Qualys Internal web application vulnerabilities not synched to snow

bharanikumar20 · ‎07-18-2024

Qualys web application scan has reported a Low vulnerability which was not synched with snow.

We couldn't find any VIT record created for this vulnerability.

Do we have any specific criteria to create VIT records

andy_ojha · ‎07-18-2024

Hey there,

The ServiceNow built Store Application for Qualys

Qualys Integration for Security Operations (built by ServiceNow)
Primarily focuses on Qualys VM, and uses the Qualys Host Detection APIs to import "infrastructure" flavor types of Vulnerabilities (e.g. servers, network gear, computers, - via scans, cloud agents, etc).
It can also connect to Qualys PC for Policy Compliance / secure configuration (hardening) results and findings

A separate integration approach and ServiceNow Store Application, targets the Qualys WAS

Vulnerability Response Integration with Qualys WAS
This is built and supported by Qualys
You will need to work with your ServiceNow Platform Team - to request the Store App (as it is built by a 3rd party)
- Once the request is approved, you can proceed to installation and setup
It imports Qualys Web Application Vulnerabilities into ServiceNow SecOps "Application Vulnerability Response"

bharanikumar20 · ‎07-18-2024

I would like to know the reason , why vulnerable items are not getting created for low vulnerability

Satishkumar B · ‎07-22-2024

Hi @bharanikumar20
can you share me the below screenshot configuration which you have done.

……………………………………………………………………………………………………

Please Mark it helpful👍 and Accept Solution✔️!! If this helps you to understand.

bharanikumar20 · ‎07-22-2024

Hi @Satishkumar B , Thanks for your time, Here is the screenshot which you have requested.