In-Depth Guide: Integrating ServiceNow with Qualys

Integrating ServiceNow with Qualys can streamline your organization’s vulnerability management and incident response workflows. This comprehensive guide provides a step-by-step process to set up this integration, complete with example scripts and best practices.

Prerequisites

- ServiceNow Instance: You need access to a ServiceNow instance with appropriate permissions to create REST messages and scheduled jobs.
- Qualys Account: Ensure you have a valid Qualys account with API access. This typically requires administrative privileges.
- Basic Knowledge: Familiarity with REST APIs, JavaScript, and ServiceNow’s platform will help in understanding the implementation.

Step 1: Generate Qualys API Credentials

1. Log in to Qualys:

- Access your Qualys account and navigate to the User Preferences section.

2. API Settings:
- Locate the section to manage API settings. You may need to enable API access if it’s not already set up.

3. Generate Credentials:
- Create or retrieve your API username and password. Keep this information secure, as it will be used to authenticate your API requests.

Step 2: Configure Qualys API in ServiceNow

2.1 Create a REST Message in ServiceNow

1. Navigate to REST Messages:
- In ServiceNow, go to System Web Services > Outbound > REST Message.

2. Create a New REST Message:
- Click New and fill in the following fields:
- Name: Qualys API
- Endpoint: `https://<qualys_api_url>/api/2.0/fo/` (replace `<qualys_api_url>` with the actual Qualys API endpoint).

3. Define the Request:
- Set the HTTP Method to `GET` for fetching data.

2.2 Create Authentication

1. Add Authentication:
- Under the REST Message you just created, click on the HTTP Request tab.
- Choose Basic Authentication and fill in:
- Username: Your Qualys API username
- Password: Your Qualys API password

Script: Create a REST Message

Here’s a simple script to initialize a REST message in ServiceNow:

var restMessage = new sn_ws.RESTMessageV2();
restMessage.setEndpoint('https://<qualys_api_url>/api/2.0/fo/vm/asset/');
restMessage.setHttpMethod('GET');
restMessage.setBasicAuth('your_username', 'your_password');

Step 3: Set Up Scheduled Jobs

3.1 Create a Scheduled Job

1. Navigate to Scheduled Jobs:
- Go to System Definition > Scheduled Jobs.

2. Create a New Scheduled Job:
- Click New and configure the fields:
- Name: Pull Qualys Vulnerabilities
- Run: Set your desired frequency (e.g., daily, weekly).

3.2 Script to Pull Data

Add the following script in the Script section of the scheduled job to retrieve data from Qualys:

(function executeScheduledJob(current) {
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setEndpoint('https://<qualys_api_url>/api/2.0/fo/vm/asset/');
restMessage.setHttpMethod('GET');
restMessage.setBasicAuth('your_username', 'your_password');

var response = restMessage.execute();
var responseBody = response.getBody();
var responseCode = response.getStatusCode();

// Check if the request was successful
if (responseCode == 200) {
var responseObject = JSON.parse(responseBody);

// Process vulnerabilities
if (responseObject && responseObject.data) {
for (var i = 0; i < responseObject.data.length; i++) {
var vulnerability = responseObject.data[i];

// Logic to create or update incidents
var incident = new GlideRecord('incident');
incident.initialize();
incident.short_description = 'Vulnerability: ' + vulnerability.title;
incident.description = 'Details: ' + vulnerability.details;
incident.insert();
}
}
} else {
// Log error if the API call fails
gs.error('Qualys API call failed with status code: ' + responseCode);
}
})(current);

Step 4: Create Business Rules and Workflows

4.1 Create a Business Rule

1. Navigate to Business Rules:
- Go to System Definition > Business Rules.

2. Create a New Business Rule:
- Click New and configure the fields:
- Name: Create Incident for High Severity Vulnerability
- Table: Vulnerabilities (or your custom table)
- When: After

3. Set Conditions:
- Define conditions under which the rule will trigger, such as severity levels.

4.2 Script for Business Rule

In the business rule, add the following script to create an incident for high-severity vulnerabilities:

if (current.severity == 'High') {
var incident = new GlideRecord('incident');
incident.initialize();
incident.short_description = 'High Severity Vulnerability: ' + current.title;
incident.description = 'Details: ' + current.details;
incident.insert();
}

Step 5: Test the Integration

1. Run the Scheduled Job:
- Manually trigger the scheduled job to pull data from Qualys.

2. Check Incident Creation:
- Review the incidents created in ServiceNow to ensure they reflect the vulnerabilities fetched from Qualys.

3. Error Logging:
- Check the system logs for any errors that occurred during the integration process.

 Step 6: Monitor and Maintain

- Regular Monitoring: Check the integration periodically to ensure data is being pulled correctly.
- Update Scripts: Modify scripts as necessary, especially if there are changes to API endpoints or data structures.
- Security: Regularly update API credentials and enforce best security practices to protect sensitive information.

Conclusion

Integrating ServiceNow with Qualys can greatly improve your organization’s ability to manage vulnerabilities and respond to security incidents effectively. By following this guide, you can set up a robust integration that automates workflows and enhances security operations.

Resource
- Qualys API Documentation

- [ServiceNow REST API Documentation]
- [ServiceNow Business Rules]

Feel free to customize the scripts and processes based on your organization's needs. If you have further questions or require additional assistance, don’t hesitate to reach out!