Components installed with the Qualys Vulnerability Integration

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Components Installed with the Qualys Vulnerability Integration

    The Qualys Vulnerability Integration provides essential roles, integration jobs, and tables designed to facilitate vulnerability management within ServiceNow. Understanding these components is crucial for effectively managing vulnerabilities and integrating with Qualys services.

    Show full answer Show less

    Key Features

    • Installed Roles:
      • snvulqualys.read: Read access to Qualys records.
      • snvulqualys.user: User role with read/write permissions.
      • snvulqualys.admin: Administrator role for advanced configurations.
      • snvul.vulnerabilityanalyst: Analyst role in vulnerability management.
      • snvul.configurequalysintegration: Role for configuring the integration.
    • Integration Jobs:
      • Qualys Static Search List Integration: Synchronizes static search lists.
      • Qualys Comprehensive Host Detection Integration: Retrieves and processes host and vulnerability data.
      • Qualys Host List Integration: Gathers authenticated and unauthenticated scan data weekly.
      • Qualys Ticket Integration: Imports Qualys tickets into ServiceNow.
      • Qualys Knowledge Base: Updates and manages vulnerability data based on Qualys updates.
    • Installed Tables:
      • snvulqualysm2msearchlistvul: Maps Qualys search lists to vulnerabilities.
      • snvulqualysscanner: Stores information for the Qualys rescan feature.
      • snvulqualyssearchlist: Contains search lists from Qualys integration.
      • snvulqualysknowledgebase: Stores retrieved knowledge base entries from Qualys.

    Key Outcomes

    By leveraging the Qualys Vulnerability Integration, ServiceNow customers can efficiently manage vulnerability data, streamline the vulnerability assessment process, and maintain up-to-date information on vulnerabilities and assets. This integration ultimately enhances security posture and operational efficiency.

    The following roles, integration jobs, and tables are installed with the Qualys Vulnerability Integration.

    Note:
    The Application Files table lists the components that are installed with this application. For instructions on how to access this table, see Find components installed with an application.

    View filtered lists for components installed with an application

    Filter the Applications Files table so that only the roles, scheduled jobs, and tables that are installed with an application are displayed. The application you want to view these components for should be installed so that its files are loaded onto the instance and into the metadata table. Follow these steps to view filtered lists from the Applications Files table.

    1. In the filter navigator, enter sys_metadata.list to navigate to the metadata table.
    2. Select the condition builder (filter icon), and select, Application > is followed by the name of your application. For example, Application > is > Vulnerability Response.
    3. In the condition builder, to add a second filter, select AND, then select, Class > is a and choose one of the following classes from the list: Role, Scheduled job, or Table.
    4. Select Run.

    The results for the class you selected are displayed in a filtered list.

    Roles installed

    Role title [name] Description Contains roles
    sn_vul_qualys.read Has read access to the Qualys Vulnerability Integration records.
    sn_vul_qualys.user User for Qualys Vulnerability Integration. Can read and write records sn_vul_qualys.read
    sn_vul_qualys.admin Administrator forQualys Vulnerability Integration. For example, you can modify integration start dates and perform some advanced configuration settings.
    • sn_vul_qualys.user
    • sn_vul.vulnerability_analyst
    sn_vul.configure_qualys_integration Can configure the Qualys Vulnerability Integration sn_vul_qualys.admin

    Integration jobs installed

    Integration job Description
    Qualys Static Search List Integration Synchronizes Qualys search lists for finding vulnerable entries. Retrieves only static list type records.
    Qualys Comprehensive Host Detection Integration

    Retrieves host and vulnerability data from Qualys and processes it in your instance.

    It coordinates the REST message calls to the Host Detection API.

    The output of this integration is vulnerable items. This integration imports all the states of the vulnerability: New,Fixed, Active, and Reopened. By default, this integration is inactive and runs weekly.

    Note:
    After this integration is activated, the daily comprehensive job imports only the New, Fixed, and Reopened states.
    Qualys Host List Integration Retrieves authenticated and unauthenticated host scan data and host tags from Qualys once a week and stores it in the Discovered Items module in your instance. Helps identify assets that haven't been scanned recently.
    Qualys Host Detection Integration Retrieves host and vulnerability data from Qualys and processes it in your instance. It coordinates the REST message calls to the Host List Detection API.

    The outputs of this integration are vulnerable items.

    Qualys host tags are imported in this integration.
    Qualys Ticket Integration Retrieves Qualys tickets and adds them to your instance. It coordinates the REST message calls to the ticket list API.

    There are often fewer tickets than Host Detections since Qualys settings can constrain the detections that result in a ticket.
    Qualys Option Profile List Integration Retrieves option profiles from the Qualys product. Option profiles include scan settings which are required when you initiate scans from your ServiceNow AI Platform instance.
    Qualys Appliance List Integration Retrieves scanner appliance information from Qualys.
    Qualys Asset Group Integration Retrieves asset group information from Qualys. Asset groups are used to identify which scanner appliances to use for scanning matching configuration items.
    Qualys Knowledge Base (Backfill) Retrieves Qualys knowledge base entries.

    Scheduled to run after the Qualys Host Detection Integration. Updates your instance with any QIDs that were referenced in the Host Detection integration but did not exist in the system.
    Qualys Knowledge Base Retrieves Qualys knowledge base entries. The retrieved data is based on the date the vulnerabilities were updated by Qualys and since the last time the integration ran.

    This data is useful for populating historical data into your instance as well as ensuring the Qualys Identifiers (QIDs) are up to date.
    Qualys Dynamic Search List Integration Synchronizes Qualys search lists for finding vulnerable entries, and retrieves dynamic list type records.
    Fixing the detections for updated key for Qualys A hashed combination of fields that provided a way to identify and tie a detection to a Qualys vulnerable item.
    Qualys Update existing discovered items with network partition identifier Updates your existing discovered items. CIs for your existing Qualys Vulnerability Integration data are created or updated to include the network partition identifier granularity.

    Tables installed

    Table Description
    Search List Vulnerability

    sn_vul_qualys_m2m_search_list_vul

    		 Stores the mapping between the Qualys search list and a vulnerability.
    Qualys Vulnerability Scanner

    sn_vul_qualys_scanner

    		 Table that extends Vulnerability Scanners to store scanner information for the Qualys rescan feature.
    Qualys Search Lists

    sn_vul_qualys_search_list

    		 Stores search lists retrieved by the Qualys search list integration.
    Qualys Appliance Import

    sn_vul_qualys_appliance_imp

    		 Table extending the import set row. Field map transformation is skipped and the response attachment is processed directly with the onComplete script.
    Qualys CI

    sn_vul_qualys_ci

    		 Table no longer used.
    Host Detection Pagination

    sn_vul_qualys_host_detection_pagination

    		 Table no longer used.
    Qualys Integration Run

    sn_vul_qualys_integration_run

    		 Table no longer used.
    Qualys Integration

    sn_vul_qualys_integration

    		 Table extending the vulnerability integration and stores all the integrations that correspond to Qualys.
    Qualys Static Search List Import

    sn_vul_qualys_static_search_list_imp

    		 Table extending the import set row. Field maps are used to transform data to the target table, Qualys Search Lists.
    Qualys Knowledge Base

    sn_vul_qualys_knowledge_base

    		 Table extending the import set row. Field map transformation is skipped and the response attachment is processed directly with the onComplete script.
    Qualys Ticket List

    sn_vul_qualys_ticket_list_imp

    		 Table extending the import set row. Field map transformation is skipped and the response attachment is processed directly with the onComplete script.
    Qualys Option Profile

    sn_vul_qualys_option_profile

    		 Table storing the option profiles retrived from Qualys. This table used with the rescan.
    Qualys Dynamic Search List Import

    sn_vul_qualys_dynamic_search_list_imp

    		 Table extending the import set row. Field maps are used to transform data to the target table, Qualys Search Lists.
    Qualys Import Set Re-Run

    sn_vul_qualys_import_rerun

    		 Table no longer used.
    Qualys Option Profile Import

    sn_vul_qualys_option_profile_import

    		 Table extending the import set row. Field map transformation is skipped and the response attachment is processed directly with the onComplete script.