Optional Qualys modifications

  • Release version: Zurich
  • Updated September 5, 2025
  • 3 minutes to read

    • Configure optional modifications and streamline some of the data specifically for the Qualys integration.

    You can reset that start date in Setup Assistant or from the primary integration, or modify business rules to disable them during an initial import.

    Disable notification-related business rules prior to initial record import

    During the initial import of records, certain notification-related business rules can generate many notifications, impacting performance. These business rules should be modified to disable them during the import.

    Before you begin

    Role required: admin

    Procedure

    1. Navigate toAll > System Definition > Business Rules.
    2. Search for Affected ci notifications.
    3. Open the business rule and insert this condition: current.sys_class_name != “sn_vul_vulnerable_item".
    4. Click Update.
    5. Repeat this procedure for the following business rules:
      • Affected cost center notifications
      • Affected group notifications
      • Affected location notifications
      Note:
      After the completion of the initial record import, you have the option of re-enabling these business rules. However, consider leaving them disabled. They can generate large numbers of notifications and impact the performance of your instance.

    Activate the Qualys QVS score integration

    Using the Qualys QVS score integration you can automatically populate the QVS scores for CVEs to help you assess vulnerability risk more accurately in the sn_vul_nvd_entry.LIST table.

    Before you begin

    Role required: sn_vul_cmn.admin

    Procedure

    1. Navigate to All > Qualys Integrations > Qualys QVS Score Integration.
    2. Select the Active check box to enable the integration.
      Note:
      This feature is inactive by default.

    Result

    When the integration executes, it queries Qualys for the latest QVS scores of the CVEs updated in the last 15 days and populates theQualys Vulnerability Score column in the [sn_vul_nvd_entry.LIST] table.
    Note:
    If the QVS score is empty, the CVE has not been updated in the last 15 days.

    Modify an initial start date

    During installation using Setup Assistant, you set an initial start date for the Qualys integrations. You can reset that start date in Setup Assistant or from the primary integration as shown below.

    Before you begin

    Role required: sn_vul.vulnerability_admin or sn_vul.admin (deprecated)

    About this task

    During integration execution, multiple processes are generated, and data is received in the form of pages. Each process can contain one or more import queue entries with attached data in pages. These entries must process the data within the one-hour time limit. However, if the payload size is large, the processing time may exceed one hour or get stuck, resulting in an integration timeout error. The integration continues to process the data despite the timeout error. To avoid this miscommunication, starting from version 18.2.4 of Vulnerability Response, timestamps (heartbeats) are sent periodically to indicate if the queue is active and processing data. The Last Record Processed field in the Import Queue Entry page is updated based on the count of records the import queue creates or updates. In case an import queue entry exceeds the one-hour time limit, the system checks the Last Record Processed field to see if it is also older than one hour. If it is, this indicates that the import queue entry is stuck, and it is timed out to prevent any further delays in processing.
    Note:
    The Last Record Processed field is updated based on what is defined in the following system properties:
    • sn_sec_cmn.record_threshold_heartbeat: Defines the number of processed records, after which the heartbeat (timestamp) is sent to the import queue entry.
    • sn_sec_cmn.maximum_heartbeat_delay: Defines the time after which the import queue entry must be timed out.

    Procedure

    1. Navigate to All > Qualys Vulnerability Integration > Administration > Primary Integrations.
    2. Click Qualys Host Detection Integration.
    3. Click Integration Details.
    4. Set the Start time field to a value in the past, so all scanned and detected vulnerabilities since that time are detected.

      If you configured Qualys using Setup Assistant, the Start time field is pre-filled, initially to three months prior today's date, and subsequently to today's date.

      Note:
      Consider setting the value to a maximum of a month in the past. This keeps large amount of data from exceeding the Qualys API rate limitations, as well as triggering execution timeouts.
    5. Click Submit or Update.
    6. Optional: Click Execute Now to run immediately.