Qualys Integration Runs have inconsistent data

SolomonA
Tera Contributor

3 weeks ago

Hello.

I have a question to VR Qualys experts. We have encountered an issue where the Qualys Integration "Qualys Host Detection Integration" Reports Different data for Both "New items or Updated Items" 

These are successful and complete scan runs. But we are surprised to see different data sets for different each runs on " New items / Updated Items Field. 

We are new to VR implementation and would like to know if this is normal or we have to check the Integration API or Qualys. 

 

Thank you.

SolomonA_0-1764962940258.png

 

0 Helpfuls
  • 183 Views
1 REPLY 1

Ranjane_Omkar
Kilo Sage

3 weeks ago - last edited 3 weeks ago

@SolomonA,

 

It is expected for the count to be different with each integration run. If you suspect an incorrect number of vulnerabilities are being imported, you should verify the data directly from the APIs.

Regarding your question about the count, the list's column header explains what each number represents. If you open a specific record, you will see different sections with their own distinct counts. For more information, please refer to the doc Verify data on integration run. 

 

Ranjane_Omkar_0-1765184999118.jpeg

The Configuration Items tab displays the following information:

  • The Configuration Items tab displays the total number of configuration items that are imported.
  • The New CIs field displays the number of CIs created as a part of this integration run.
  • The Imported CIs field displays the sum of all the CIs in this section.
  • The value of the Ignored CIs field is always 0 for the Vulnerability Response integrations.
  • The Existing CIs field displays the total number of CIs that are already in existence.

Ranjane_Omkar_1-1765185051632.png

The Items tab displays the following information:

  • The Items tab displays the total number of VIs that are imported. You can see the total detections imported by adding the numbers listed on the Detections tab.
  • The New items field displays the number of vulnerable items that are created from this integration run.
  • The Imported items field displays the sum of the all the fields in this section.
  • The Duplicate items field is no longer populated.
  • The Updated items field displays the number of times vulnerable items are updated during this integration run. This value is not the number of unique vulnerable items that are updated. If for example, a vulnerable item is updated two times during the integration run, it is counted two times and displayed as 2 updated items.
  • The Unchanged items field displays vulnerable items found during the integration run that already exist in the database but were not updated, because none of the relevant field values had changed.

Regards

----

If this response was helpful, please select "Accept as Solution" and "Helpful." This helps both the community and me.

0 Helpfuls