TruRisk Report
TruRisk Report provides a clear and actionable assessment of your enterprise's security posture, highlighting critical vulnerabilities and risks while offering strategic guidance for their mitigation.
Summary of the TruRisk Report
The TruRisk report provides a concise yet comprehensive overview of your organization’s risk posture. Each section highlights different aspects of your security landscape, including:
Key Insights
The TruRisk Summary provides a snapshot of key findings and a high-level actionable recommendations—helping you quickly understand your organization’s risk posture and where to focus your efforts.
| Key Insights | Descriptions |
| TruRisk Contributing Factors |
Gain a detailed breakdown of factors influencing the TruRisk score, such as associated threat actors, external-facing assets, and other risk indicators for selected asset tags. |
| External Asset Landscape | Analyze exploitable assets and critical vulnerabilities, including ransomware vulnerabilities, CISA-listed threats, weaponized exploits, malware, and more. |
| Tags Analysis | Identify the top risky asset tags based on their TruRisk score, helping teams focus on the most critical areas. |
| Asset Landscape | Evaluate the vulnerable asset landscape based on contributing TruRisk factors, providing a clear picture of exposure levels. |
| Assets with Critical TruRisk | Assess high-risk external-facing assets and those with critical vulnerabilities, enabling targeted mitigation. |
| Weekly Insights Assets | Get a seven-day snapshot of assets, tracking newly detected TruRisks and changes over time. |
| Vulnerabilities Landscape | Analyze critical vulnerabilities, their types, affected assets, and patch availability, streamlining remediation efforts. |
| CVSS vs Qualys Detection Score (QDS) | Compare vulnerabilities using CVSS, EPSS (Exploit Prediction Scoring System), and QDS, enabling risk-based prioritization. |
| Weekly Insights Vulnerabilities | View a seven-day summary of newly detected vulnerabilities, helping security teams stay ahead of emerging threats. |
Actionable Recommendations
The Appendix section provides additional security insights, offering deeper visibility into asset risks, vulnerability trends, and exploitability.
| Security Insights | Recommendation |
| Asset Criticality Overview | Understand asset importance and risk exposure based on the Asset Criticality Score (ACS). |
| Risk Distribution | Analyze asset risk levels using score ranges and assess the vulnerability landscape with the Qualys Detection Score (QDS). |
| MITRE ATT&CK® Matrix |
Gain insight into your environment's MITRE ATT&CK® prioritization metrics from an attacker's perspective. Data is currently available only for Detections. |
| MITRE Top 10 Vulnerabilities | Identify the top 10 vulnerabilities linked to MITRE ATT&CK® tactics and techniques. |
| Top 10 CISA Known Exploited Vulnerabilities | Track vulnerabilities that are actively exploited, as identified by CISA. |
| Top 10 Ransomware Vulnerabilities | Pinpoint vulnerabilities frequently targeted by ransomware attacks. |
| Risk Overview |
Identify assets running End of Support (EOS) software and operating systems, along with relevant patch details. This data will only be visible in the report if you have active subscriptions to CyberSecurity Asset Management (CSAM), External Attack Surface Management (EASM), Policy Audit/Policy Compliance and Certificate View. |
| Top 10 Misconfigurations |
Identify the top 10 Security Configuration Assessment (SCA) misconfigurations. This data will only be visible in the report if you have active subscriptions to CyberSecurity Asset Management (CSAM), External Attack Surface Management (EASM), Policy Audit/Policy Compliance and Certificate View. |
| Certificates Posture of your Assets | Assess the security and compliance status of SSL/TLS certificates linked to your IT assets. This evaluation will help identify expired, weak, or misconfigured certificates that could expose your environment to risk. |
| Top Tags with High TruRisk Score | Identify the top risky asset tags from the selected asset tags based on their TruRisk scores. |
| TruRisk Contributing Factors | Identify key factors influencing the TruRisk score. |
About Generating TruRisk Reports
This section covers the prerequisites, navigation flow, and report generation workflow.
Prerequsites
To generate a TruRisk report, you must meet the following prerequisites:
- VMDR subscription with TruRisk feature enabled for the subscription.
- TruRisk report feature is visible and accessible only to Manager Users. Other users, such as scanner users, reader users, and so on, do not have access to this feature.
Report Navigation Flow
Here are the various navigation options available to access TruRisk report generation feature:
| Navigate from | |
| VMDR > Reports > TruRisk Summary Report banner > click Generate Report |  |
| VMDR > Reports > New > TruRisk Report |  |
| VMDR > Dashboard > TruRisk Report banner > click Generate |  |
| VMDR > Dashboard > Platform Inbox > Notifications > click Generate |  |
Report Generation Workflow
Before diving into the report generation workflow, following are the important points to note:
- While generating a report, selecting asset tags is optional. If you do not select asset tags, the contributing risk factors are calculated across all assets.
- If you add recipients, the recipients will receive an email notification when the report is ready to download. If you do not add recipients, the email notification will only go to the account in whose name the subscription is. This user can also download the report from the Reports > Quick Actions menu. This report is only accessible to Manager Users.
To generate a TruRisk Report, perform the following steps:
- Go to the TruRisk Report generation window using any of the methods listed in Report Navigation Flow.
- In the TruRisk Report generation window, perform the following steps:
- Add tags to generate your TruRisk report. You can only add up to 50 tags when creating a report.
If the desired asset tag is not available, you can create a new one to generate the report. For more information, see Add Tags. - Add the email addresses of the recipients. You can also include distribution lists (DL) to send the report to multiple recipients at once.
- Click Get TruRisk Report.
You will receive a notification informing you that once the report is ready, it will be available for download on the Reports Listing page. You can also click the 'click here to view report status' link in the message to open the Reports Listing page.
- Add tags to generate your TruRisk report. You can only add up to 50 tags when creating a report.
Download TruRisk Report
You can view and download TruRisk Reports by navigating to VMDR > Reports > Reports. The TruRisk Reports filter will be applied automatically, displaying all TruRisk Reports in order of their timestamps.
You can download reports that have a 'Finished' status. To download a report, use the Quick Actions menu.
