Vulnerability Closed-Ignored in Qualys

Go to solution
Suraj Chauhan
Tera Contributor

‎02-16-2022 03:17 PM

Hello,

I closed-Ignored the vulnerability in Qualys manually for a reason.

When i ran the Host Detection Integration that particular VIT still shows as Active - Open in Servicenow

Should the Integration set it to Close state in Servicenow too? we are in Qualys Integration v12.1.1

below Screen from Qualys

 

Thank you

@./andy-b2poYQ== 

@Chris McDevitt 

find_real_file.png

 

 

Labels:
Preview file
14 KB
0 Helpfuls
  • 1,150 Views
1 ACCEPTED SOLUTION

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee

‎02-17-2022 07:44 AM

Hey there - you will need to think about your workflow / process differently here.

You are not able to manage "Qualys Tickets" in Qualys, in a way that reflects onto Vulnerable Items and Detections in ServiceNow.

The Qualys API exposes the Qualys Host Detections from Qualys as either, 'NEW, ACTIVE, FIXED, REOPENED'.  

You will want to look at changing your process, away from Qualys Tickets and --> towards Vulnerable Items, Detections, Remediation Tasks in ServiceNow Vulnerability Response.

In short - modifying Qualys Tickets will not influence the raw Qualys Host Detections used for this integration.  You will want to transition away from Qualys Tickets and use the features ServiceNow Vulnerability Response to manage this process (e.g. Deferrals / Exceptions / False Positive)...

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-16-2022 04:28 PM

Hi,

Take a look at the Detections. Is there more then one? Is there an open and a closed with different Detection Keys?

0 Helpfuls

Go to solution
Suraj Chauhan
Tera Contributor
In response to Chris McDevitt

‎02-16-2022 04:33 PM

Hi Chris,

there is just 1 detection, i did check the detection table too. Should it typically get closed in Servicenow, when it is manually closed-ignored in Qualys ?

 

find_real_file.png

Preview file
21 KB
0 Helpfuls

Go to solution
andy_ojha
ServiceNow Employee
ServiceNow Employee

‎02-17-2022 07:44 AM

Hey there - you will need to think about your workflow / process differently here.

You are not able to manage "Qualys Tickets" in Qualys, in a way that reflects onto Vulnerable Items and Detections in ServiceNow.

The Qualys API exposes the Qualys Host Detections from Qualys as either, 'NEW, ACTIVE, FIXED, REOPENED'.  

You will want to look at changing your process, away from Qualys Tickets and --> towards Vulnerable Items, Detections, Remediation Tasks in ServiceNow Vulnerability Response.

In short - modifying Qualys Tickets will not influence the raw Qualys Host Detections used for this integration.  You will want to transition away from Qualys Tickets and use the features ServiceNow Vulnerability Response to manage this process (e.g. Deferrals / Exceptions / False Positive)...

0 Helpfuls

Go to solution
Suraj Chauhan
Tera Contributor
In response to andy_ojha

‎02-21-2022 08:42 AM

thank you @./andy-b2poYQ==  for confirming that changing state in Qualys Remediation module wont change the detection/vulnerability in ITSM. 

0 Helpfuls