What is Qualys Threat Protection and how do I use it?

Overview

Threat Protection (TP) is one of the Qualys modules presently available under our license. TP cross-references information from threat intelligence feeds with IT inventory so that you can prioritize vulnerability management based on active and potential threats.

How to Use Threat Protection

To access Threat Protection, from the upper left-hand corner of the console click on the pull-down that defaults to VMDR and select "TP - Threat Protection."

where to find V M D R Vulnerability Management

 

The V M D R drop-down menu highlighting Threat Protection

Please note that the modules listed may change over time as Qualys modifies its service offerings and as our license changes. 

When Threat Protection loads, it will open to the Live Feed screen. This is a listing of the newest high and medium/low rated threats that are evaluated by Qualys. This is a great place to keep up to date on the newest threats. In addition to a count of vulnerable assets which lists to the list of assets, each TP card contains information about the vulnerability, such as a CVE number (if the threat has one), a description of the vulnerability, how the vulnerability is being exploited and the unique QID Qualys uses to track the vulnerability.

example of live feed screen

The other parts of Threat Protect are the Dashboard and Assets tabs. These are also useful tools for tracking vulnerabilities. We will start with the Assets tab. Click on the word Assets at the top of the page

highlighting the assets button in the navigation

The Assets page shows us all the assets in the system you are able to view. Clicking on the Asset Name will bring up detailed information about that asset based on the last scan or the latest information available from the Qualys Cloud Agent. This window allows you to view details about the asset ranging from the software installed on it, vulnerabilities reported from it, and even information on the latest patches available for this device.

example asset summary screen

At the top of the Asset page, you can see a search bar and a group by dropdown. The group by drop-down gives you various ways to organize the assets on this page. The search bar allows you to use various parameters to look for specific IP addresses, CVE numbers, vulnerabilities, or even operating systems.

Complete information on how to use the search bar.

highlighting the Assets Tab

Right above the search bar, in the upper right, you will see a button that says “create widget”. Widgets are visual representations of various data points found throughout Qualys. To see an example of this, as well as where you can find your widgets, go to the Dashboard by clicking on the Dashboard button on the upper left.

identifying the Dashboard button

The Dashboard is a collection of Widgets that you can modify, create, or pull from a search or article in order to give yourself a quick overview of assets and vulnerabilities. The large button that says Asset Overview will allow you to choose a dashboard to see, each of these is made of different widgets so you have a variety of data available to you. You can also click the “Add Widget” button which brings up a variety of pre-made widgets. You can also click “create a custom widget” to make your own widget!

view of the Asset Overview button

Example add a new widget screen

The custom widget module allows you to enter a search query string to create a custom data set. You can also just take a search you’ve done on the assets page and click on the Create widget button and it will automatically turn your search string into a widget.

example screen to select data for your widget