Third Party Vulnerability Entry (QID)

Khanna Ji · ‎02-05-2019

I have integrated Qualys with ServiceNow and it started created items and groups with Qualys Ids (QIDs). The issue with these QIDs is that Threat and Solution fields are coming as blank. There must be some information about this third party vulnerability.

What do you think? Is Qualys sending a blank info or I am missing something?

Chris McDevitt · ‎02-07-2019

Yes, this is a Qualys issue. This is common.

1. Double check that your user account has API Access

Qualys > User Profile > User Role (Make sure API is checked)

2. Qualys support can turn on the API for you to access if you are entitled.

View solution in original post

andy_ojha · ‎02-05-2019

Hey Swathi,

Agree - it appears that something is not right here.

Out of curiosity, do you recall if if you ran the 'Qualys Knowledge Base' integration job, before executing the 'Qualys Host Detection Integration'.

The first time you run the 'Qualys Knowledge Base' job - it does take some time to populate the 'Third-Party Entry' table.

I wonder if by chance the 'Qualys Host Detection Job' got executed without the 'Qualys Knowledge Base' job finishing.

- Are you on London?

- Are your Qualys Integration jobs configured with the 'Run as' User set to "VR.System"? You can check by going to Qualys Vulnerability Integration -> Administration -> Primary Integrations ... then personalizing the columns to include "Run as"..

- If you navigate to Qualys Vulnerability Integration -> Administration -> Primary Integrations -> Qualys Knowledge Base -> Scroll down and look at the "Vulnerability Integration Runs" section / tab ... What do you see there? Are there any records that show State = Complete?

- If you navigate to Vulnerability -> Libraries -> Third-Party ... How many QID records are present? Do any of these QID records have a value in Threat or Solution?

- What happens if you execute the 'Qualys Knowledge Base (Backfill)' integration job via Qualys Vulnerability Integration -> Administration -> Primary Integrations -> Qualys Knowledge Base (Backfill) - do you see QID entries being populated with Summary, Threat, Solution, etc? - after this is finished running?

Khanna Ji · ‎02-05-2019

Run as is VR.System, I don't remember is I ran host detection without knowledge. I have rerun the Knowledge Base and Backfill and I see New Item = 0 and Updated Item = 0

Any thoughts? How can I get the data?

Khanna Ji · ‎02-05-2019

I remember, Knowledge Base job is executed first and then host because in the Setup Assistance - Knowledge will be imported first and then host detection.

Khanna Ji · ‎02-06-2019

Isn't there a way to get the data?