Is there a way to exclude superseded QIDs

SanjivMeher · ‎04-01-2020

Hello Experts,

We have an integration with Qualys.

We want to exclude the Superseded Patching QIDs. I dont see any attribute from qualys, indicating Superseded attribute.

Has anyone implemented this requirement or have knowledge on how to achieve it?

Please mark this response as correct or helpful if it assisted you with your question.

AndrewP · ‎09-23-2021

Hi @Sanjiv Meher , We are also looking to do this as it can create an inaccurate number of vulnerabilities. Did you have any luck?

It looks like we can add a filter_superseded_qids parameter in the API and set this value to 1 in the HTTP Method page in ServiceNow (HTTP Method > HTTP Request > HTTP Query Parameters).

Andrew

View solution in original post

Kevin149 · ‎05-13-2020

You could possibly use the API to create a custom table where you list superseding patches and then use that table to create a workflow or business rule to exclude them. The API for qualys has an endpoint you can hit to list superseding patches. https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf go to page 436. Maybe this can get you on the right track? Sorry I'm new to Vuln response.

AndrewP · ‎09-23-2021

Hi @Sanjiv Meher , We are also looking to do this as it can create an inaccurate number of vulnerabilities. Did you have any luck?

It looks like we can add a filter_superseded_qids parameter in the API and set this value to 1 in the HTTP Method page in ServiceNow (HTTP Method > HTTP Request > HTTP Query Parameters).

Andrew

SanjivMeher · ‎09-23-2021

Looks like this is a new query parameter by qualys which was not there before..

We didnt make any changes during our implementation, but looks like we can use this parameter now. Thanks for letting me know.

Please mark this response as correct or helpful if it assisted you with your question.