ServiceNow and Qualys integration records mismatch

karthikdsp
Tera Contributor

‎08-12-2025 02:18 AM

I’ve integrated ServiceNow with Qualys to sync server data using a graph connector. However, I’ve encountered a discrepancy: the CMDB server table in ServiceNow contains around 4,000 records, while Qualys only has 2,270 records. Additionally, I’ve verified that there are no duplicate records in the CMDB server table.

Could someone help me understand why this mismatch exists and how to resolve it?

Labels:
0 Helpfuls
  • 438 Views
4 REPLIES 4

Mark Manders
Mega Patron

‎08-12-2025 05:04 AM

Please provide more information.

- Did you already have servers in there, before the Qualys integration was created?

- How do you know there aren't any duplicates? Because that would mean the one of the systems isn't correct. Is Qualys missing servers, or does ServiceNow have too many?

- What's the unique identifier between the systems? 

- Has anything changed lately (maybe an identifier changing from 'name' to 'serial number', causing multiple servers to exist with the same name, but all with a different number?


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

karthikdsp
Tera Contributor
In response to Mark Manders

‎08-14-2025 03:53 AM

1)yes there are servers before but not from the Qualys source 

2)ServiceNow as too many records.

3) can you please specify where to find the unique identifier b/w them, i guess it's asset id

4)no nothing has changed from the beginning itself more records are generated in CMDB server table from Qualys source

0 Helpfuls

Mark Manders
Mega Patron
In response to karthikdsp

‎08-14-2025 10:25 PM

Doesn't 1 already answer your question? You had servers before, so those are still in there. Adding an integration does not remove old records. Check the source of the records in your ServiceNow system. How many have Qualys as their source?

Your integration can be set up in several ways. But every integration has a way to determine if it should create a new record or update an existing one (or ignore it). That is your unique identifier. It could be the asset id, but I don't know that. You mention that you don't have any duplicates. How do you know? You must have checked on something from which you say 'that's a unique thing, so if I have 4000 different ones of that, I can say that ServiceNow has no duplicates'.

And then compare that to your Qualys data. If Qualys only has 2270 servers identified, it has either created duplicates because the identifier is different (or changed), or something else is going on, but we don't have access to your instance, so we don't know.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

AJ-TechTrek
Giga Sage
Giga Sage

‎08-12-2025 07:48 AM

Hi @karthikdsp ,

 

As per my understanding Why the mismatch happens -


A difference in CI counts between ServiceNow CMDB and Qualys is almost always due to scope and filtering — not duplicates.


Common causes:
1. Different population sources
* CMDB may include servers from multiple sources (Discovery, SCCM, manual entries, other integrations), while the Qualys graph connector syncs only assets known to Qualys.


2. Integration filtering
* The Qualys connector usually applies filters in the Data Source or Transform Map stage (e.g., OS type, active flag, tag filters).
* It might only bring in devices that match a certain status in Qualys (e.g., "active assets" or scanned in the last 30 days).


3. Correlation rules in IRE
* If IRE matching conditions (e.g., name + serial_number or name + correlation_id) fail, Qualys assets may create new CIs in a different class or be rejected entirely if required fields are missing.


4. Data retention in Qualys
* Qualys can automatically remove stale assets after a period of no scans — CMDB will still retain these unless you have CMDB Health Staleness rules.


5. Class mismatch
* The connector may be mapping Qualys data to subclasses (e.g., cmdb_ci_linux_server or cmdb_ci_win_server) while you are only counting cmdb_ci_server.


Steps how to resolve this issue, Might be helpful for you


1. If you want parity between CMDB and Qualys:
* Limit your CMDB count to discovery_source=Qualys when comparing.
* Or remove stale/manual/non-Qualys CIs from the count.


2. If you want to bring all missing Qualys assets into CMDB:
* Remove unnecessary filters from the Qualys data source.
* Adjust the IRE rules for server classes to match on available Qualys attributes (e.g., match on IP + hostname if serial number is missing).

* Ensure the Qualys API account has permission to fetch the full inventory.


3. If some CMDB servers should be in Qualys but aren’t:
* Work with the Qualys admin to ensure all servers are scanned and tagged in the Qualys subscription.
* Review Qualys purge/retention policy

 

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 

Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025

0 Helpfuls