Setting VIT/VUL to Closed/Deferred

Go to solution
Khanna Ji
Tera Guru

‎02-25-2019 10:52 AM

Hi SecOps experts,

I was just thinking if I set VIT/VUL to Closed/Deferred and if that vulnerability state changes to fixed in Qualys, does that change the state in ServiceNow to closed or fixed or will it be ignored?

Wondering how state changes are handled between ServiceNow and Qualys. 

My understanding is - All VITs will be marked as closed irrespective of the state in ServiceNow once it gets updated as fixed in Qualys

0 Helpfuls
  • 2,233 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-25-2019 12:05 PM

Swathi,

 

The Qualys state will be reflected in ServiceNow. This is done through the script include "QualysHostImportReportProcessor".

 

Search for the section that begins like this....

// Check for state conflict with status
if (!insert) {
// If Qualys status is fixed, state must be closed, fixed
// If Qualys state is not fixed, state must not be closed, fixed

...

 

Please mark this as Correct or Helpful so others can benefit from our conversation.

View solution in original post

15 REPLIES 15

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-25-2019 12:05 PM

Swathi,

 

The Qualys state will be reflected in ServiceNow. This is done through the script include "QualysHostImportReportProcessor".

 

Search for the section that begins like this....

// Check for state conflict with status
if (!insert) {
// If Qualys status is fixed, state must be closed, fixed
// If Qualys state is not fixed, state must not be closed, fixed

...

 

Please mark this as Correct or Helpful so others can benefit from our conversation.

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-25-2019 02:22 PM

I found one KB for this. 

 

Did you apply this change in your instance?

 

https://hi.service-now.com/kb_view.do?sys_kb_id=0038d9e5db77db802be0a851ca9619b1&sysparm_rank=1&sysparm_tsqueryId=c4d73756dbbf2b041cd8a345ca9619a7 

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-25-2019 03:30 PM

Good find and no. Which makes me wonder how they validated.... 

🙂

 

0 Helpfuls

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-25-2019 03:36 PM

If you look at the changes, both if and else if conditions look same if we add "!". What is the difference? Solution provided looks weird.

 

      if (!this._statusIsFixed(status) && this._stateIsFixed(vit)) 
     else if (!this._statusIsFixed(status) && this._stateIsFixed(vit))

Afraid to do this change. Are you seeing VITs getting closed in your instance without this change?

0 Helpfuls