- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-03-2019 12:18 AM
Hi,
i want to restrict creation of CI's to service now when Qualys Integration is available.
Solved! Go to Solution.
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-03-2019 04:30 PM
Hi Ashish,
I do not recommend restricting the creation of new CI from the Qualys integration. Why? because the Vulnerable Item formula is:
Vulnerable Item = An Configuration Item + a Vulnerability
Without the CI there is NO Vulnerable Item. Ignoring Vulnerabilities is not really an option.
In Madrid and beyond unmatched CI are placed in the "Discovered Items" Module and the CI class is set to Unmatched CI. The Discovered Items module has a lot of good information to help you either match the incoming CI better or Reclassify the CI.
The Discovered Items module is also super valuable for your Discovery Team. This is a list of all the CI that the Discovery team needs to examine to make their scanning more accurate.
You can also adjust what gets mapped, investigate: sn_sec_cmn_src_cmdb_map.list
Go ahead a smash that helpful or correct button!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-03-2019 11:15 AM
Hi Ashish,
The standard default configuration of the integration will use the CI lookup rules to match the imported Vulnerable Items with Configuration Items in the CMDB, if matched, CI will be a link to CI in cmdb, if not, the CI will be linked to a record in Unmatched CI (sn_sec_cmn_unmatched_ci). One can use the Reclassification process to move this record into the CMDB. So no need to worry about Qualys Integration creating CIs ServiceNow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-03-2019 04:30 PM
Hi Ashish,
I do not recommend restricting the creation of new CI from the Qualys integration. Why? because the Vulnerable Item formula is:
Vulnerable Item = An Configuration Item + a Vulnerability
Without the CI there is NO Vulnerable Item. Ignoring Vulnerabilities is not really an option.
In Madrid and beyond unmatched CI are placed in the "Discovered Items" Module and the CI class is set to Unmatched CI. The Discovered Items module has a lot of good information to help you either match the incoming CI better or Reclassify the CI.
The Discovered Items module is also super valuable for your Discovery Team. This is a list of all the CI that the Discovery team needs to examine to make their scanning more accurate.
You can also adjust what gets mapped, investigate: sn_sec_cmn_src_cmdb_map.list
Go ahead a smash that helpful or correct button!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-07-2020 06:38 AM
I wanted to circle back and share it with those whose information I came upon while trying to find the answer myself. Hopefully, this helps!
It is key to remember that the product is upgraded regularly, so overwriting a system script (ImportHost) will result in it not being overwritten during upgrade, so proceed with caution. It is unfortunate that this cannot be turned off via a System Property or other -- hopefully they will release it in future upgrades.
