Eliminate Risk with Precision: Introducing Vulnerability Detection Sources in VMDR...

Security Update News

Update Information

Title	Eliminate Risk with Precision: Introducing Vulnerability Detection Sources in VMDR
Update ID	QUALYSBLOG:A78DD30AED65BEABE676CF17CDDB3CD9
Type	qualysblog
Published	2025-05-27T15:00:00
Last Updated	2025-05-27T15:00:00

Security Impact

CVSS Score	0.0
Severity	NONE
Attack Vector

Affected CVEs

Update Details

In the race against cyber threats, finding vulnerabilities is no longer enough. True security comes from _understanding_ them—where they exist, how they were discovered, and what risks they pose. One of the most overlooked aspects in vulnerability management is knowing the **source** of detection. Without it, organizations may waste valuable time chasing the wrong threats while leaving real risks unaddressed.

To solve this challenge, **Qualys VMDR** now offers **Vulnerability Detection Sources** —a feature designed to eliminate confusion and help organizations take precise, impactful action.

## **Why Knowing the Source Matters**

Imagine you’re scanning your cloud virtual machines with agents while also running external perimeter scans. Vulnerabilities begin to appear. But where did they come from? Were they discovered from within your infrastructure or from an external scan?

Without this clarity, it’s difficult to:

* Understand the context of a vulnerability
* Prioritize the right remediation efforts
* Apply the appropriate security controls

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/vulnerabilities-detection-sources-group-by-click-details.png)

This lack of insight creates delays, misdirected actions, and ultimately, **unnecessary risk**.

That’s where _Vulnerability Detection Sources_ come in.

## **Powered by TruRisk![™](https://s.w.org/images/core/emoji/15.1.0/72×72/2122.png) : Prioritize External Threats with Greater Precision**

Detection source visibility is now directly integrated into your **TruRisk![™](https://s.w.org/images/core/emoji/15.1.0/72×72/2122.png) Score** to enable smarter risk prioritization. External exposures often present a greater threat surface and require faster remediation. That’s why:

**When a vulnerability is detected on an externally exposed asset, TruRisk automatically increases its score by 20%.**

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/vulnerabilities-detection-sources-trurisk.png)

This dynamic adjustment ensures that vulnerabilities facing the public internet are escalated with urgency, empowering your team to focus first on the risks that matter most.

## **What Are Vulnerability Detection Sources?**

This feature in VMDR identifies **exactly where** each vulnerability was detected—whether through Cloud Agent, perimeter scans, internal scanners, or one of many supported methods. By revealing the detection source, security teams can:

* **Identify the root cause** of the vulnerability
* **Take targeted action** based on where the vulnerability exists
* **Accelerate remediation efforts**
* **Reduce the attack surface** and proactively eliminate risk

**Supported Sensor Types Include:**

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/sources.png)

## **How It Works: Better Visibility, Better Decisions**

Once enabled, the detection source information becomes visible from the **next scan onward** (note: not retroactive). Here’s how it helps:

**1\. Enhanced Vulnerability Listings**

A new **“Sources” column** now appears in the Vulnerabilities page, letting you hover for detection details, including:

* Source name(s)
* First detected date
* Last detected date

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/vulnerabilities-detection-sources-intro.png)

You’ll also find this information integrated into the **TruRisk![™](https://s.w.org/images/core/emoji/15.1.0/72×72/2122.png) Score** page for deeper context.

**2\. Group by Detection Source**

Using the new **Group by: Vulnerability Detection Sources** filter, you can organize vulnerabilities by source. This helps you:

* Pinpoint where risks are coming from
* See how many vulnerabilities are tied to each detection method
* Drill into each group for focused remediation

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/vulnerabilities-detection-sources-group-by-result.png)

**3\. New QQL Search Tokens**

For advanced users, new **search tokens** allow granular queries:

* _vulnerabilities.detectionSource.name_
* _vulnerabilities.detectionSource.firstFoundDate_
* _vulnerabilities.detectionSource.lastFoundDate_

This makes it easier to track vulnerability lifecycles, understand patterns, and build dashboards or reports based on precise data.

**4\. Smarter Reports and Dashboards**

Whether you’re exporting a vulnerabilities report or visualizing trends, the detection source now appears as a column in downloads and dashboard widgets. This gives stakeholders and security teams a clearer picture of where action is needed most.

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/vulnerabilities-detection-sources-dashboard.png)

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/download_formats_detection_sources.png)

**5\. Vulnerability Detection Sources in Reports
** Vulnerability detection source details are now available in CSV reports. To enable:****

* Open your **Report Template**
* In the **Display** section, check Vulnerability Detection Sources

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/Report_Templates.png)

Once enabled, exported reports include two new columns:

* Vulnerability Detection Sources
* Latest Vulnerability Detection Source

This added visibility helps you analyze trends, segment remediation based on origin (e.g., Cloud Agent vs. Scanner), and generate more actionable executive reporting.

**6\. Retrieve Detection Source via API**

You can programmatically access Vulnerability Detection Sources via the Qualys API, enabling integration with external tools and dashboards.

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/api-output.png)

**Endpoint:**

_/api/2.0/fo/asset/host/vm/detection/_

**Parameter:**

To include source information, use the following:

_vuln_detection_source=1_

**Example XML Output:**

25268746 45046 Info 1 2024-06-26T13:27:04Z 2025-03-14T21:12:06Z **< VULNERABILITY_DETECTION_SOURCES>Cloud Agent,Internal Scanner** ** Cloud Agent** 1401
—

This provides complete detection history, including the full list of sources and the most recent one.

## **The Impact: From Uncertainty to Action**

Imagine a vulnerability is detected within your environment. If identified by a Cloud Agent, it might indicate a misconfigured application or outdated package on a cloud VM. Conversely, if an external scanner uncovers it, the threat could be exposed to the public internet—necessitating immediate firewall or perimeter control updates.

By leveraging **Vulnerability Detection Sources** , you gain clarity on where vulnerabilities originate, enabling precise and timely responses.

Building upon this, **TruRisk![™](https://s.w.org/images/core/emoji/15.1.0/72×72/2122.png) Eliminate** empowers organizations to go beyond traditional patching. It offers a comprehensive remediation approach that includes:

* **Automated Patching** : Streamlining the deployment of patches to reduce threat exposure.
* **Configuration-Based Mitigations** : Implementing registry changes or configuration modifications when patches are unavailable or risky.
* **Device Isolation** : Quarantining high-risk assets to prevent the spread of threats within the network.

![](https://ik.imagekit.io/qualys/wp-content/uploads/2025/05/TruRisk_Eliminate_Screenshot_3-scaled.png)

With TruRisk Eliminate, you can proactively address nearly 100% of CISA Known Exploited Vulnerabilities (KEVs), ensuring robust protection even when traditional patching isn’t feasible.

This integrated approach transforms your vulnerability management from reactive to proactive, enabling you to eliminate risks intelligently and by design.

**For more details on TruRisk Eliminate and how it can enhance your cybersecurity strategy, click here:TruRisk Eliminate**

## **Coming Soon: Support for Policy Audit**

The benefits of detection source visibility don’t stop with vulnerability management. **This capability is also coming toQualys Policy Audit in Q3, 2025.**

In the near future, you’ll be able to identify the exact sensor source that detected each compliance control failure—whether it was a Cloud Agent, an authenticated scan, or another supported method.

**This added visibility will help audit & compliance teams:**
• Understand the true origin of misconfigurations or compliance failures
• Take faster, more precise corrective actions
• Improve audit readiness and reporting accuracy

Stay tuned for more updates as we bring this same level of precision and transparency to Policy Compliance assessments.

**In Summary: Why This Matters**

The _Vulnerability Detection Sources_ feature is more than just an enhancement.

It’s a strategic capability for any organization aiming to:

* Improve decision-making
* Focus resources on the right problems
* Accelerate time to remediation
* Reduce the attack surface
* Prioritize external threats with increased TruRisk weighting
* Eliminate risk with clarity and confidence

**Ready to take the guesswork out of vulnerability management?**
Contact Qualys Support or your technical account manager to enable vulnerability detection sources in Qualys VMDR today, and secure your environment with greater insight and precision.

* * *

**Ready to see how these features come together in action? Take a closer look at the vulnerability detection sources that power smarter security**!

Learn More Today