0
30.3.1
Australia, Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu
Integration
Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
The Qualys Vulnerability Integration imports knowledge base, host detection, risk classification, and impact analysis data from the Qualys scanner to manage risk and remediation. Integrate your Qualys Cloud Platform deployment with ServiceNow Vulnerability Response to prioritize and remediate the most critical vulnerabilities in your environment.
The Qualys Vulnerability Integration includes the following capabilities:
- Data import: The Qualys Vulnerability Integration executes scheduled jobs which import vulnerability, vulnerable items, solution and site data, and enriches it. The scheduled jobs that run automatically in your instance include the following integrations:
- Qualys Host Detection integration retrieves host and vulnerability data from Qualys and processes it in your instance. It coordinates the REST message calls to the Host List Detection API to determine impact and risk of potentially malicious threats. The outputs of this integration are vulnerable items.
- The Qualys Knowledge Base integration retrieves Qualys knowledge base entries. The retrieved data is based on the date the vulnerabilities were updated by Qualys and since the last time the integration ran. This data is useful for populating historical data into your instance as well as ensuring the Qualys Identifiers (QIDs) are up-to-date.
- Rescans: You can scan a new or existing vulnerable item (VI) that contains at least one affected CI or has an IP address populated on the VI form. Rescan vulnerabilities or vulnerable items after remediation, when a vulnerability patch is applied to the affected records.
- Multi-source: If you have multiple deployments of the Qualys Cloud Platform application, you can add an integration for each deployment. Assets identified by multiple Qualys deployments and their vulnerabilities are consolidated and reconciled with your CMDB.
Changed
- Updated the QVS–CVDB API integration to prevent incorrect creation of Qualys IDs in the Common Vulnerability Database (CVDB) table.
- Added CVDB configuration support to the Qualys integration setup page, enabling administrators to manage Common Vulnerability Database settings directly.
- Removed the unused MITRE details parameter from the Qualys Vulnerability Detection host detection integration to streamline data ingestion.
- Extended CVSS v4 score mappings in the Qualys KnowledgeBase and KnowledgeBase Backfill integrations to support additional scoring attributes, ensuring more complete CVSS v4 data for accurate risk prioritization.
- Updated the Qualys setup page to use the latest REST messages, REST functions, and HTTP parameters, improving compatibility with the current Qualys API.
- Added support for configuring the vulnerability detection source in the Qualys Vulnerability Detection integration, allowing administrators to control how scan data is sourced during imports.
- Added a new Comprehensive PCRS integration that consolidates Policy Compliance Reporting Service host data and test results into a single integration, providing a unified view of compliance posture.
- Updated the Qualys PC Policies and PC Policies Detail integrations to align with the latest Qualys Policy Compliance API, ensuring policy configuration data is imported accurately and completely.
- Updated the Qualys PC Controls integration to support recent Qualys API changes and improve control-level data imports.
- Updated the Qualys Host List integration to align with the latest Qualys API and ensure complete host asset data import.
- Updated Integration Run Reports to use theme-aware colors instead of hardcoded values for improved UI consistency.
Fixed
- Fixed Qualys KnowledgeBase import to correctly remove CVE-to-QID associations when the scanner source no longer reports that relationship, preventing stale mappings.
- Resolved multiple issues in the Qualys Vulnerability Score (QVS) integration that caused import processing errors and prevented QVS scores from appearing correctly on vulnerability records.
- The Vulnerability Response application and its dependency plugins must be installed and activated.
- For more information on the Vulnerability Response application compatibility, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- Permissions and roles:
- Role required:
- System Admin (admin) for installation
- Vulnerability Admin (sn_vul.vulnerability_admin) or admin for configuration
- Role required: