Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Host Detection List Import

Log in to subscribe to topics and get notified when content changes.

Host Detection List Import

This transform map is used to transform the detection-specific data returned from the Qualys Host Detection API call to sn_vul_vulnerable_item records.

Changes to this transform alter how the detection information is processed and inserted into the system.

Note: u_port, u_protocol, and u_ssl are not used to determine a vulnerable item match and accounts for the difference between vulnerable items reported by Qualys and vulnerable items reported by ServiceNow.

View the detection list at System Import Sets > Admin > Transform Map > Select Qualys Detection List Transform

To access this transform map, click Qualys Vulnerability Integration > Import Set Tables > Host Detection List Import.

The table shows the fields that are currently being transformed.

Table 1. Detection list transform fields
Source field Target field Description
u_prototcol protocol Maps protocol field from API to protocol field on vulnerable item.

Not used to determine a vulnerable item match.

u_ip ip_address Maps ip field from API to ip_address field on vulnerable item.
u_severity qualys_severity Maps severity field from API to qualys_severity field.

Used to calculate priority of vulnerable item.

[Script] vulnerability Looks up a vulnerability. Used to determine a vulnerable item match.

This field is a script field because QID needs to be appended to the ID provided by the API.

[Script] last_updated_by_qualys Denotes when Qualys updated the vulnerable item.

Script field that sets the value to the current date and time.

u_status status Maps status field from API to status field on vulnerable item.

Later translated to the state of the vulnerable item.

[Script] cmdb_ci Looks up a cmdb_ci to reference on the vulnerable item.

Uses a combination of Qualys host information in addition to IP, netbios, and dns values from the host.

[Script] sys_id Looks up an existing vulnerable item based on host and vulnerability information.

If no existing system ID is found, a new vulnerable item is created.

[Script] last_found Maps the last found timestamp from the API to the last_found field on the vulnerable item.

Script field to format the date for your instance.

u_port port Maps the port field from the API to the port field on the vulnerable item.

Not used to determine a vulnerable item match.

u_dns dns Maps the dns field from the API field to the dns field on the vulnerable item.
[Script] first_found Maps the first found timestamp from the API to the first_found field on the vulnerable item.

Script field to format the date for your instance.

[Script] source Provides a source value to enter on a third-party vulnerability entry.

Used as an identifier. Modifications are not recommended.

u_ssl ssl Maps the ssl field from the API to the ssl field on the vulnerable item.

Not used to determine a vulnerable item match.

u_results description Maps the results field from the API to the description field on the vulnerable item.
Feedback