You can easily alert on active security threats using Threat Protection Real-Time Threat Indicators (RTI). Configure a vulnerability rule and select the indicators you want to alert on (under vulnerability criteria).
Not seeing these options? Threat Protection RTI options are only available to Threat Protection users with Trial or Full subscriptions.
Zero Day |
An active attack has been observed in the wild and there is no patch from the vendor. An active attack is a prerequisite for this RTI in addition to no patch from the vendor. If a vulnerability is not actively attacked this RTI will not be set (even if there is no patch from the vendor). If a patch becomes available Qualys will remove the Zero Day RTI attribute which helps users to focus only on vulnerabilities that are actively exploited and there is no official patch. |
Public Exploit |
Exploit knowledge is well known and working exploitation code is publicly available. Potential of active attacks is very high. This attribute is set for example when PoC exploit code is available from Exploit-DB, Metasploit, Core, Immunity or other exploit vendors. This RTI does not necessarily indicate that active attacks have been observed in the wild. |
Active Attacks |
Active attacks have been observed in the wild. This information is derived from Malware, Exploit Kits, acknowledgment from vendors, US-CERT and similar trusted sources. If there are no patches available from the vendor, Qualys will also mark it as Zero Day. |
High Lateral Movement |
After a successful compromise, the attacker has high potential to compromise other machines in the network. |
Easy Exploit |
The attack can be carried out easily and requires little skills or does not require additional information. |
High Data Loss |
Successful exploitation will result in massive data loss on the host. |
Denial of Service |
Successful exploitation will result in denial of service. The vulnerability payload could overload or crash the compromised systems so that they become permanently or temporarily unavailable. |
No Patch |
The vendor has not provided an official fix. |
Malware |
Malware infection has been associated with this vulnerability. |
Exploit Kit |
Exploit Kit has been associated with this vulnerability. Exploit Kits are usually cloud based toolkits that help malware writers in identifying vulnerable browsers/plugins and install malware. Users can also search on Exploit Kit name like Angler, Nuclear, Rig and others. |
Wormable |
Wormable has been associated with this vulnerability. The vulnerability can be used in “worms” - malware that spreads itself without user interaction. |
Predicted High Risk |
Predicted High Risk has been associated with this vulnerability. Qualys Machine Learning Model predicted this vulnerability as a High Risk based on various data sources including NVD, Social network, Dark web, Security Blogs, Code repository, Exploits etc. |
Unauthenticated Exploitation |
Exploitation of this vulnerability does not require authentication. |
Privilege Escalation |
Successful exploitation allows an attacker to gain elevated privileges. |
Remote Code Execution |
Successful exploitation allows an attacker to execute arbitrary commands or code on a targeted system or in a target process. |