Simple way of 1:1 mapping of QDS into Risk score?

Bla_ena
Tera Contributor

I configured QualysHostDetectionIntegration to import QDS (Qulays Detection Score) and populate the custom QDS field on the Detections and VITs tables. Now I'd like to use the QDS value to calculate the Risk Score.

I can think of these two ways to achieve that, but I hope that someone here will suggest an easier way:
1. Writing a new scripted vulnerability calculator rule.

2. Adding 100 lines to Risk Calculator criteria for the QDS range 1-100 to set the Risk score values 1-100.

All that just for 1:1 maping of QDS to Risk Score.

Is there any more elegant and simple way to achieve the same, please?

 

 

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,


What version of the Qualys VR Store App are you working with?

Have you seen the release notes for the Feb 2023 Enhancements to the Qualys VR Store App?


You may want to try this out as an alternative to doing this with the custom fields you mentioned 
-> The `Source detection score` field on the Detections will have the individual QDS score 
-> The `Source risk score` field on the Vulnerable Item will have the rolled up / highest QDS set on it 

 

From there - you could investigate using the `Source risk score` field value on the Vulnerable Items, to set the Vulnerable Item Risk Score value in your calculator - just keep in mind, a given Vulnerable Item can have multiple Detections (associated to it), possibly spanning different QDS scores too across those Detections.

 

The Qualys QDS (0-100) would map to the VR VI Risk Score (0-100) 

 -> You could start testing with something like `current.risk_score = current.source_risk_score` in the scripted VR Calculator - i.e. you don't need 100 lines of code...
 -> You may need a fallback for the scenario where you are not presented with a rolled up QDS (consider the Qualys Vuln Severity, CMDB data, etc)

View solution in original post

2 REPLIES 2

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there,


What version of the Qualys VR Store App are you working with?

Have you seen the release notes for the Feb 2023 Enhancements to the Qualys VR Store App?


You may want to try this out as an alternative to doing this with the custom fields you mentioned 
-> The `Source detection score` field on the Detections will have the individual QDS score 
-> The `Source risk score` field on the Vulnerable Item will have the rolled up / highest QDS set on it 

 

From there - you could investigate using the `Source risk score` field value on the Vulnerable Items, to set the Vulnerable Item Risk Score value in your calculator - just keep in mind, a given Vulnerable Item can have multiple Detections (associated to it), possibly spanning different QDS scores too across those Detections.

 

The Qualys QDS (0-100) would map to the VR VI Risk Score (0-100) 

 -> You could start testing with something like `current.risk_score = current.source_risk_score` in the scripted VR Calculator - i.e. you don't need 100 lines of code...
 -> You may need a fallback for the scenario where you are not presented with a rolled up QDS (consider the Qualys Vuln Severity, CMDB data, etc)

Bla_ena
Tera Contributor

Hi Andy,

I was aware of the documentation and KB article you provided. But I missed the information that QDS will be stored in Detections and VI tables and therefore I do not need to create and populate the custom QDS fields. Although I might keep them to avoid renaming the two OOB fields in case of further changes in the future VR versions.

 

I used the code you provided for the scripted VR Calculator and it did exactly what I needed. Thank you!

I'm already discussing with the customer how to handle VIs with blank QDS. Thank you for pointing that out as well.