Built something you're proud of? Tell the story. A quick G2 review of App Engine or Build Agent helps other developers see what's possible on ServiceNow. Share your experience.

Vulnerabilities present in qualys but not showing in Servicenow

ChilankaS
Tera Expert

a month ago

Hi All,

I’m facing an issue with the Qualys Host Detection integration in our environment and need some guidance on how to troubleshoot it.

Example For the CI “abc 002”, a vulnerability with (Host Id) Source ID - 105025031 exists in Qualys — this has been confirmed with the Qualys team. The Host List Integration in ServiceNow is bringing the asset that corresponds to this CI.

However, the Host Detection (which runs daily) is not importing the corresponding vulnerability record into ServiceNow. The vulnerability was first detected on March 8th, but it still hasn’t appeared in our instance.

So effectively:

  • Host List → Works (CI is discovered and mapped)
  • Host Detection → Missing vulnerability 
  • In what cases would Host Detection skip records even though it exists in Qualys?

Any troubleshooting steps or insights from similar experiences would be really helpful.

Thanks in advance!

0 Helpfuls
  • 1,051 Views
2 REPLIES 2

Nikan Keyhani
Giga Guru

a month ago

Hey Chilanka, 

please check the host that was imported (Discovered Item) and see which CI it was matched to. 

Then verify if any other Qualys hosts have been matched to the same CI. 

If that is the case check if the finding youre searching for is present on that CI and has been added as a detection to the already existing VIT only. 

let me know if this helped or further support is needed, thanks 

0 Helpfuls

ChilankaS
Tera Expert
In response to Nikan Keyhani

3 weeks ago

Hi,

Thanks for the response.

In our environment, some hosts have vulnerabilities reported in Qualys, but they are not appearing in the detection results.

For example, we requested the Qualys team to add a separate tag ID “12345” to the asset “abc 002”, and we configured this tag ID in the "tag_set_include" HTTP parameter of the Qualys integration. This setup is intended to include only assets associated with the specified tag ID.

The inclusion setup is working as expected—we have tested it with other tags as well. However, after running the Host Detection Integration, neither the asset “abc 002” nor its source ID “105025031” appears in the payload.

If you have any insight, could you please help me understand the possible reasons for this behavior? 

 

0 Helpfuls