Filter out vulnerabilities from Qualys for non-running kernels and Superseded patches
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2022 10:08 AM
Hello,
We are using Qualys Service Integration for VR (Qualys Integration for Security Operations: v12.1.1)
I am looking at modifying the API to exclude non-running kernels and superseded patches.
looking at this article, and Qualys API documentation i added 2 HTTP parameters, see below screen shot
arf_kernel_filter = 1
exclude_superceded_patches = 1
I now get the below error. FYI - without the above 2 parameters the integration just runs fine.Do I need to add any other parameter with this parameter in the API to support this ?
Error: Invalid response code 400 received from Qualys. Encountered process error running the integration.
I checked the HTTPs Request and it shows the parameters set by me.
can you please help ?
Thank you.
- Labels:
-
Vulnerability Response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2022 10:54 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-25-2022 11:00 AM
Hi Chris,
I just figured that out after reading the Qualys API documentation more thoroughly. Thank you for confirming.
I just added "arf_kernel_filter" which is part of Host Detection and it works fine.
So now the question is: Is there a way to filter out vulnerabilities related to Superseded patches ?
Thank you for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2024 02:41 PM
Were you ever able to determine how/where to configure the exclude_superceded_patches parameter in ServiceNow? We've been unable to find a REST Message that includes the exact endpoint that Chris McDevitt suggested in an earlier response and I'm starting to wonder if that parameter may be related to the "Rescan" function in ServiceNow which is something we cannot enable as we are only allowed to pull from Qualys. I'm also wondering if that parameter can be configured within Qualys itself.
Thanks in advance for any guidance you can offer (or remember :-)).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2024 07:06 AM
Brian,
yes use filter_superseded_qids parameter and set it to "1" in the post call should do the work, see below screen shot
refer page 24 of the below documentation
https://cdn2.qualys.com/docs/release-notes/qualys-cloud-platform-10.8-api-release-notes.pdf