Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Activate and configure Qualys Vulnerability Integration plugin

Activate and configure Qualys Vulnerability Integration plugin

The Security Integration feature allows you to quickly activate and set up third-party security integrations, including Qualys Cloud Platform. Before Qualys Cloud Platform integration can be used, you must activate the plugin and set your API credentials.

Before you begin

Qualys Vulnerability Integration requires an installed Vulnerability Response plugin. Both are available as separate subscriptions.

Role required: sn_sec_cmn.admin

Note: This procedure can be used to activate the plugin and configure the integration. You can also activate the plugin using the traditional method. If you choose the traditional method of activation, the Qualys card recognizes the installation and displays the Configure button. Proceed to Step 5.

Procedure

  1. Navigate to Security Operations > Integration Configurations.
    The available security integrations appear as a series of cards.
    Qualys integration card
  2. In the Qualys card, click Install Plugin.
  3. In the Install Qualys integration dialog box, review the plugin details and click Activate.
  4. When the activation is complete, click Close & Reload Form.
    The Security Integration screen reloads and the Configure button for the integration is available.
  5. Click Configure.
  6. Fill in the fields on the form, as appropriate.
    Field Description
    Primary API Server URL The URL to the Qualys API server.
    Primary User Name The API user name to be used for Basic Auth REST message authentication. These credentials apply to all Qualys integrations.
    Note: If you want to use different credentials for Configuration Compliance than Vulnerability Response then you need to create them. See Activate Configuration Compliance for more information.
    Primary Password The API password to be used for Basic Auth REST message authentication. These credentials apply to all Qualys integrations.
    Note: If you want to use different credentials for Configuration Compliance than Vulnerability Response then you need to create them. See Activate Configuration Compliance for more information.
  7. Click Submit.
    You are returned to the Security Operations Integration Configurations page.
    Note: If you are installing the Qualys Cloud Platform integration to work with Configuration Compliance only then you are done. The following instructions are specific to Vulnerability Response.
  8. Navigate to Qualys Vulnerability Integration > Vulnerability Configuration
  9. Fill in the fields on the tabs in the form, as appropriate.
    Host Detections
    Enable host detection Check to enable host detection integration.
    Update fixed? Choose a Fixed state action to use. Choices are:
    • Only use 'Fixed' detections to update state (recommended — better performance)
    • Create new Vulnerable Items for already 'Fixed' detections (more data)
    Start date Set the start date and time for the Qualys QualysHostImportReportProcessor script include. Vulnerabilities detected or modified since this date will be retrieved in the next scan.
    Note: This date is required. When configuring for your first import, set this date to the earliest detections you wish to import. After the first import, this date is set automatically to the time of the last completed import, so the next import brings in only the new data.
    Level 5 (urgent) Check to address this severity level.
    Level 4 (critical) Check to address this severity level.
    Level 3 (serious) Check to address this severity level.
    Level 2 (medium) Check to address this severity level.
    Level 1 (minimal) Check to address this severity level.
    Import tags Check to attach Qualys tags to the hosts.
    Truncation limit Enter limit for page imports.
    Vulnerability Group Rules Displays all vulnerability group rules and whether they are active or not. You can change the Active state or delete (using the red X) any that do not apply to your environment.
    Note: Changing the state of a vulnerability group rule changes it for all integrations.
    Warning: Deleting a vulnerability group rule deletes it from Vulnerability Group Rules, not just the Qualys Host Detection Integration.
    Knowledge Base
    Enable KB download Check to enable Knowledge Base download. The retrieved data is based on the date that Qualys updated the vulnerabilities and since the last time the integration ran.

    This field can be useful for populating historical data into your instance as well as for ensuring the QIDs are up to date.

    Historical knowledge base information can also be pulled later using the Primary Integrations module.

    Start date Set the start date and time for the Qualys Qualys Knowledge Base import. Vulnerabilities detected or modified since this date will be retrieved in the next scan.
    Note: This date is required. When configuring for your first import, set this date to the earliest detections you wish to import. After the first import, this date is set automatically to the time of the last completed import, so the next import brings in only the new data.
    Enable KB backfill Check to enable Knowledge Base backfill download.
    Scanning

    A default scanner is pre-installed in the Vulnerability > Vulnerability Scanning > Scanners module when the Qualys Vulnerability Integration is installed and activated. This scanner is disabled by default. Select the Active and Default check boxes to enable the Qualys Cloud Platform scanner to work using the Scan for Vulnerabilities related link on the vulnerability group and vulnerable item forms.

    Default scan appliance Enter the name of the scanner appliance to use. If you enabled the Qualys Appliance List Integration you can leave this field blank.
    Scan option profile Enter the name of the Qualys Cloud Platform scan option profile to use.

    Created in the Qualys Cloud Platform application, the scan option profile defines the settings to use for all scans run using that profile. Qualys recommends creating profiles with custom settings for different types of Qualys Cloud Platform scans.

    Additional Integrations
    Enable asset groups Check to enable asset groups integration.
    Enable appliance lists Check to enable appliance lists integration.
    Enable tickets Check to enable tickets integration.
    Enable dynamic search Check to enable dynamic search integration.
    Enable static search Check to enable static search integration,
  10. Click Save on the last screen.