Components installed with the Qualys Integration for Security Operations

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Components Installed with the Qualys Integration for Security Operations

    The Qualys Integration for Security Operations facilitates the integration of Qualys services with ServiceNow's Configuration Compliance module. This integration includes various roles, scheduled jobs, and tables that enhance security operations by automating the retrieval of compliance data and facilitating efficient management of vulnerabilities.

    Show full answer Show less

    Key Features

    • Installed Roles:
      • snvulqualys.read: Grants read access to Qualys Vulnerability Integration records.
      • snvulqualys.user: Allows users to read and write records related to the integration.
      • snvulqualys.admin: Provides administrative capabilities for modifying integration settings.
      • snvul.vulnerabilityanalyst: Role designed for vulnerability analysis tasks.
      • snvul.configurequalysintegration: Enables configuration of the Qualys Vulnerability Integration.
    • Scheduled Jobs:
      • Qualys PC Policies: Retrieves policies from Qualys and stores them in the snvulcpolicy table.
      • Qualys PC Policies Detail: Fetches detailed information about policies.
      • Qualys PC Controls: Retrieves compliance control information from Qualys.
      • Qualys PC Results: Imports compliance posture records, including host information and test results.
      • Qualys PC Comprehensive Results: Gathers records for compliance evaluations that did not pass.
      • Qualys PCRS Policy Host Integration: Imports host data from Qualys, requiring configuration of specific parameters before use.
      • Qualys PCRS Test Results Integration: Retrieves individual test results for host IDs, dependent on prior jobs.
    • Installed Tables:
      • snvulqualyspcresultimport: Table for processing imported results directly with an onComplete script.
      • snvulqualyspolicyhostid: Maps policies to scanned hosts, relevant for PCRS integration.
      • snvulqualyspcrspolicyhostimport: Another import table processing results through an onComplete script.
      • snvulqualyspcpolicyimport: Similar to the previous import tables, designed for policy data.

    Key Outcomes

    By utilizing the Qualys Integration, ServiceNow customers can streamline their compliance and vulnerability management processes, ensuring timely access to critical security information. The integration supports automated data retrieval, allowing for enhanced operational efficiency and improved compliance posture assessment within the organization.

    The following roles, scheduled jobs, and tables are installed with the Qualys Integration for Security Operations.

    Note:
    The Application Files table lists the components that are installed with this application. For instructions on how to access this table, see Find components installed with an application.

    View filtered lists for components installed with an application

    Filter the Applications Files table so that only the roles, scheduled jobs, and tables that are installed with an application are displayed. The application you want to view these components for should be installed so that its files are loaded onto the instance and into the metadata table. Follow these steps to view filtered lists from the Applications Files table.

    1. In the filter navigator, enter sys_metadata.list to navigate to the metadata table.
    2. Select the condition builder (filter icon), and select, Application > is followed by the name of your application. For example, Application > is > Vulnerability Response.
    3. In the condition builder, to add a second filter, select AND, then select, Class > is a and choose one of the following classes from the list: Role, Scheduled job, or Table.
    4. Select Run.

    The results for the class you selected are displayed in a filtered list.

    Roles installed

    Role title [name] Description Contains roles
    sn_vul_qualys.read Has read access to the Qualys Vulnerability Integration records.
    sn_vul_qualys.user User for Qualys Vulnerability Integration. Can read and write records sn_vul_qualys.read
    sn_vul_qualys.admin Administrator forQualys Vulnerability Integration. For example, you can modify integration start dates and perform some advanced configuration settings.
    • sn_vul_qualys.user
    • sn_vul.vulnerability_analyst
    sn_vul.configure_qualys_integration Can configure the Qualys Vulnerability Integration sn_vul_qualys.admin

    Integration jobs installed

    Scheduled job Description
    Qualys PC Policies Retrieves Policies from Qualys. The output is stored in the sn_vulc_policy table. The API used in this integration does not support pagination, so all policies are downloaded on a single page.
    Qualys PC Policies Detail Retrieves the complete policy details, such as technologies and sections, for example.
    Qualys PC Controls Retrieves compliance controls information for different control IDs from Qualys.
    Qualys PC Results Retrieves compliance posture records from Qualys. The output of this integration is Test Results. By default, the parameter details are passed to import host information, last scan dates/times, control ID, and evidence information.
    Qualys PC Comprehensive Results

    Retrieves compliance posture records from Qualys based on the last evaluation date for the test results that are not passed. This job runs once a week.

    The output of this integration is test results. By default, the parameter details are passed to import the host information, last scan dates/times, control ID, and evidence information.
    Qualys PCRS Policy Host Integration Retrieves host data from Qualys and processes it in your instance.

    The output of this integration is policy host IDs.

    The Qualys host data is imported in this integration.

    Note:
    • This scheduled job appears only when Configuration Compliance is installed.
    • Configure the gateway_url and pcrs_page_size integration instance parameters before running this integration.

    These two integrations will be inactive OOB. If you activate either one of these integrations, the PC Results integrations will get deactivated. These two integrations are added based on the new streaming APIs from Qualys.
    Qualys PCRS Test Results Integration Retrieves the test results for each host ID. This integration uses the Start Time parameter in the Integration Details tab.
    Note:
    • This scheduled job appears only when Configuration Compliance is installed.
    • Configure the gateway_url and pcrs_page_size integration instance parameters before running this integration.
    • If you choose to run the integration manually, run Qualys PCRS Test Results Integration after Qualys PC Policies, Qualys PC Policies Detail and Qualys PCRS Policy Host Integration.
    Note:
    The Qualys PCRS Policy Host and Qualys PCRS Test Results integrations are inactive by default. These two integrations are based on the new streaming APIs from Qualys. If you activate any one of these integrations, the PC Results integration will be deactivated and vice versa.

    Tables installed

    Table Description
    Qualys PC Result Import

    sn_vul_qualys_pc_result_import

    		 Table extending the import set row. Field maps transformation is skipped and the response attachment is processed directly with the onComplete script.
    Policy Host Id

    sn_vul_qualys_policy_host_id

    		 Table storing the mapping between the Policy and the host for which this policy was scanned. This table is used in the new Qualys PCRS integration.
    Note:
    This table is appears only when Configuration Compliance is installed.
    Qualys PCRS Policy Host Import

    sn_vul_qualys_pcrs_policy_host_import

    		 Table extending the import set row. Field map transformation is skipped and the response attachment is processed directly with the onComplete script.
    Note:
    This table appears only when Configuration Compliance is installed.
    Qualys PC Policy Import

    sn_vul_qualys_pc_policy_import

    		 Table extending the import set row. Field map transformation is skipped and the response attachment is processed directly with the onComplete script.