Set ignore host detection updates if no state changes

You can ignore host detection when no state changes are made.

Before you begin

Role required: admin

Procedure

  1. Navigate to System Import Sets > Administration > Transform maps.
  2. Navigate to Qualys Detection List Transform Transform Map and open it.
  3. Click on the Transform Scripts tab.
    1. Create or edit an onBefore transform script. to update target records if the incoming Qualys status value is different from the target record.
      Here is an example of an onBegin script:
      (function runTransformScript(source, map, log, target /*undefined onStart*/ ) {
      //Collect values from the Source record and build query to find matching VI record
      var ip = source.u_ip;
      var dns = source.u_dns;
      var netbios = source.u_netbios;
      var qid = source.u_qid;
      var port = source.u_port;
      var vul = new GlideRecord("sn_vul_entry");
      if (!vul.get("id", "QID-" + qid)) {
      return null;
      } else {
      var gr = new GlideRecord("sn_vul_vulnerable_item");
      var encoded = "vulnerability=" + vul.getUniqueValue();
      © 2016 ServiceNow, Inc. All rights reserved.
      ServiceNow and the ServiceNow logo are trademarks of ServiceNow, Inc. All other brand and product names are trademarks or registered trademarks of their respective holders. 7
      if (!gs.nil(port)) {
      encoded += "^port=" + port;
      } else {
      encoded += "^portISEMPTY";
      }
      var appendOr = false;
      if (!gs.nil(ip)) {
      if (appendOr) {
      encoded += "^ORip_address=" + ip;
      } else{
      encoded += "^ip_address=" + ip;
      appendOr = true;
      }
      }
      if (!gs.nil(dns)) {
      if (appendOr) {
      encoded += "^ORdns=" + dns;
      } else {
      encoded += "^dns=" + dns;
      appendOr = true;
      }
      }
      if (!gs.nil(netbios)) {
      if (appendOr) {
      encoded += "^ORnetbios=" + netbios;
      } else {
      encoded += "^netbios=" + netbios;
      }
      }
      gr.addEncodedQuery(encoded);
      gr.query();
      while (gr.next()) {
      //Check to see if Status has changed - Build State/Status Mapping Object
      if (!source.u_status.nil()){
      var stateMap = {"new": 1,"active": 1,"re-opened": 1,"reopened": 1,"fixed": 3};
      var ignoredSubstates = ["1", "2", "3"];
      var currentState = gr.state + "";
      var currentSubstate = gr.substate + "";
      var currentStatus = (source.u_status + "").toLowerCase();
      var expectedState = 0;
      if (stateMap.hasOwnProperty(currentStatus)) {
      //If Source Status = Fixed then Close Vulnerable Item record
      if (currentStatus == "fixed") {
      expectedState = 3;
      }
      //If Target State = Closed and Target Substate value is not in the IgnoredSubstates Array - Run Status value through
      State Map.
      else if (currentState == 3 && ignoredSubstates.indexOf(currentSubstate) < 0){
      expectedState = stateMap[currentStatus];
      }
      //If Target State = Pending Confirmation - Run Status value through State Map
      else if (currentState == 10) {
      expectedState = stateMap[currentStatus];
      }
      //If Target State = Ignored and Target Substate = Fixed - Run Status value through State Map, Else ignore
      else if (currentState == 12 && currentSubstate == 4){
      expectedState = stateMap[currentStatus];
      }
      //If Target State = New or Analysis - Run Status value through State Map, Else ignore
      else if (currentState == 1 || currentState == 2){
      expectedState = stateMap[currentStatus];
      } 
      }
      }//If No Mapping State value was returned and Target State is In Review and the Source Status was not Fixed - Ignore
      transform row
      if (expectedState == 0 && currentState == 11){
      ignore = true;
      info ="Record is in Review and has not been fixed, row ignored! ";
      log.info( info );
      }
      //If Target State/Status is the same as the Source State/Status - Ignore transform row
      else if (gr.status.toLowerCase() == currentStatus && gr.state == expectedState){
      ignore = true;
      info ="No state change, row ignored! ";
      log.info( info );
      }
      }
      }
      }
      })(source, map, log, target);
  4. Click Submit.