Preparing for the Qualys Vulnerability Integration

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Preparing for the Qualys Vulnerability Integration

    The Qualys Vulnerability Integration with ServiceNow requires thorough preparation to ensure a smooth and efficient setup. This integration assumes you are already running Qualys Cloud Platform scans in your environment. Proper planning involves configuring your instance, setting appropriate filters for data import, and aligning integration timing with your scanning cycles to optimize performance and data relevance.

    Show full answer Show less

    Key Preparation Steps

    • Instance Sizing: Verify your ServiceNow instance capacity to handle the expected volume of vulnerable items. Undersized instances can cause slow load times. Contact Customer Service if sizing details are unclear.
    • Data Filtering: Use filters to limit the initial import size and phase deployment with adjusted filters in subsequent imports to manage performance.
    • Scanner Activation: Note that Qualys scanners are disabled by default in the Vulnerability Response application; rescanning from vulnerable items or remediation tasks is unavailable unless activated.
    • Integration Start Date: Choose an initial import start date aligned with your last Qualys scan or the beginning of your scanning cycle, possibly including vulnerabilities from before implementation.
    • Role Assignment: Add necessary users to the admin, snvuln.admin, and snvulqualys.admin roles to provide access to integration functions.
    • Run-As User: The integration uses a configured run-as user (default VR.System); do not modify this setting.
    • Vulnerability Calculators: If not used, disable the default and any custom vulnerability calculators to improve import performance since these calculators trigger on item creation or updates.
    • Business Rules: Disable notification-related business rules before the initial import to prevent excessive notifications and performance degradation.
    • Scanner Appliances: To use scanners other than the Qualys default, ensure proper setup of scanner appliances.
    • Qualys Credentials: Prepare your Qualys server URL and authentication credentials with sufficient permissions to retrieve knowledge, scan, and detection data.
    • Host Tagging: If using host tags in Vulnerability Response Assignment or Remediation Task Rules, run the Qualys Host List integration beforehand.

    Why This Matters

    Following these preparation steps helps avoid system performance issues, ensures accurate and timely vulnerability data import, and supports effective vulnerability management workflows within ServiceNow. Proper sizing, filtering, and configuration reduce delays and resource strain during integration, enabling your teams to respond to vulnerabilities efficiently.

    A successful integration requires planning and careful execution of pre-integration tasks. It is essential that you prepare for the integration by performing these procedures. The Qualys Vulnerability Integration assumes that you are familiar with and run Qualys Cloud Platform scans in your environment.

    Note:
    Make any necessary configuration changes based on your requirements before running the integrations.

    Important prerequisites

    Validate your instance sizing based on the number of vulnerable items you expect to import. An undersized instance can lead to long load times. If you do not know the size of your instance, contact Customer Service and Support.

    Use filtering to limit the number of items for initial import and phase your deployment by adjusting filters in subsequent imports.

    The Qualys scanners are deactivated by default in the Vulnerability Response application. If you try to perform a rescan from the vulnerable items or remediation tasks that have these applications as a source, the Rescan button is not available.

    Actions to take

    • Determine an initial start date for Host Detection List Import integrations.

      Consider setting the Start time field to a few hours or days in the past. Ideally, choose the date of the last Qualys scan. The start date can include vulnerabilities discovered prior to using the vulnerability management solution. Set the earliest start time used to the start of your scanning cycle. So, if it takes a week before all hosts are scanned, set this value to a week prior to that time.

    • Add users to the roles for admin, sn_vuln.admin, and sn_vul_qualys.admin. For more information see, Assign a role to a user.

    • There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

    • If you do not use vulnerability calculators, Disable the default vulnerability calculator if not used, in addition to any others you have defined. Vulnerability calculators run every time a vulnerable item record is created or updated, and can impact initial import performance.
    • During the initial import of records, certain notification-related business rules can cause many notifications to be generated, impacting performance. Prior to your initial import, disable the business rules.
    • If you wish to use a different scanner than the Qualys default, see set up scanner appliances.
    • Have your Qualys server URL and authentication credentials ready. The credentials must provide adequate permissions for retrieving knowledge, scan, and detection information for a Qualys subscription.
    • If you plan to use host tags in Vulnerability Response Assignment or Remediation Task Rules, ensure the Qualys Host List integration was run prior to creating rules.