Threat Protection RTI

You can easily alert on active security threats using Threat Protection Real-Time Threat Indicators (RTI). Configure a vulnerability rule and select the indicators you want to alert on (under vulnerability criteria).

Not seeing these options? Threat Protection RTI options are only available to Threat Protection users with Trial or Full subscriptions.

Real-Time Threat Indicators (RTI)

Zero Day	An active attack has been observed in the wild and there is no patch from the vendor. An active attack is a prerequisite for this RTI in addition to no patch from the vendor. If a vulnerability is not actively attacked this RTI will not be set (even if there is no patch from the vendor). If a patch becomes available Qualys will remove the Zero Day RTI attribute which helps users to focus only on vulnerabilities that are actively exploited and there is no official patch.
Public Exploit	Exploit knowledge is well known and working exploitation code is publicly available. Potential of active attacks is very high. This attribute is set for example when PoC exploit code is available from Exploit-DB, Metasploit, Core, Immunity or other exploit vendors. This RTI does not necessarily indicate that active attacks have been observed in the wild.
Active Attacks	Active attacks have been observed in the wild. This information is derived from Malware, Exploit Kits, acknowledgment from vendors, US-CERT and similar trusted sources. If there are no patches available from the vendor, Qualys will also mark it as Zero Day.
High Lateral Movement	After a successful compromise, the attacker has high potential to compromise other machines in the network.
Easy Exploit	The attack can be carried out easily and requires little skills or does not require additional information.
High Data Loss	Successful exploitation will result in massive data loss on the host.
Denial of Service	Successful exploitation will result in denial of service. The vulnerability payload could overload or crash the compromised systems so that they become permanently or temporarily unavailable.
No Patch	The vendor has not provided an official fix.
Malware	Malware infection has been associated with this vulnerability.
Exploit Kit	Exploit Kit has been associated with this vulnerability. Exploit Kits are usually cloud based toolkits that help malware writers in identifying vulnerable browsers/plugins and install malware. Users can also search on Exploit Kit name like Angler, Nuclear, Rig and others.
Wormable	Wormable has been associated with this vulnerability. The vulnerability can be used in “worms” - malware that spreads itself without user interaction.
Predicted High Risk	Predicted High Risk has been associated with this vulnerability. Qualys Machine Learning Model predicted this vulnerability as a High Risk based on various data sources including NVD, Social network, Dark web, Security Blogs, Code repository, Exploits etc.