Third Party Vulnerability Entry (QID)

Khanna Ji
Tera Guru

I have integrated Qualys with ServiceNow and it started created items and groups with Qualys Ids (QIDs). The issue with these QIDs is that Threat and Solution fields are coming as blank. There must be some information about this third party vulnerability. 

What do you think? Is Qualys sending a blank info or I am missing something?

find_real_file.png

1 ACCEPTED SOLUTION

Yes, this is a Qualys issue. This is common. 

1. Double check that your user account has API Access

        Qualys > User Profile > User Role (Make sure API is checked)

2. Qualys support can turn on the API for you to access if you are entitled. 

 

 

View solution in original post

23 REPLIES 23

Perfect, that is the exact same count I have.

 

Chris McDevitt
ServiceNow Employee
ServiceNow Employee

Check your run status:

find_real_file.png

I did check this, it shows Complete and Success

Ok, on to step 2.

- Fill in any missing years by copying (insert/stay) from an existing record and update the url:

https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2017.xml.zip --> https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2018.xml.zip

- Make sure that all that everything is set to Automatically Update = True

- Then: Vulnerability > Administration > Integrations and open "NIST National Vulnerability Database" and execute the job.

- Wait for it to complete.

I have all 19 records in NVD Auto Update and all of them are set to Auto Update to true. I see entries from 2002 to 2018 and Recent and Modified.

I did run the NIST National Vulnerability Database and it says complete and success. 

 

After this I did check for QID Threat and Solution, still it is blank. Do you think Qualys does not have any info in these Ids?