Qualys integration with Configuration Compliance

Release version: Xanadu

Updated December 4, 2025

3 minutes to read

Summarize

Summarized using AI

Summary of Qualys integration with Configuration Compliance

The Qualys integration with ServiceNow Configuration Compliance enables automated collection and analysis of configuration compliance data. This integration seamlessly connects Qualys Policy Compliance with ServiceNow’s Configuration Compliance and Vulnerability Response applications to map configuration findings to configuration items (CIs) and business services. It consolidates data from multiple Qualys Cloud Platform deployments, reconciles assets and vulnerabilities with your CMDB, and provides a unified view of vulnerability data within ServiceNow.

Show full answer Show less

Key Features

Multiple Deployment Support: Add separate integrations for multiple Qualys Cloud Platform deployments, with asset and vulnerability data consolidated and reconciled across deployments even if scan processes overlap.
Host Tags Management: Host tags imported through the Qualys Host List integration are used for filtering in Vulnerability Response, Assignment, and Vulnerability Group Rules. Tags are case-insensitive and controlled via a global system property, enabling organized asset tracking and targeted scanning.
Test Group Association: By enabling the snvulc.addpolicyaskey system property, tests are associated with their test groups, facilitating easier identification and differentiation of test results within Configuration Compliance.
Passed Test Results Handling: Starting in Configuration Compliance version 15.2.5, an integration parameter allows ignoring passed test results during import if desired, without affecting the closure of previously failed test results that have since passed.
API Credential Management: Supports assigning different Qualys API credentials for Configuration Compliance integrations through the ServiceNow Setup Assistant when multiple credentials are needed.
Qualys PCRS Parameters: From version 12.6.3, supports importing test results using new Qualys PCRS Policy Host and Test Results integrations that require gateway URLs for data retrieval.
Unique CI Updates: Automatically update configuration items and discovered/vulnerable items with network partition identifiers to distinguish assets sharing IP addresses, improving vulnerability detail and accuracy.
Customizable Import Filters: Enables refinement of vulnerability data import by setting additional filter parameters on scheduled Qualys vulnerability queries.
Monitoring and Troubleshooting: Provides graphical integration run status views and uses Qualys REST messages to fetch compliance data, along with documented common issues and workarounds.

Practical Benefits for ServiceNow Customers

This integration streamlines vulnerability and compliance data management by automatically syncing Qualys findings into ServiceNow CMDB and compliance applications, allowing customers to:

Gain consolidated, accurate visibility of asset vulnerabilities and compliance status across multiple Qualys deployments.
Use host tags to organize assets and tailor vulnerability response workflows efficiently.
Improve test result analysis and reporting through test group associations.
Control and customize the import of test results, including the option to exclude passed tests to reduce noise.
Confidently manage API credentials and adapt to evolving Qualys API capabilities.
Ensure distinct identification of assets sharing IP addresses for precise vulnerability tracking.
Monitor integration health and troubleshoot issues proactively.

The Qualys Policy Compliance collects the data and automatically sends it to the Qualys application, which continuously analyzes and correlates the information. It easily integrates as the Qualys Integration for Security Operations to map configuration findings to CIs and business services to determine the impact and priority of potential misconfigurations.

If you have multiple deployments of the Qualys Cloud Platform application, you can add an integration for each deployment. Assets, identified by multiple third-party deployments and their vulnerabilities, are consolidated and reconciled with your CMDB. This consolidation happens even when scan processes overlap between the multiple deployments. Data sourced from each deployment is identified and available in a single instance of Vulnerability Response.

Note:

You cannot delete the original vulnerability integration, but you can disable it. Integrations created from inactive templates are disabled by default.

Host tags

All host tags are imported as part of the Qualys Host List integration. Host tags are used primarily for filtering in Vulnerability Response Assignment and Vulnerability Group Rules. They are displayed in the Discovered Item form.

Note:

The Qualys Host List integration should be run prior to creating the Assignment or Remediation Task Rules in Vulnerability Response so that all tags can be present in the rules and before vulnerable items are imported and grouped.

Tag storage is not case-sensitive. If a San Diego tag is created, then a SAN DIEGO tag cannot be stored in the Host tag table. “San Diego” and “SAN DIEGO” are considered to be the same host tag. Whichever tag was imported first wins.
Using host tags as a Group Key in a Remediation Task Rule can have unexpected results. Host tags are intended for use only in the condition builder.
Host tags are controlled by the global system property sn_vul.import_host_tags. This property is set to true by default. Turning off tags turns them off across all instances.

Host tags (also called asset tags) are used for organizing and tracking the assets in your organization. You can assign tags to your host assets. Then, when launching scans, you can select tags associated with the hosts you want to scan. The Host Tags module enables you to download host tag data from Qualys to your instance on a scheduled basis.

Associating a Test with its Test Group

To populate the Test group field on a Test form, enable the sn_vulc.add_policy_as_key system property. For more information on how a test is associated to its test group, impact of enabling this system property and post-requisites, see KB1644268 article.

Warning:

You cannot disable the sn_vulc.add_policy_as_key system property once it is enabled. So, review the Impact section in the KB1644268 article before you enable this system property.

When you enable this system property, after the next ingestion, the Test group field is added on the Test table and it populates the test group to which a test belongs to. Therefore, you can easily:

identify the Test Group to which a Test Result belongs to by dot-walking from Test to Test Group.
differentiate Test records with same Test id that are associated with different Test Groups.

Integrating Qualys with the ServiceNow® Configuration Compliance application

Ignore passed test results

Starting with v15.2.5 of Configuration Compliance, the ignore_passed_result integration instance parameter for the Qualys Integration for Security Operations has been added.This parameter is set to false by default so that passed test results imported by Qualys are not ignored.

Set the parameter to true to ignore passed test results on import.
If activated, this parameter does not impact the closure of the test results.
For example, if you activate the parameter, and a failed test result from a previous import has since passed, it will be closed correctly.

API credentials

If the Qualys Vulnerability Integration is already installed on your system, and your API credentials are different than the ones you want to use for Configuration Compliance, go into Setup Assistant (in Vulnerability Response) and assign them to each Qualys PC integration.

Navigate to All > Qualys Vulnerability Integration > Primary Integrations and edit the Qualys API Credentials field under the Qualys REST Details tab.