Preparing for the Qualys Vulnerability Integration

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Preparing for the Qualys Vulnerability Integration

    This guide helps ServiceNow customers prepare for integrating the Qualys Vulnerability solution with the Vulnerability Response application. Proper preparation ensures a smooth and efficient import of vulnerability data from Qualys Cloud Platform scans into ServiceNow. It is critical to complete pre-integration tasks, validate system sizing, and configure settings before running the integration to avoid performance issues and ensure accurate vulnerability management.

    Show full answer Show less

    Key Preparation Steps

    • Instance Sizing: Confirm your ServiceNow instance is sized to handle the expected volume of vulnerable items. Contact Customer Service and Support if sizing is unknown to prevent slow load times.
    • Data Filtering: Use filters to limit the number of items imported initially and phase deployment by adjusting filters for subsequent imports.
    • Scanner Activation: Note that Qualys scanners are deactivated by default in Vulnerability Response, disabling rescan options on related tasks until activated.
    • Start Date Configuration: Set an initial start date for importing vulnerabilities, ideally matching your last Qualys scan date, or earlier to include prior vulnerabilities. This should align with your scanning cycle duration.
    • User Roles and Permissions: Assign users to admin roles including snvuln.admin and snvulqualys.admin to manage the integration. Use the default run-as user VR.System and do not modify it.
    • Vulnerability Calculators: Disable the default and any additional vulnerability calculators if not used, to improve import performance by reducing processing overhead.
    • Business Rule Management: Temporarily disable notification-related business rules before the initial import to prevent excessive notifications and performance degradation.
    • Scanner Selection: If not using the default Qualys scanner, configure alternative scanner appliances as needed.
    • Credentials and Access: Prepare your Qualys server URL and ensure authentication credentials have sufficient permissions to retrieve scan and vulnerability data.
    • Host Tag Dependencies: Run the Qualys Host List integration before creating any assignment or remediation rules that rely on host tags.

    Practical Benefits

    By following these preparation steps, ServiceNow customers can expect a streamlined integration process that minimizes performance issues and ensures accurate vulnerability data import. This readiness supports effective vulnerability tracking, assignment, and remediation within the ServiceNow Vulnerability Response framework, enabling stronger security posture management.

    A successful integration requires planning and careful execution of pre-integration tasks. It is essential that you prepare for the integration by performing these procedures. The Qualys Vulnerability Integration assumes that you are familiar with and run Qualys Cloud Platform scans in your environment.

    Note:
    Make any necessary configuration changes based on your requirements before running the integrations.

    Important prerequisites

    Validate your instance sizing based on the number of vulnerable items you expect to import. An undersized instance can lead to long load times. If you do not know the size of your instance, contact Customer Service and Support.

    Use filtering to limit the number of items for initial import and phase your deployment by adjusting filters in subsequent imports.

    The Qualys scanners are deactivated by default in the Vulnerability Response application. If you try to perform a rescan from the vulnerable items or remediation tasks that have these applications as a source, the Rescan button is not available.

    Actions to take

    • Determine an initial start date for Host Detection List Import integrations.

      Consider setting the Start time field to a few hours or days in the past. Ideally, choose the date of the last Qualys scan. The start date can include vulnerabilities discovered prior to using the vulnerability management solution. Set the earliest start time used to the start of your scanning cycle. So, if it takes a week before all hosts are scanned, set this value to a week prior to that time.

    • Add users to the roles for admin, sn_vuln.admin, and sn_vul_qualys.admin. For more information see, Create a user.

    • There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

    • If you do not use vulnerability calculators, Disable the default vulnerability calculator if not used, in addition to any others you have defined. Vulnerability calculators run every time a vulnerable item record is created or updated, and can impact initial import performance.
    • During the initial import of records, certain notification-related business rules can cause many notifications to be generated, impacting performance. Prior to your initial import, disable the business rules.
    • If you wish to use a different scanner than the Qualys default, see set up scanner appliances.
    • Have your Qualys server URL and authentication credentials ready. The credentials must provide adequate permissions for retrieving knowledge, scan, and detection information for a Qualys subscription.
    • If you plan to use host tags in Vulnerability Response Assignment or Remediation Task Rules, ensure the Qualys Host List integration was run prior to creating rules.