Hi All,
A strange case was reported to our team where some VITs related to the same asset (CI) are being re-opened every week at the time the Qualys Host Detection Integration is executed but, these vulnerabilities doesn't exist in Qualys so that, these detections are not present in the XML that ServiceNow downloads from Qualys.
Reviewing this case, we have noticed 3 interesting things:
1. Vulnerabilities does not exist in Qualys nor in the XML file that ServiceNow downloads from Qualys.
2. Every time the VITs are re-opened, this comment appears "Qualys updated the following fields: State: Open", and we haven't seen it before.
3. Any of the re-opened VITs have a Detection linked.
Please let me know the reason behind this which would be helpful.
