Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

QualysHostImportReportProcessor script include

QualysHostImportReportProcessor script include

The QualysHostImportReportProcessor script include is a JavaScript XML processor (XMLDoc2 processor) that takes the output from Qualys and transform it to ServiceNow Configuration Items and Vulnerable Items.

This processor is faster than previous maps. It consumes much less memory, and optimizes the Qualys import process transform data returned from the Host Detection API call to cmdb_ci records. Changes to this script include can alter how the host information is processed and inserted into the system. Unmatched hosts are stored in the Qualys CIs (sn_vul_qualys_ci) table.

Note: u_port, u_protocol, and u_ssl are not used to determine a vulnerable item match and accounts for the difference between vulnerable items reported by Qualys and vulnerable items reported by ServiceNow.

View the script include at System Definition > Script Includes .

The table shows the fields that are transformed.

Table 1. Detection list transform fields
Target field Description
protocol Maps protocol field from API to protocol field on vulnerable item.

Not used to determine a vulnerable item match.

ip_address Maps ip field from API to the ip_address field on the vulnerable item and the ip address field on a cmdb_ci record.
qualys_severity Maps severity field from API to qualys_severity field.

Used to calculate priority of vulnerable item.

vulnerability Determines a vulnerable item match.
last_updated_by_qualys Denotes when Qualys updated the vulnerable item.

Script field sets the value to the current date and time.

status Maps status field from API to status field on vulnerable item.

Later translated to the state of the vulnerable item.

cmdb_ci

Reference to a configuration item. It consists of a combination of Qualys host information in addition to IP, netbios, and dns values from the host.

sys_id Reference to an existing vulnerable item based on host and vulnerability information.

If no existing cmdb_ci record is found, it returns null or an empty string and a new vulnerable item is created.

last_found Maps the last found timestamp from the API to the last_found field on the vulnerable item.

Script field to format the date for your instance.

port Maps the port field from the API to the port field on the vulnerable item.

Not used to determine a vulnerable item match.

dns Maps the dns field from the API field to the dns field on the vulnerable item.
fqdn Maps the dns field from the API call to the fqdn field on a cmdb_ci record.
first_found Maps the first found timestamp from the API to the first_found field on the vulnerable item.

Script field to format the date for your instance.

source Qualys

Used as an identifier.

ssl Maps the ssl field from the API to the ssl field on the vulnerable item.

Not used to determine a vulnerable item match.

description Maps the results field from the API to the description field on the vulnerable item.