Qualys Vulnerability Integration - Need few suggestions from experts

James234 · ‎12-26-2018

Hi Secops Experts,

I am planning to integrate ServiceNow vulnerability application with Qualys Vulnerabilities for pulling in data to ServiceNow. What is your suggestion for this integration on data consideration.

1) Should I pull all vulnerabilities or based on some date configuration or vulnerability priority? Where would I find a configuration to consider the date range for vulnerabilities?

2) Is it required to consider - Qualys Appliance List Integration, Qualys Asset Group Integration, Qualys Dynamic Search List Integration, Qualys Host Detection Integration, Qualys Knowledge Base, Qualys Knowledge Base (Backfill), Qualys Static Search List Integration

Please highlight is there is anything else that I need to consider for managing vulnerabilities in ServiceNow?

jonathanwalker · ‎12-28-2018

Perfect!

So the easiest way to integrate w/ Qualys in London is w/ the Setup assistant

Once you've configured RBAC to your needs & then entered your Qualys API URL & chosen Qualys as your vulnerability plugin of choice under the 2 tasks in the "System Administration" section...you'll move onto the integration configuration section

In this section, when editing Qualys settings, under option #3 - "Host Detection Configuration" you'll have the ability to filter down the number of vulnerabilities you're bringing in, both by severity & by date range (IE: only bring in vulnerabilities found in the last 90, 180, or 365 days)

Hope that helps.

View solution in original post

jonathanwalker · ‎12-27-2018

Hi James,

I'd like to provide you with the most accurate answer possible.

What version of ServiceNow are you currently running?

Jakarta, Kingston, or London?

If you don't know you can type in stats.do after your instance name (IE: https://jamesinstance.service-now.com/stats.do) and it'll be listed there on the 3rd line.

Thanks!

James234 · ‎12-28-2018

Latest London Patch4

jonathanwalker · ‎12-28-2018

Perfect!

So the easiest way to integrate w/ Qualys in London is w/ the Setup assistant

Once you've configured RBAC to your needs & then entered your Qualys API URL & chosen Qualys as your vulnerability plugin of choice under the 2 tasks in the "System Administration" section...you'll move onto the integration configuration section

In this section, when editing Qualys settings, under option #3 - "Host Detection Configuration" you'll have the ability to filter down the number of vulnerabilities you're bringing in, both by severity & by date range (IE: only bring in vulnerabilities found in the last 90, 180, or 365 days)

Hope that helps.

James234 · ‎12-28-2018

Perfect... Have one question. Does the Configuration Item field also gets populated for vulnerability items even after having no ServiceNow CMDB and Qualys Asset integration? I think it will but just need a confirmation.