Qualys integration run status chart

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Qualys Integration Run Status Chart

    The Qualys Integration Run Status module provides a visual dashboard to monitor the status and performance of Qualys vulnerability integration runs within ServiceNow. Accessible viaQualys Vulnerability Integration > Integration Run Status, this dashboard is available in the New Experience UI starting from version 19.0 of Vulnerability Response. It offers graphical insights into integration run outcomes over the past 30 days, helping customers track import and update activities related to vulnerability data.

    Show full answer Show less

    Key Features

    • Interactive Charts: Users can hover over or click chart elements (bar, pie, data points) to view detailed data and drill down to specific integration run records.
    • Integration Run Data: Displays counts of Imported Items (total records created from runs), New Items (newly created records), Updated Items (number of record updates, counting multiple updates per record), and Unchanged Items (existing records detected but not updated).
    • Active Integrations Only: Run counts and data reflect only integrations set to active in Qualys Vulnerability Integration > Administration > Primary Integrations.
    • Filtered Display: Integration runs with zero new, existing, or updated items are excluded from the run list to focus on relevant data.
    • Performance Metrics: Two key graphs measure daily ingestion performance and throughput over the last 30 days to help identify causes of performance variations:
      • Performance Metrics: Metrics for assignment rules, group rules, risk rules, queue wait and processing times, color-coded for clarity.
      • Performance Throughput: Items ingested per hour, providing an overall daily performance snapshot.
    • Reports Available: Include last 30 days’ integration runs (successful and failed), new and updated Vulnerable Items (VIs), duplicates, and detailed integration run records.

    Practical Considerations

    • Duplicate Items column is no longer populated; customers may remove it from displays.
    • Updated Items count reflects total updates, not unique records, so multiple updates to the same record increase the count.
    • To verify detections, compare with ServiceNow detection data in the snvuldetection table.
    • Functional limitations exist for Tokyo users viewing dashboards in the Next Experience UI.

    Benefits for ServiceNow Customers

    This module enables customers to proactively monitor the health and performance of their Qualys integrations, quickly identify import issues, and analyze ingestion throughput. By visualizing detailed integration run data and performance metrics, customers can optimize vulnerability data processing, improve data accuracy, and ensure timely updates of vulnerability information in their ServiceNow environment.

    The Qualys Integration Run Status module is a graphical view of the status of Qualys integration runs.

    To view the status of integration runs, navigate to Qualys Vulnerability Integration > Integration Run Status.

    Starting with version 19.0 of Vulnerability Response, this dashboard is available in the New Experience UI.
    Note:
    If you are on Tokyo, you can view the dashboards in the Next Experience UI but with some functional loss.

    In the chart, point to any part (bar, pie, data point, and so on) to view general data specific to that part. If you click any part of a report, a list opens to provide detailed information.

    The Qualys Integration Run Status displays the vulnerability integration run status for the last 30 days. The Qualys[qualys] updated VIs count indicates the count for any unique detections in the same asset. The VI then gets updated with the new detection.
    Note:
    The vulnerability integration run count is displayed only for the integrations, which are set to active state. Navigate to Qualys Vulnerability Integration > Administration > Primary Integrations and set the state to active.
    Figure 1. Sample Qualys Integration Run Status chart
    Integration run status chart example from host detection
    • The values in the Imported Items column represents the total number of records that are created from an integration run.
    • The New items column displays the number of records that are created from an integration run.
    • The Duplicate items column is no longer populated. You may prefer to remove this column from the display.
    • The Updated items column displays the number of times records are updated during an integration run. This value is not the number of unique records that are updated. If for example, a record is updated two times during the integration run, it is counted two times and displayed as 2 updated items.
    • The Unchanged items column displays records found during the integration run that already exist in the database but were not updated, because none of the relevant field values had changed.
    Note:
    Integration runs with zero results for all four of the following values: New CIs, Existing CIs, New Items, and Updated Items are filtered out of the Qualys Integration Runs list.
    Table 1. Qualys integration run status chart reports
    Name Description
    Last 30 Days Qualys Results The number of integration runs completed for each integration. Shows both successful and failed runs. Run in a bar visual.
    Last 30 Days Qualys New VIs The number of new records imported in the last 30 days. Shown as an integer.
    Last 30 Days Qualys Updated VIs The number of updated records imported in the last 30 days. Shown as an integer.
    Last 30 Days Qualys Duplicates The number of duplicate records imported in the last 30 days. Shown as an integer.
    Qualys Integration Runs The integration run records in a list.
    Note:
    V16.1: To verify detections for this integration, compare the detections or findings with the ServiceNow detection data in the sn_vul_detection table.

    While the integration is in progress, there might be a change in the detection or findings count. This report displays the count of detections in the ‘Till date count’ column in the instance, after the completion of the integration run.
    Last 30 Days Qualys Vulnerable Item Ingestion Performance Metrics Daily performance metrics for vulnerable items compared for the last 30 days.
    Last 30 Days Qualys Vulnerable Item Ingestion Performance Throughput Daily vulnerable item ingestion throughput measured for the Qualys Host Detection integration for the last 30 days.
    Multiple factors can impact the performance of the integration run, like the amount of data and time taken to process this data. Two graphs compare the performance metrics:
    • Qualys Vulnerable Item Ingestion Performance Metrics: Compare daily performance metrics for assignment rules, group rules, risk rules, queue wait time, queue processing time, and other statistics for vulnerable items for the last 30 days, to identify the cause for any deviations in performance. The performance is calculated based on the time taken for each activity. These parameters are calculated and associated at the integration run level. Each parameter is color coded for easy identification.
    • Qualys Vulnerable Item Ingestion Performance Throughput: Compare daily vulnerable item ingestion throughput for the Qualys Host Detection integration. Throughput is measured in items per hour. This report shows the overall performance on a particular day and not at the individual parameter level. Qualys integration run status