Qualys Information Gathered QIDs

nbojj
Tera Contributor

‎03-19-2025 01:01 PM

What's the best way to create a report in ServiceNow using the information gathered QIDs from Qualys? I updated the parameters to ingest the IG QIDs in ServiceNow, this results in the creation of a VIT record which I would like to create a report with. As an example, I want to use the agent detected QID to create a report of devices without the Qualys agent installed. I am curious if anybody else has done this before and what the best method is to approach this.

0 Helpfuls
  • 709 Views
1 REPLY 1

andy_ojha
ServiceNow Employee
ServiceNow Employee

‎03-19-2025 06:12 PM

Hi there,


I don't think there is an expectation that all Assets you import from the Qualys Host List API will be "Agent" based for the Tracking Method - e.g. what about network scans that pick up appliances, routing/switching gear, and so forth...

 

Another way to approach this, would be to ensure all your Qualys Assets using a Qualys Cloud Agent, have a corresponding Qualys Host Tag set on it (which, I believe may be something Qualys does by default, but I might be off).

 

Then, use the Discovered Items table and records to create your query and report.

 

You can either search for:

  • Discovered Items > Resource Tag > [CONTAINS] 'YOUR TAG NAME' 
  • Discovered Items > Resource Tag > [DOES NOT CONTAIN] 'YOUR TAG NAME'

The Resource Tag field is a "GlideList" type field (supports multiple reference values, where that field references the Resource Tag table since a given Host can have multiple Tags)

 

The Discovered Items would solely focus on the Assets or Hosts we bring in from Qualys.

If you want to see what Vulnerable Items are associated to asset without the Cloud Agent, you could similarly do that query from the Vulnerable Item table >> dot-walk to the Discovered Item and do the same query.

 

Reference

 

andy_ojha_0-1742432961348.png

 

0 Helpfuls