Split Qualys detections based on vulnerability instance

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:2分

    • Vulnerability Response allows you to split detections from Qualys scanners, creating a unique Vulnerable Item (VIT) for each detected vulnerability instance. This supports more precise assignment to remediation teams and improves vulnerability management and tracking.

    始める前に

    Role required: admin

    このタスクについて

    The Qualys scanner payload includes detection data with proof details. Each path in the proof is used to identify and split vulnerability instances. The output tag in the payload indicates the location of the vulnerability, enabling accurate separation and management of detections.

    手順

    1. Enable detection splitting
      1. Navigate to the Third-party Integration table [sn_sec_int_integration].
      2. Open the record for Qualys Cloud Platform.
      3. Set the Include proof VI key to true.
      4. Save the record.
    2. オプション: Exclude specific QIDs from detection splitting
      1. Open the system property [sn_vul_qualys.skip_split_detection_ids].
      2. In the Value field, enter a comma-separated list of QIDs you want to exclude from splitting.
        注:
        By default, the following QIDs are excluded from splitting due to the volume of their findings: QID-989920, QID-993308, QID-5001711, QID-5001632.
      3. Save the property.
    3. Ensure QIDs are listed for splitting
      1. Navigate to the Proof Key Vulnerability List table [sn_vul_proof_key_vulnerability_list].
      2. Verify that the QIDs you want to split are listed.

    タスクの結果

    After executing the Qualys Host Detection Integration, detections are split based on proof, creating individual Vulnerable Items (VITs) for each vulnerability instance. You can verify the results in the Vulnerability Item Detections table [sn_vul_detection_list], where each detection appears as a separate record.