Third Party Vulnerability Entry (QID)

Go to solution
Khanna Ji
Tera Guru

‎02-05-2019 06:04 PM

I have integrated Qualys with ServiceNow and it started created items and groups with Qualys Ids (QIDs). The issue with these QIDs is that Threat and Solution fields are coming as blank. There must be some information about this third party vulnerability. 

What do you think? Is Qualys sending a blank info or I am missing something?

find_real_file.png

Preview file
33 KB
0 Helpfuls
  • 3,140 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to Khanna Ji

‎02-07-2019 03:27 PM

Yes, this is a Qualys issue. This is common. 

1. Double check that your user account has API Access

        Qualys > User Profile > User Role (Make sure API is checked)

2. Qualys support can turn on the API for you to access if you are entitled. 

 

 

View solution in original post

0 Helpfuls
23 REPLIES 23

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee
In response to Khanna Ji

‎02-07-2019 12:57 PM

You can look at the raw XML data that pertains to the Qualys Knowledge Base payload, that was sent to ServiceNow from Qualys, to do some further investigating...  You can validate if the relevant information is there, and see if there are any "API error messages" in the payload as well.

Also, have you tried running the Qualys Knowledge Base Backfill job yet?

find_real_file.png

 

find_real_file.png

Preview file
126 KB
Preview file
158 KB
0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-06-2019 06:51 AM

 

Swathi,

Here is the load order for this data:

1. Load the CWE Data: Vulnerability > Administration > Integrations Then CWE Comprehensive 2000 Integrations (Run this job)

- Wait for it to complete

 

2. NVD data: Vulnerability > Administration > NVD Auto-update

- Load everything it is small

- Make sure you add any missing years (copy an existing entry and update the URL: https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2017.xml.zip)

- Wait for it to complete

 

3. Qualys Knowledge Base: Qualys Vulnerability Integration > Administration > Primary Integrations Then Qualys Knowledge Base (Run this job)

- Assume that you set up Qualys integration

- Wait for the job to complete

 

You can re-run these jobs to grab the data.

 

Troubleshooting:

Download Postman and pull a single KB and make sure the info is coming over:

https://qualysguard.qualys.com/api/2.0/fo/knowledge_base/vuln/?action=list&details=All&ids=176509

(Your URL may vary)

 

Please mark this as helpful or correct so others can benefit from our conversation.

 

 

 

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-06-2019 07:40 AM 

1. Load the CWE Data: Vulnerability > Administration > Integrations Then CWE Comprehensive 2000 Integrations (Run this job)


- Wait for it to complete

I have done this just now but I do not see any data.

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-06-2019 09:20 AM

Should populate here:

find_real_file.png

Preview file
115 KB
0 Helpfuls

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-06-2019 10:20 AM

I see data here, 1138 records in my system.

 
 
0 Helpfuls