Qualys Vulnerability Integration - Need few suggestions from experts

Go to solution
James234
Kilo Contributor

‎12-26-2018 07:24 PM

Hi Secops Experts,

I am planning to integrate ServiceNow vulnerability application with Qualys Vulnerabilities for pulling in data to ServiceNow. What is your suggestion for this integration on data consideration.

1) Should I pull all vulnerabilities or based on some date configuration or vulnerability priority? Where would I find a configuration to consider the date range for vulnerabilities?

2) Is it required to consider -  Qualys Appliance List Integration, Qualys Asset Group Integration, Qualys Dynamic Search List Integration, Qualys Host Detection Integration, Qualys Knowledge Base, Qualys Knowledge Base (Backfill), Qualys Static Search List Integration

Please highlight is there is anything else that I need to consider for managing vulnerabilities in ServiceNow?

0 Helpfuls
  • 1,763 Views
1 ACCEPTED SOLUTION

Go to solution
jonathanwalker
ServiceNow Employee
ServiceNow Employee
In response to James234

‎12-28-2018 07:20 AM

Perfect!

So the easiest way to integrate w/ Qualys in London is w/ the Setup assistant

find_real_file.png

 

Once you've configured RBAC to your needs & then entered your Qualys API URL & chosen Qualys as your vulnerability plugin of choice under the 2 tasks in the "System Administration" section...you'll move onto the integration configuration section

find_real_file.png

In this section, when editing Qualys settings, under option #3 - "Host Detection Configuration" you'll have the ability to filter down the number of vulnerabilities you're bringing in, both by severity & by date range (IE:  only bring in vulnerabilities found in the last 90, 180, or 365 days)

find_real_file.png

Hope that helps.

 

View solution in original post

Preview file
81 KB
Preview file
86 KB
Preview file
59 KB
Preview file
28 KB
0 Helpfuls
11 REPLIES 11

Go to solution
Khanna Ji
Tera Guru
In response to jonathanwalker

‎12-28-2018 08:37 PM

Hi Jonathan, Can you share your thoughts on this thread? https://community.servicenow.com/community?id=community_question&sys_id=b5c1b9a1dbee63007d3e02d5ca96199f&isInboxReq=true&anchor=answer_e328deaddb2aa3006c1c02d5ca9619d4&points=
0 Helpfuls

Go to solution
jason_lau
Tera Contributor

‎03-13-2019 08:56 AM

For #1, it depends on the total volume of assets and vulnerabilities you plan on pulling in: if it's a high volume you may want to filter and only include critical/high/medium vulns. If it's lower volume, you may want to include low/info. Info has some good details which I like to reference.. occasionally. You can always over import and filter away in your reports, but if you have a high number of scanned assets and a high number of vulnerabilities to import, you may want to consider only pulling in what you are mandating for remediation. 

 

Hope that helps!

 

Jason

0 Helpfuls