Modify REST message parameters to affect data retrieval

You can have specific requirements that the default REST message parameters sent to Qualys during data requests be modified to filter the imported data.

Before you begin

Role required: admin

About this task

You can adjust the query parameters for both initial and delta data retrievals. Qualys defined valid parameters in their API documentation. Do not alter any existing field values that use template syntax formatting. The integration code uses these fields.

Procedure

  1. Navigate to Qualys Vulnerability Integration > Administration > Primary Integrations.
  2. Open the Qualys Host Detection Integration record.
  3. To change the related REST message parameters, click the Qualys REST Details tab, and navigate to the REST method reference.
  4. Double-click the Information icon to open the record.
  5. Choose the HTTP Request tab.
  6. Create or update the HTTP Query Parameters as needed.
    1. For initial and delta data retrievals, use the Query parameter severities to reduce the number of records retrieved.
      Qualys severities values
      Parameter Values Description
      severities 3,4,5 3=serious, 4=critical, and 5=urgent

      These values should be used to create a vulnerable item record.

      severities 1,2 1=minimal, 2= medium

      These values are informational and may not be needed in the ServiceNow instance.

      Note: Ensure that you want these detections to be pulled into ServiceNow.
    2. For detection_updated_since use ${lastScanDate}.
      Displays detections whose status changed after a specified date and time. Detections that have never changed use the last detection date.
    3. For max_days_since_detection_updated enter a number.
      Displays detections whose detection status changed since the specified maximum number of days. Detections that have never changed in that time period use the last detection date.
      Note: detection_updated_since and max_days_since_detection_updated parameters are mutually exclusive. Only one of these parameters can be specified in the same request. For more information, see the Qualys API user guide at Qualys Documentation.
    4. For initial data retrieval, change the HTTP Query Parameter value for status to New, Active, Re-Opened.
    5. For delta data retrievals, change the HTTP Query Parameter for status to remove Active. The status values should be New, Fixed, Re-Opened.
      Note:

      Qualys uses the Active status when a detection has been found more than once. Removing the Active status reduces the size and processing time of the delta data retrieval.

      You only need detections that are New, Fixed, or Re-Opened and where the Active status retrieved the detection when it was first found.

      Only bring in Fixed detection records when there is a business requirement to have all history in ServiceNow.

      HTTP Query Parameters for delta data retrievals
    6. Click Update.