Qualys knowledge base transform

The Qualys knowledge base transform transforms the data returned from the Qualys knowledge base API call to cmdb_ci records. Changes to this transform alters how vulnerability entries are processed and inserted into the system.

The table below shows the fields that are currently being transformed.

Table 1. Qualys Knowledge Base Transform Fields
Source Field Target Field Description
u_solution solution Maps the solution field from the API to the solution field on a third-party vulnerability entry record.
[Script] last_modified

Maps the last modification timestamp from the API response to the last_modified timestamp field on the third-party vulnerability entry.

This is a script field because the value needs to be specially formatted to translate the API date to a date recognized by your instance.

[Script] id

Maps the ID from the API to the ID field on the third-party vulnerability entry.

This is a script because the ID from the API needs to have a prefix (QID) added to it.

[Script] source

Provides a source value to enter on a third-party vulnerability entry.

This is used as an identifier and should not be modified.

[Script] date_published

Maps the date the vulnerability was published to the date_published field on the third-party vulnerability entry.

This is a script because the value needs to be specially formatted to translate the API date to a date recognized by your instance.

u_category category Maps the category field from the API to the category field on the third-party vulnerability entry.
u_title summary Maps the title field from the API to the summary field on the third-party vulnerability entry.
u_consequence threat Maps the consequence field from the API to the threat field on the third-party vulnerability entry
u_pci_flag pci Maps the pci flag field from the API to the pci field on the third-party vulnerability entry.

In addition to field mappings, there is also a transform script that is executed during the transformation process.

The table below shows when this script runs and what it is used for.

Table 2. Qualys Knowledge Base (Date-based) Transform REST Message Script Timing and Purpose
When the script is run Purpose of the script
onAfter (after a vulnerability entry was transformed and inserted)

Processes nested values provided by the XML that are small enough not to be transformed by a separate transform map.

This is used to the process software list, vendor reference list, correlation list, and CVSS values.