of Patch Management application to initiate deployment job workflows from the Patch Now option.
The following screenshot is an example of View Missing Windows Patches option:
For more information, refer to the online help of the Patch Management application.
Details
The details section includes detailed information about prioritized vulnerabilities, patches and prioritized assets. Use the tabs to toggle between the three views. The Vulnerabilities, Patches, and Assets tabs offer advanced search capabilities using tokens.
The Patch Now button is enabled only for patches available at Qualys and if you have Patch Management app enabled in your subscription.
Tell me how to use the search Tell me how to use the search
You can search with multiple criteria in a single go.
Start typing in the Search field and we'll show you the properties you can search such as vulnerability severity, detection age, etc. Select the one you're interested in.
Click the + sign for a combined Vulnerability and Asset search.
Start typing and we'll show you the asset properties you can search like agentId, agent version, etc. Select the one you're interested in.
Now, enter the value you want to match, and press Enter. That's it! Your matches will appear in respective tab.
Tell me how to use group by optionTell me how to use group by option
Once you have your search results ready, you may want to organize them further into logical groupings. We offer several group by options such as detection age, vulnerability age severity and more.
You'll see the number of unique groupings based on your selection (e.g. 6 unique vulnerabilities) and the number of vulnerabilities per group. Click on any grouping to update the search query and view the matching vulnerabilities.
If you use the Cloud Agent tag in the Prioritization report, you cannot group by the Linux patches using the App Family, Vendor, or Type filters.
