Handling Stale Assets

m_mckanna · ‎08-27-2025

What are your best practices for dealing with stale assets?

I'm particularly looking for a way to deal with VIT's from hosts that have been purged from Qualys. When the next sync occurs, usually once a day, the VIT's remain open for hosts that we no longer have in our Qualys instance. Is there a way to configure the Qualys/SN VR integration to recognize that this host no longer exists and close the associated VIT's?

william_tran · a month ago

Hi there,

Thats a great question. Are you using Qualys to scan ephemeral assets (i.e. Containers)? There isn't a specific way OOTB to ensure that if findings are no longer in Qualys, that we close out the VIT. I would recommend against developing something like that since the integration only pulls a delta of data between integration runs.

To tackle this, I would recommend leveraging VR's Auto-Close Stale Detections feature, and setting a specific condition for this scenario.

Reference: https://www.servicenow.com/docs/bundle/zurich-security-management/page/product/vulnerability-respons...

I hope this helps!

m_mckanna · a month ago

Hi William,

Thanks for taking the time to reply. We're not utilizing ephemeral assets - most are longstanding assets.

We're currently utilizing the auto close functionality which includes some rules around asset status in the CMBD. I think this is the best approach we have come up with so far, but our IT team is looking for a more automated way.

william_tran · 4 weeks ago

Thanks, thats great information.

ServiceNow VR does have some built-in capabilities with the CMDB's Lifecycle status- specifically if the state is Decomissioned. I'm sure you may already be utilizing this.

Link: https://www.servicenow.com/docs/bundle/yokohama-security-management/page/product/vulnerability-respo...

The "least customized" approach to this would rely on the CMDB to report that a CI is decommissioned, and we would update it on the VR side accordingly.

If you are familiar with the Qualys Service Graph Connector, I'd probably recommend exploring that store app with your CMDB team, and utilizing it to set the CI's Decommissioned status. You could potentially setup some Flows/automation to set a CI to decommissioned if it is no longer on the Qualys side. Another alternative is configuring some level of "alerting" from Qualys that X system has been purged, and relay that information back into the CMDB.