Optional Qualys Vulnerability imports

More Qualys integrations are available, though not commonly used.

Qualys Ticket import

You can configure theis integration for scheduled data retrieval. This import is optional and its data are stored and treated as vulnerable items by Vulnerability Response.

Before you begin

Role required: sn_vul_qualys.admin
Note: This integration should only be performed after you have configured and run both the Knowledge Base and Host Detection imports.

About this task

If you disabled Qualys ticket integration, reenable before you begin.

Procedure

  1. Navigate to Qualys Vulnerability Integration > Administration > Primary Integrations.
  2. Open the Qualys Ticket Integration record.
  3. Click the Integration Details tab, and set the Start time to the initial date from which you want to begin retrieving data.
  4. Save the record and, optionally, click Execute Now.

Disable the Qualys ticket integration

The Qualys Ticket Integration is not required and provides only minimal additional data. If you are using the QualysGuard remediation ticketing system, consider moving any special auto-assignment functionality into ServiceNow.

Before you begin

Role required: admin

Procedure

  1. Change scope to Qualys Vulnerabilty Integration.
  2. Navigate to Qualys Vulnerability Integration > Administration > Primary Integrations.
  3. Search for Qualys Ticket Integration
  4. Double-click true in the Active column for Qualys Ticket Integration and set to false.
  5. Click the check mark.

Qualys Knowledge Base (Backfill) import

The Qualys Knowledge Base (Backfill) import creates records within Vulnerability Response. This import is optional and its data are stored and treated as third-party vulnerable items by Vulnerability Response.

Before you begin

Role required: sn_vul_qualys.admin

About this task

Determine the maximum number of QIDs to pull per API request before backfilling vulnerability data.
Note: This integration should only be performed after you have configured and run both the Knowledge Base and Host Detection imports.

Procedure

  1. Switch to the Qualys Vulnerability Integration scope.
  2. Disable the Qualys Ticket Integration, as it is not required and provides only minimal additional data. If you are using the QualysGuard remediation ticketing system, move any special auto-assignment functionality into ServiceNow.
  3. Navigate to Qualys Vulnerability Integration > Primary Integrations > Qualys Knowledge Base (Backfill) and open it.
  4. The settings for this integration are ready for a run. The base system contains five data sources which pull data in parallel. Adding data sources increases parallel processing but are not normally necessary for the Knowledge Base (Backfill).
  5. Click the Integration Details tab and set the Start time field to 1996-01-01 00:00:00
    Qualys Knowledge Base (Backfill) start time
    Note: This process can be time consuming. On average, allow it to run for about 30 minutes.
  6. Right click in the header to save the record.
  7. Pull historical data by clicking Execute Now.
  8. Return to Qualys Vulnerability Integration > Primary Integrations > Qualys Knowledge Base (Backfill).
  9. The Vulnerability Integration Runs related tab displays the run. It should show Running under State unless there was an error. For an error, open the run and the error message is shown under Note.
  10. Navigate to Qualys Vulnerability Integration > Primary Integrations > Vulnerability Integration Runs and click on a run.
  11. Sort Number in descending order to see the latest import and how far along you are in the run. Click the condition link at the top of the page to refresh.
    Blue circles next to the State, End date time, Substate, and Notes fields, indicate that the run has ended, succeeded, and the fields have been updated.