Vulnerability Closed-Ignored in Qualys

Suraj Chauhan
Tera Contributor

Hello,

I closed-Ignored the vulnerability in Qualys manually for a reason.

When i ran the Host Detection Integration that particular VIT still shows as Active - Open in Servicenow

Should the Integration set it to Close state in Servicenow too? we are in Qualys Integration v12.1.1

below Screen from Qualys

 

Thank you

@./andy-b2poYQ== 

@Chris McDevitt 

find_real_file.png

 

 

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there - you will need to think about your workflow / process differently here.

You are not able to manage "Qualys Tickets" in Qualys, in a way that reflects onto Vulnerable Items and Detections in ServiceNow.

The Qualys API exposes the Qualys Host Detections from Qualys as either, 'NEW, ACTIVE, FIXED, REOPENED'.  

You will want to look at changing your process, away from Qualys Tickets and --> towards Vulnerable Items, Detections, Remediation Tasks in ServiceNow Vulnerability Response.

In short - modifying Qualys Tickets will not influence the raw Qualys Host Detections used for this integration.  You will want to transition away from Qualys Tickets and use the features ServiceNow Vulnerability Response to manage this process (e.g. Deferrals / Exceptions / False Positive)...

View solution in original post

4 REPLIES 4

Chris McDevitt
ServiceNow Employee
ServiceNow Employee

Hi,

Take a look at the Detections. Is there more then one? Is there an open and a closed with different Detection Keys?

Hi Chris,

there is just 1 detection, i did check the detection table too. Should it typically get closed in Servicenow, when it is manually closed-ignored in Qualys ?

 

find_real_file.png

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there - you will need to think about your workflow / process differently here.

You are not able to manage "Qualys Tickets" in Qualys, in a way that reflects onto Vulnerable Items and Detections in ServiceNow.

The Qualys API exposes the Qualys Host Detections from Qualys as either, 'NEW, ACTIVE, FIXED, REOPENED'.  

You will want to look at changing your process, away from Qualys Tickets and --> towards Vulnerable Items, Detections, Remediation Tasks in ServiceNow Vulnerability Response.

In short - modifying Qualys Tickets will not influence the raw Qualys Host Detections used for this integration.  You will want to transition away from Qualys Tickets and use the features ServiceNow Vulnerability Response to manage this process (e.g. Deferrals / Exceptions / False Positive)...

thank you @./andy-b2poYQ==  for confirming that changing state in Qualys Remediation module wont change the detection/vulnerability in ITSM.