Ticket List Import

The Qualys ticket list transform map is used to transform the ticket-specific data returned from the Qualys ticket list API call to sn_vul_vulnerable_item records. Changes to this transform alter how vulnerability entries are processed and inserted into the system.

To access this transform map, navigate to Qualys Vulnerability Integration > Import Set Tables > Ticket List Import.

The table shows the fields currently being transformed.

Table 1. Qualys ticket list transform map fields
Source Field Target field Description
u_detection_ip ip_address Maps the detection IP from the API to the ip_address field on the vulnerable item.
[Script] last_updated_by_qualys

Denotes when Qualys updated the vulnerable item.

Script field that sets the value to the current date/time.

u_vulninfo_severity qualys_severity

Maps severity field from API to qualys_severity field.

Used to calculate priority of vulnerable item.

[Script] first_found

Maps the first found timestamp from the API to the first_found field on the vulnerable item.

This field is a script field because the date needs to be formatted for your instance.

u_detection_dnsname dns Maps the dns field from the API to the dns field on the vulnerable item.
u_detection_port port Maps the port field from the API to the port field on the vulnerable item.
[Script] last_found

Maps the last found timestamp from the API to the last_found field on the vulnerable item.

This entry is a script field to format the date for your instance.

u_detection_nbhname netbios Maps the detection netbios host name to the netbios field on the vulnerable item.
[Script] vulnerability

Looks up a vulnerability.

This entry is a script field to append the QID to the ID provided by Qualys.

[Script] source

Provides a source value to enter on a third-party vulnerability entry.

Used as an identifier. Modifications are not recommended.

u_current_state qualys_ticket_state Maps the current state from the API to the qualys_ticket_state field of the vulnerable item.
u_number qualys_ticket Maps the ticket number from the API to the qualys_ticket field of the vulnerable item.
u_assignee_email qualys_assignee_email Maps the assignee email from the API to the qualys_assignee_email of the vulnerable item.
u_detection_ssl ssl Maps the ssl field from the API to the ssl field on the vulnerable item.
u_current_status status

Maps status field from API field to status field on the vulnerable item.

Later translated to the state of the vulnerable item.

[Script] sys_id

Looks up an existing vulnerable item based on host and vulnerability information.

If no existing system ID is found, a new vulnerable item is created.

u_detection_protocol protocol Maps protocol field from API to protocol field on the vulnerable item.
u_details_result description Maps the results field from the API to the description field on the vulnerable item.
[Script] cmdb_ci

Looks up a cmdb_cito reference on the vulnerable item.

This entry uses a combination of Qualys IP, netbios, and dns values from the host.

u_assignee_name qualys_assignee_name Maps the assignee name from the API to the qualys_assignee_name of the vulnerable item.

In addition to field mappings, there is also a transform script that is executed during the transformation process.

The table shows when this script runs and what it is used for.

Table 2. Qualys ticket list transform map script timing and purpose
When the script is run Purpose of the script
onComplete (after an import set has completed transformation).

Determines if additional data should be retrieved from the API.

For internal use. Modifying or deleting is not recommended.