Knowledge Base Import

The Qualys Knowledgebase Transform map is used to transform the data returned from the Qualys knowledge base API call to vulnerability records. Changes to this transform alter how vulnerability entries are processed and inserted into the system.

To access this transform map, navigate to Qualys Vulnerability Integration > Import Set Tables > Knowledge Base Import.

The table shows the fields currently being transformed.

Table 1. Qualys Knowledge Base transform fields
Source field Target field Description
u_solution solution Maps the solution field from the API to the solution field on a third-party vulnerability entry record.
[Script] last_modified

Maps the last modification timestamp from the API response to the last_modified timestamp field on the third-party vulnerability entry.

Script field because the value has to be specially formatted to translate the API date to a date recognized by your instance.

[Script] id

Maps the ID from the API to the ID field on the third-party vulnerability entry.

Script field because the ID from the API has to have a prefix (QID) added to it.

[Script] source

Provides a source value to enter on a third-party vulnerability entry.

Used as an identifier. Modifications are not recommended.

[Script] date_published

Maps the date the vulnerability was published to the date_published field on the third-party vulnerability entry.

Script because the value has to be specially formatted to translate the API date to a date recognized by your instance.

u_category category Maps the category field from the API to the category field on the third-party vulnerability entry.
u_title summary Maps the title field from the API to the summary field on the third-party vulnerability entry.
u_consequence threat Maps the consequence field from the API to the threat field on the third-party vulnerability entry.
u_pci_flag pci Maps the pci flag field from the API to the pci field on the third-party vulnerability entry.

In addition to field mappings, there is also a transform script that is executed during the transformation process.

The following table shows when this script runs and what it is used for.

Table 2. Qualys knowledge base (date-based) transform REST message script timing and purpose
When the script is run Purpose of the script
onAfter (after a vulnerability entry was transformed and inserted)

Processes nested values provided by the XML that are small enough not to be transformed by a separate transform map.

Used to the process the software list, vendor reference list, correlation list, and CVSS values.