Resolving Qualys Vulnerability Integration issues

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Some commonly encountered issues, along with workarounds are discussed.

    Attachments not appearing after import

    If attachments are not appearing as expected for data sources or on a security incident after third-party integration imports, check your IP restrictions.

    IP access restrictions can prevent attachments from being seen unless you are logged in from a safe IP. Since a new attachment is added with each import, this can result in duplicates you have to remove.

    For example, when you run a third-party host import integration, if you do not see any attachments on your data sources, check your IP restrictions and add users to the safe list prior to import.

    Modify transform maps

    Transform maps are provided with base configurations and are sufficient usually. You can modify transform mappings depending on the needs of your organization.

    Avant de commencer

    Role required: sn_vul_qualys.admin + import_admin

    Procédure

    1. Navigate to All > System Import Sets > Administration > Transform Maps to view the REST messages.
    2. Filter the resulting list by application, and limit the list to the Qualys Vulnerability Integration application.
    3. Modify the transform maps per the customer requirements.

      For details on the data provided by the Qualys API, see the Qualys API documentation.

    Check XML attachment property size

    Verifies that the XML attachment property is sufficient for large files.

    Avant de commencer

    Role required: admin

    Procédure

    1. Navigate to All > System Properties > Import Export.
    2. Scroll down to Import Properties > XML Format at the bottom of the page.
      Maximum file size for import
    3. If necessary, change the value to 250 and click Save.

    Data retrieval limitations

    By default, there are no restrictions on how data is retrieved from Qualys. Many records can be related to low severity vulnerabilities that a customer is not willing to remediate using their vulnerability response process. Updating the corresponding REST message/method parameters can modify this behavior.

    The REST message/method responsible for this update is Qualys Host Detection – Standard/post. To update the values, add a new HTTP Query Parameter to the post method with the following values:
    • Name: severities
    • Value: 3-5 (or whatever appropriate severities are desired)

    Resolving Qualys Knowledge Base Integration failure

    Resolve Qualys Knowledge Base Integration failure by reducing the payload attachment size received from Qualys to the specified limit.

    Avant de commencer

    Role required: sn_vul.vulnerability_admin

    Procédure

    1. Ensure that the payload attachment size is within the specified limit.
      1. Navigate to All > Qualys Vulnerability Integration > Integration Instances.
      2. Select the Integration Instance Parameters tab.
      3. Select max_delta_days and modify the default value to 3.
    2. If the integration still fails, perform the following steps:
      1. Navigate to All > Qualys Vulnerability Integration > Primary Integrations.
      2. Select Qualys Knowledge Base.
      3. Select the Integration Details tab.
      4. In the Start time field, select the current date to skip the execution of the run for that day.
      5. Navigate to All > Qualys Vulnerability Integration > Integration Instances.
      6. Select the Integration Instance Parameters tab.
      7. Select kb_backfill_full_import and modify the default value to true.

    Résultats

    Running the Qualys Knowledge Base Backfill integration updates all the third-party entries (TPEs) in the system. While the Qualys Host Detection integration creates a placeholder entry, the Qualys Knowledge Base Backfill integration updates it.