How does QualysGuard determine the overall risk rating of a particular host?
There's a description in the online help section, when you log into QualysGuard:
This section describes how security risk is calculated for each host in the report. The security risk calculation includes vulnerabilities and potential vulnerabilities. This calculation does not include information gathered.
In a Manual scan report, security risk is equal to the highest severity level detected across all vulnerabilities and potential vulnerabilities on the host. For example, if the highest severity level detected on the host is severity level 4 (whether confirmed or potential), then the security risk for the host is 4.
In an Auto scan report, the security risk calculation method is either 1) the average severity level detected, or 2) the highest severity level detected. The calculation method used depends on the security risk configuration enabled for the subscription. The security risk configuration may be defined to include or not include hosts with no vulnerabilities. Managers define configuration settings on the Security Risk Setuppage (Setup > Security Risk). See Security Risk for more information.
See examples below of the security risk value as it appears in the Detailed Results section of an Auto scan report. Note that to see the security risk value in the Detailed Results section of the report, you must select the "Text Summary" option under Detailed Results in the scan report template. In the examples below, detailed results are sorted by host, the "Text Summary" option is selected in the scan report template, and active vulnerabilities and potential vulnerabilities are included in the report.
Example 1: Security Risk is set to "Average severity level detected":
Example 2: Security Risk is set to "Highest severity level detected":
Note: To view security risk in the Detailed Results section of your Auto scan reports, you must edit the scan report template and select the option "Text Summary" under Detailed Results on the Display tab. Note that this option is not available in Manual scan reports.
The security risk value displayed in the Detailed Results section of the scan report is the security risk for all hosts that match the sorting method. The Detailed Results section of your report may be sorted by host (the default), vulnerability, operating system, asset group, service or port. You set the sorting method in the scan report template.
For example, if you sort detailed results by host, then the security risk displayed for each host is based on the vulnerabilities and potential vulnerabilities detected on the host. If you sort detailed results by some other method like operating system, then the security risk displayed for each operating system is based on the vulnerabilities and potential vulnerabilities detected on the hosts with that operating system. If you sort detailed results by asset group, then the security risk displayed for each asset group is based on the vulnerabilities and potential vulnerabilities on the hosts in that asset group, and so on. The same methodology applies to the other sorting methods.
Note that the average security risk for the report (in the Summary of Vulnerabilities section) represents the average risk for all hosts in the report, and is not affected by the sorting method used in the Detailed Results section.
Hope this helps,
Thanks for the help.
Not a problem.
Retrieving data ...