Setting VIT/VUL to Closed/Deferred

Go to solution
Khanna Ji
Tera Guru

‎02-25-2019 10:52 AM

Hi SecOps experts,

I was just thinking if I set VIT/VUL to Closed/Deferred and if that vulnerability state changes to fixed in Qualys, does that change the state in ServiceNow to closed or fixed or will it be ignored?

Wondering how state changes are handled between ServiceNow and Qualys. 

My understanding is - All VITs will be marked as closed irrespective of the state in ServiceNow once it gets updated as fixed in Qualys

0 Helpfuls
  • 2,192 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-25-2019 12:05 PM

Swathi,

 

The Qualys state will be reflected in ServiceNow. This is done through the script include "QualysHostImportReportProcessor".

 

Search for the section that begins like this....

// Check for state conflict with status
if (!insert) {
// If Qualys status is fixed, state must be closed, fixed
// If Qualys state is not fixed, state must not be closed, fixed

...

 

Please mark this as Correct or Helpful so others can benefit from our conversation.

View solution in original post

15 REPLIES 15

Go to solution
AndrewP
Kilo Expert
In response to Chris McDevitt

‎04-28-2021 07:47 AM

Hi Chris,

 

Looking at the last line of your screenshot (i.e. else if). Would that essentially mean if there are no open detections/states and VI is not already closed? 

We are also having issues with Closed detections not updating the overall VI state to closed. For such VIs we see an initial Open detection and then a Closed detection. I am wondering if the script identifies that initial Open detection and thus statesCount is always ["0"] for us?

 

Thanks!

0 Helpfuls