Host Detection CIs created by Qualys

Khanna Ji · ‎01-19-2019

Host Detecton CIs created by qualys for vulnerability response module integration are available for selection to the other ITSM modules also or only for vulnerability application?

Chris McDevitt · ‎01-19-2019

When the Qualys Hosts Detection Integration runs, the imported data is run through the CI Identifier Rules found under the Security Operations section of the tool. If a Qualys Host does not match a CI Identifier Rules then a new entry is made in the CMDB under Qualys CI [sn_vul_qualys_ci which is extended from Hardware].

Everything in the CMDB is available to the rest of the platform including Qualys CIs. Now, with that said, the best practice is to have a plan in place to handle the Qualys CI's. Some of the Qualys CI's will need to be re-classified into their proper CMDB classes (for example servers or workstations). Some of the items, like IP Phones, the customer may choose to leave in the Qualys CI class.

In any event, the Qualys Host Discovery is a nice addition to ServiceNow Discovery to help identify new items that you may have missed during your discovery planning.

Please mark this as correct or useful if this helps you so others can benefit from our discussion.

View solution in original post

jonathanwalker · ‎01-19-2019

Swathi,

They are also available to the rest of the platform for selection. They are dropped in an extended cmdb_ci table...which is really a class of "Qualys CI" -- table is sn_vul_qualys_ci

thanks

Chris McDevitt · ‎01-19-2019

When the Qualys Hosts Detection Integration runs, the imported data is run through the CI Identifier Rules found under the Security Operations section of the tool. If a Qualys Host does not match a CI Identifier Rules then a new entry is made in the CMDB under Qualys CI [sn_vul_qualys_ci which is extended from Hardware].

Everything in the CMDB is available to the rest of the platform including Qualys CIs. Now, with that said, the best practice is to have a plan in place to handle the Qualys CI's. Some of the Qualys CI's will need to be re-classified into their proper CMDB classes (for example servers or workstations). Some of the items, like IP Phones, the customer may choose to leave in the Qualys CI class.

In any event, the Qualys Host Discovery is a nice addition to ServiceNow Discovery to help identify new items that you may have missed during your discovery planning.

Please mark this as correct or useful if this helps you so others can benefit from our discussion.

Khanna Ji · ‎01-20-2019

Chris, I have one question. When integration already pushes the CMDB data then why Qualys selling CMDB CI Sync App for sending the CMDB data to ServiceNow separately? Is it a business strategy to earn money?

Chris McDevitt · ‎01-21-2019

Swathi,

I have not used the Qualys CMDB Sync App. Reading through its features, I'm guessing that you may want to use this IF you are not using the Vulnerability Response Qualys integration AND you want to add the Qualys discovered assets to your CMDB. For example, if you do not own ServiceNow Discovery, this might be an excellent choice to help populate your CMDB. If you do own ServiceNow Discovery, the Qualys Sync App might be useful for identifying missing CI that the ServiceNow Discovery does not know about.
The docs also note that you can synchronize metadata between both. This might be useful if you find that one tool gathers more information then the other.