- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-17-2023 09:57 AM
I configured QualysHostDetectionIntegration to import QDS (Qulays Detection Score) and populate the custom QDS field on the Detections and VITs tables. Now I'd like to use the QDS value to calculate the Risk Score.
I can think of these two ways to achieve that, but I hope that someone here will suggest an easier way:
1. Writing a new scripted vulnerability calculator rule.
2. Adding 100 lines to Risk Calculator criteria for the QDS range 1-100 to set the Risk score values 1-100.
All that just for 1:1 maping of QDS to Risk Score.
Is there any more elegant and simple way to achieve the same, please?
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2023 05:10 AM
Hey there,
What version of the Qualys VR Store App are you working with?
Have you seen the release notes for the Feb 2023 Enhancements to the Qualys VR Store App?
- There is a new enhancement that provides the ability to fetch the Qualys QDS for Detections
- It also allows for fetching some of the asset scores as well from Qualys (ACS, ARS)
- https://docs.servicenow.com/bundle/store-release-notes/page/release-notes/store/security-operations/...
- https://docs.servicenow.com/bundle/utah-security-management/page/product/secops-integration-vr/qualy...
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1220531
You may want to try this out as an alternative to doing this with the custom fields you mentioned
-> The `Source detection score` field on the Detections will have the individual QDS score
-> The `Source risk score` field on the Vulnerable Item will have the rolled up / highest QDS set on it
From there - you could investigate using the `Source risk score` field value on the Vulnerable Items, to set the Vulnerable Item Risk Score value in your calculator - just keep in mind, a given Vulnerable Item can have multiple Detections (associated to it), possibly spanning different QDS scores too across those Detections.
The Qualys QDS (0-100) would map to the VR VI Risk Score (0-100)
-> You could start testing with something like `current.risk_score = current.source_risk_score` in the scripted VR Calculator - i.e. you don't need 100 lines of code...
-> You may need a fallback for the scenario where you are not presented with a rolled up QDS (consider the Qualys Vuln Severity, CMDB data, etc)

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2023 05:10 AM
Hey there,
What version of the Qualys VR Store App are you working with?
Have you seen the release notes for the Feb 2023 Enhancements to the Qualys VR Store App?
- There is a new enhancement that provides the ability to fetch the Qualys QDS for Detections
- It also allows for fetching some of the asset scores as well from Qualys (ACS, ARS)
- https://docs.servicenow.com/bundle/store-release-notes/page/release-notes/store/security-operations/...
- https://docs.servicenow.com/bundle/utah-security-management/page/product/secops-integration-vr/qualy...
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1220531
You may want to try this out as an alternative to doing this with the custom fields you mentioned
-> The `Source detection score` field on the Detections will have the individual QDS score
-> The `Source risk score` field on the Vulnerable Item will have the rolled up / highest QDS set on it
From there - you could investigate using the `Source risk score` field value on the Vulnerable Items, to set the Vulnerable Item Risk Score value in your calculator - just keep in mind, a given Vulnerable Item can have multiple Detections (associated to it), possibly spanning different QDS scores too across those Detections.
The Qualys QDS (0-100) would map to the VR VI Risk Score (0-100)
-> You could start testing with something like `current.risk_score = current.source_risk_score` in the scripted VR Calculator - i.e. you don't need 100 lines of code...
-> You may need a fallback for the scenario where you are not presented with a rolled up QDS (consider the Qualys Vuln Severity, CMDB data, etc)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-19-2023 08:27 AM
Hi Andy,
I was aware of the documentation and KB article you provided. But I missed the information that QDS will be stored in Detections and VI tables and therefore I do not need to create and populate the custom QDS fields. Although I might keep them to avoid renaming the two OOB fields in case of further changes in the future VR versions.
I used the code you provided for the scripted VR Calculator and it did exactly what I needed. Thank you!
I'm already discussing with the customer how to handle VIs with blank QDS. Thank you for pointing that out as well.