How to Populate Risk Scores from Qualys and Tenable Scanners in Vulnerability Response<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: block; max-width: ; width: auto; height: auto; } } Overview This article explains how to configure your Vulnerability Response application to retrieve and populate various risk scores from Qualys and Tenable scanners, including: - Qualys Detection Score - Asset Risk Score - Asset Criticality Score - Qualys TruRisk Score Configuring Qualys Detection Score Step-by-Step Configuration Navigate to the REST message configuration for the QualysHostDetectionIntegration.Add the following query parameter to the REST message: show_qds = 1 Result After configuring this parameter: - The Qualys Detection Score (QDS) will be included in every detection response - This score is populated in the Source Detection Score field for each detection - All source detection scores are aggregated and populated in the Source Risk Score field of the vulnerable item Asset Risk Score and Asset Criticality Score For Tenable Scanner No additional configuration is required. The system automatically: - Retrieves the AssetExposureScore from Tenable - Populates this value in both the AssetRiskScore and AssetCriticalityScore fields in the Discovered Item table For Qualys Scanner Navigate to the REST message configuration for QualysHostListIntegration.Add the following query parameter: show_ars = 1 . After configuring this parameter: - Both AssetRiskScore and AssetCriticalityScore will be populated in the Discovered Item table for assets scanned by Qualys Configuring Qualys TruRisk Score Qualys provides an additional TruRisk Score metric that can be valuable for risk assessment. Configuration Steps 1. Navigate to the REST message configuration for the Qualys Host List integration. 2. Add the following query parameter: show_trurisk = 1 (This is configured similarly to the `show_ars = 1` parameter mentioned above) Database Configuration Currently, there is no dedicated column in the Discovered Item table to store the TruRisk Score. To surface this data: Add a new column to the `sn_vul_qualys_host_attrib` table with the following properties: Column label: TRURISK_SCOREColumn name: u_trurisk_scoreColumn type: Integer Verification After adding the column, you can verify that the TruRisk Score is being populated by: Running a Qualys scanChecking the `sn_vul_qualys_host_attrib` tableConfirming the u_trurisk_score field contains valid integer values Summary and Implementation Checklist For Qualys Detection Score Step 1: Configure `show_qds = 1` in QualysHostDetectionIntegration REST message Step 2: Verify Source Detection Score field is populated in detections Step 3: Confirm Source Risk Score is populated in vulnerable items For Asset Risk and Criticality Scores Tenable No configuration needed - scores are automatically populated Qualys Step 1: Configure `show_ars = 1` in QualysHostListIntegration REST message Step 2: Verify AssetRiskScore and AssetCriticalityScore are populated in Discovered Item table For Qualys TruRisk Score Step 1: Configure `show_trurisk = 1` in Qualys Host List integration REST message Step 2: Add new column to sn_vul_qualys_host_attrib table: - Column label: TRURISK_SCORE - Column name: u_trurisk_score - Column type: Integer Step 3: Verify that TruRisk scores are being populated correctly after a scan Troubleshooting If scores are not appearing after configuration: 1. Verify REST message parameters are correctly formatted 2. Check integration logs for any API errors 3. Ensure a new scan has been performed after configuration changes 4. Confirm database schema changes were applied correctly