Third Party Vulnerability Entry (QID)

Go to solution
Khanna Ji
Tera Guru

‎02-05-2019 06:04 PM

I have integrated Qualys with ServiceNow and it started created items and groups with Qualys Ids (QIDs). The issue with these QIDs is that Threat and Solution fields are coming as blank. There must be some information about this third party vulnerability. 

What do you think? Is Qualys sending a blank info or I am missing something?

find_real_file.png

Preview file
33 KB
0 Helpfuls
  • 3,150 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to Khanna Ji

‎02-07-2019 03:27 PM

Yes, this is a Qualys issue. This is common. 

1. Double check that your user account has API Access

        Qualys > User Profile > User Role (Make sure API is checked)

2. Qualys support can turn on the API for you to access if you are entitled. 

 

 

View solution in original post

0 Helpfuls
23 REPLIES 23

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-07-2019 07:34 AM

I have all 19 records in NVD Auto Update and all of them are set to Auto Update to true. I see entries from 2002 to 2018 and Recent and Modified.

I did run the NIST National Vulnerability Database and it says complete and success. 

 

After this I did check for QID Threat and Solution, still it is blank. Do you think Qualys does not have any info in these Ids?

0 Helpfuls

Go to solution
Geeky
Kilo Guru
In response to Khanna Ji

‎02-07-2019 07:37 AM 

I have all 19 records in NVD Auto Update and all of them are set to Auto Update to true. I see entries from 2002 to 2018 and Recent and Modified.


I did run the NIST National Vulnerability Database and it says complete and success. 


 


After this I did check for QID Threat and Solution, still it is blank. Do you think Qualys does not have any info in these Ids?

 

Maybe Qualys does not have the data. 

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to Khanna Ji

‎02-07-2019 12:47 PM

Ok, time to break out curl or Postman and run:

https://qualysapi.qualys.com/api/2.0/fo/knowledge_base/vuln/?action=list&details=All&ids=20092

See if it is returning what you expect. 

- Make sure you have API access

- Make sure of your URL to qualys

- Fine a target KB number in qualys that has the info you are looking for

(In my data feed I have threat and solution from Qualys...)

0 Helpfuls

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-07-2019 01:00 PM

I am trying with this URL 

 

https://qualysapi.qg3.apps.qualys.com/api/2.0/fo/knowledge_base/vuln/?action=list&details=All&ids=115824 

 

Get method

 

Authentication Type :BasicAuth ==> Username and Password

I am getting below info in the body after sending the request. Am I missing something here?

API Notification - Unable to Process Your Request

We are unable to process your Qualys API request.

Be sure to specify the header with your API request. This syntax must be included: "-H X-Requested-With: <user description, like a user agent>"

0 Helpfuls

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-07-2019 01:10 PM

Added the header, now I got the error.

 

2019-02-07T21:08:08Z 2010 You are not allowed to download the KnowledgeBase, please contact your sales representative for more information.

 

What should I do? Shall I ask Quays team to contact Support to provide appropriate permissions?

0 Helpfuls