Auto Scan from Servicenow to Qualys on state changes

Go to solution
User179407
Mega Guru

‎09-01-2020 02:54 PM

Hello,

I would like to know how does the auto scan happen from Servicenow to Qualys and on which states is the scan triggered ?

What are the jobs that run and where can we monitor the/m?

 Update: i see that when the state changes to Resolved the auto scan is initiated.(see below link). however I dont see the workflow is initiating in my SN instance, how to i activate that auto workflow ?

https://www.youtube.com/watch?v=uAaF9o-gylg&t=190s

Thanks.

 

@Chris McDevitt 

@Stephen Laseau 

@./andy-b2poYQ== 

Labels:
  • 1,964 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to User179407

‎09-02-2020 02:55 PM

Hey there - you need to specify a fallback appliance that will be used in the API request sent to Qualys.

The Qualys API will not accept requests for re-scan without an appliance - so this acts as the fallback (even though you've setup the Default Scan Appliances)...

In the Default Scan Appliances you can ensure the IP Ranges are mapped to the appliances you'd expect to cover the scans (that would win first).

The "default scanner appliance" you setup is the fallback, if we do not find a target Appliance from the "Default Scan Appliances" you have already setup.

You can specify either the ID or Name of the Appliance (seem to have better luck with the Name).

find_real_file.png

View solution in original post

Preview file
84 KB
11 REPLIES 11

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to User179407

‎09-02-2020 02:11 PM

Hey there - I don't think that is the right spot to put the `scan_options_profile`.

We need to put it in the <Value> column, of the Integration Instance Params.

This should get you moving forward:

find_real_file.png

Preview file
113 KB

Go to solution
User179407
Mega Guru
In response to andy_ojha

‎09-02-2020 02:16 PM

I dont know how i missed this, thanks. 

Below is the error now:

Error: No default scanner appliance defined.  Provide a default scanner appliance in the integration configuration

 

Where can I find value for default_scan_appliance ? Please note that I have already configured the Qualys Default Appliances (see screen shot 4)

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to User179407

‎09-02-2020 02:22 PM

Sorry I guess I am late to the party! Andy has already answered everything... Ah! I see he left one for me!

🙂 

 

  • Vulnerability Response > Qualys Vulnerability Integration > Integration Instance [sn_sec_int_impl] then Qualys
    - Integration Instance Parameters
    — default_scan_appliance
  • find_real_file.png

And do not worry.... There could be a document just on setting up rescan.

-Chris

 

Preview file
67 KB
0 Helpfuls

Go to solution
User179407
Mega Guru
In response to Chris McDevitt

‎09-02-2020 02:25 PM

Hey Chris,

thanks for the reply.

What should be the value for default_scan_appliance  ? 

 

Please note that I have already configured the Qualys Default Appliances Integration

find_real_file.png

0 Helpfuls

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to User179407

‎09-02-2020 02:55 PM

Hey there - you need to specify a fallback appliance that will be used in the API request sent to Qualys.

The Qualys API will not accept requests for re-scan without an appliance - so this acts as the fallback (even though you've setup the Default Scan Appliances)...

In the Default Scan Appliances you can ensure the IP Ranges are mapped to the appliances you'd expect to cover the scans (that would win first).

The "default scanner appliance" you setup is the fallback, if we do not find a target Appliance from the "Default Scan Appliances" you have already setup.

You can specify either the ID or Name of the Appliance (seem to have better luck with the Name).

find_real_file.png

Preview file
84 KB