Rescan is failing for vulnerabilities

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2025 03:59 AM
Hi Everyone,
We have implemented VR in ServiceNow by integrating with Qualys, it is working fine, however when trying rescan option, the integration if failing with below error
We reached out to HI team about this, they said that
"""Most Probable Cause:
Customer requirement is to bring in vulnerabilities for assets that have the tag 169254048.
When we bring in detections for rescan we pass ips information to only bring the results on ips that were requested for scan.
These ips(assets) are subset of the assets that have this tag 169254048.
As per the Qualys API, we can either pass ips information or the tag information. Not both."""
Hence they suggested below solution
"""""""
1. Open the rest method record.
https://xxxxxxxxx.service-now.com/nav_to.do?uri=sys_rest_message_fn.do?sys_id=a9d2e109o1120034c6b6ar...
2. Provide a different name (for eg, scan results), and do Insert and Stay.
3. Now add HTTP Headers and HTTP Query Parameters that were shipped OOB (i.e except the customer added parameters) and update the record.
4. Open the "Qualys Host Detection Integration" record. Click on Insert and Stay.
5. Under Qualys Rest Details, update Rest method to the one created new. (i.e scan results)
6. Under Schedule tab, update Run field to On-Demand and save the record.
7. Now, from the related list, 'Date Sources'. Click on Edit.
8. Add 'Qualys Vulnerability Import' to the list on the right side and save.
9. Navigate to Vulnerability Scanners. Open the Qualys record.
https://xxxxxxxxxx.service-now.com/nav_to.do?uri=sn_vul_qualys_scanner.do?sys_id=947546809f10220e34r...
10. Set the 'Host Detection integration' with the new job and save the record.
11. Verify that scan works without any issues.
""""""""""
We followed exact steps and created new job along with new rest method. It is working fine when we run the job manually but while using rescan button.
We cannot change the parameters in old job, because the daily job should import data using those parameters. Hence we have created another job without those parameters, however the rescan is still not working and failed rescan runs are showing under old job.
My question is
-Did we miss anything here?
-how to make sure rescan should run according to new job?
Thanks in advance
-Abdul Musavvir
- Labels:
-
Vulnerability Response