TruRisk Mitigation

TruRisk Mitigation is integrated to strengthen risk management capabilities. Using the MTG application, you can mitigate vulnerabilities on Windows and Linux assets by creating mitigation jobs using actions and scripts. The mitigation and remediation counts on the Vulnerabilities Details page, previously accessible only to a limited set of VMDR users, are available to all users, regardless of their Patch Management or TruRisk Mitigate subscription status. This enhancement applies solely to vulnerabilities identified by Cloud Agents.

This provides greater visibility into vulnerability remediation strategies, empowering teams to address CISA Known Exploited Vulnerabilities (KEVs) proactively. 

TruRisk Mitigation and Remediation: Know the Difference

The vulnerability results matching the new QQL token now display two additional icons: one for Mitigation and one for Remediation, each showing their respective vulnerability counts.

• Mitigation: When a vulnerability cannot be patched, choose the Mitigation option to apply compensating controls that reduce risk exposure.
  
• Remediation: To remediate a vulnerability, choose the Remediation option and apply the required patch or fix.
  

This approach ensures that vulnerabilities are addressed directly or their associated risks are minimized.

To address CISA's Known Exploited Vulnerabilities (KEVs) and ransomware threats, an active TruRisk Eliminate™ subscription is necessary. For more details, read our blog or contact your Technical Account Manager (TAM).

Search Token

To view mitigable vulnerabilities, use this token.

vulnerabilities.qualysMitigable 

Use the values true | false to indicate whether Qualys can mitigate a detected vulnerability.

Example

Show findings with vulnerabilities that can be mitigated

vulnerabilities.qualysMitigable:TRUE

View Risk Elimination for Mitigation

There are two types of Mitigations: 

• Fix: This type of mitigation provides a fix for the detected vulnerability that cannot be restored. For example, uninstalling a service. After such mitigation is applied, the vulnerability status changes to Fix. 
• Mitigation: This type of mitigation provides a temporary resolution for the detected vulnerability, for example, blocking a port. After such mitigation is applied, the vulnerability status changes to Mitigated. 

You can navigate to the VMDR > Vulnerabilities tab to view the list of vulnerabilities for the various Windows, Linux, and Mac assets. However, mitigation is available only for Windows and Linux assets. With this workflow, you can select a total of 200 assets, with one asset for each QID. Both Mitigation and fix-type vulnerabilities are supported in this type of workflow. 

To eliminate risk, perform the following steps:

1. Go to the VMDR > Vulnerabilities tab. You can view the QIDs for which mitigation jobs are available. 
2. In the Assets column, click an asset. The Asset Details page displays.
3. Go to the Security section, click VMDR Vulnerabilities, and then click View All. 
4. To mitigate the QID, locate it, and then from the Quick Actions menu or Actions menu, click View Risk Elimination. This option navigates you to the Mitigation > Eliminations tab, where you can mitigate the selected QID.