CIS - VR
Configure Vulnerability integrations
A process that pulls report data from a thirdparty system, generally to retrieve vulnerability data.
You can compare vulnerability data to CIs and software identified as VR's?
Asset Management module
CVSS
Common Vulnerability Scoring System — an open framework for communicating the characteristics and severity of software vulnerabilities.
CVE
Common Vulnerability and Exposure — a dictionary of publicly known information-security vulnerabilities and exposures.
CWE
Common Weakness Enumeration — a list of software vulnerabilities
Vulnerability > Open
Lists all open vulnerability groups
Vulnerability > Assigned to me
Lists all vulnerability groups assigned to you.
Vulnerability > Vulnerability Group
Lists all vulnerability groups.
Vulnerable items
Pairings of vulnerable entries, downloaded from the NIST NVD or third-party integrations, and potentially vulnerable configuration items and software in your company network.
Vulnerabilities
Records of potentially vulnerable software downloaded from the National Institute of Standards and Technology (NIST) NVD or thirdparty integrations.
Discovery models
Software models used to help normalize the software you own by analyzing and classifying models to reduce duplication.
a) sn_vul.admin b) sn_vul.vulnerability_read c) sn_vul.vulnerability_write d) sn_vul.vulnerability_admin e) sn_vul.vulnerability_report
The Vulnerability Response application provides which roles by default? (Select all that apply)
Vulnerability groups and group rules
Used to group vulnerable items based on vulnerability, vulnerable item conditions, or filter group.
sn_vul.admin, sn_vul.vulnerability_write, sn_vul.vulnerability_read, sn_vul.vr_import_admin
What roles are installed with VR plugin?
Vulnerability calculators and calculator groups
s Calculators used to prioritize and categorize vulnerabilities based on user-defined criteria.
What role is required to define a VR SLA?
sn_vul.vulnerability_admin
What role is required to define a VR email template?
sn_vul.vulnerability_admin
When the Qualys Cloud Platform integration is installed, which the following rules are available
sn_vul_qualys_host_id, sn_vul_qualys_id, , all of the above, none
With Vulnerability Response you can do the following:
• Configure vulnerability groups, CI identifiers, notifications, and SLAs. • Update your system from the vulnerability databases on demand or by running userconfigured scheduled jobs. • Configure integrations to import data from internal and external sources. If the Qualys Vulnerability Integration plugin is activated and configured, Vulnerability Response can receive vulnerability data from the Qualys scanner in the form of vulnerabilities and vulnerable items. • Create changes, problems, and security incidents from vulnerability groups. • Edit vulnerable items in bulk. • View the library of Common Weakness Enumeration (CWE) records from the NVD to understand how they relate to the Common Vulnerability and Exposure (CVE) records. Knowledge articles associated with the CWEs are included for reference. • Create and view reports.