0
30.1.2
Zurich, Yokohama Patch 6, Yokohama, Xanadu Patch 9, Xanadu, Washington DC, Vancouver, Utah
Note:
This app version is intended for Unified Security Exposure Management (USEM), a significant architectural upgrade to the Vulnerability Response applications.
If you are currently using Vulnerability Response and upgrading to USEM for the first time, you must use the Migration assistant for Unified Security Exposure Management to ensure a safe and successful upgrade. For full details, please refer to the KB2556844 and documentation before proceeding.
If you do not intend to upgrade to USEM, please select a version below 30.x when installing or upgrading.
The Qualys Vulnerability Integration imports knowledge base, host detection, risk classification, and impact analysis data from the Qualys scanner to manage risk and remediation. Integrate your Qualys Cloud Platform deployment with ServiceNow Vulnerability Response to prioritize and remediate the most critical vulnerabilities in your environment.
The Qualys Vulnerability Integration includes the following capabilities:
- Data import: The Qualys Vulnerability Integration executes scheduled jobs which import vulnerability, vulnerable items, solution and site data, and enriches it. The scheduled jobs that run automatically in your instance include the following integrations:
- Qualys Host Detection integration retrieves host and vulnerability data from Qualys and processes it in your instance. It coordinates the REST message calls to the Host List Detection API to determine impact and risk of potentially malicious threats. The outputs of this integration are vulnerable items.
- The Qualys Knowledge Base integration retrieves Qualys knowledge base entries. The retrieved data is based on the date the vulnerabilities were updated by Qualys and since the last time the integration ran. This data is useful for populating historical data into your instance as well as ensuring the Qualys Identifiers (QIDs) are up-to-date.
- Rescans: You can scan a new or existing vulnerable item (VI) that contains at least one affected CI or has an IP address populated on the VI form. Rescan vulnerabilities or vulnerable items after remediation, when a vulnerability patch is applied to the affected records.
- Multi-source: If you have multiple deployments of the Qualys Cloud Platform application, you can add an integration for each deployment. Assets identified by multiple Qualys deployments and their vulnerabilities are consolidated and reconciled with your CMDB.
Changed
- Modified integrations to adopt a standardized data model and modularized feature sets across Vulnerability Response (VR) and Configuration Compliance.
- The Administration Console now displays a tile to review integration status runs when Qualys Integration for Security Operations is installed.
- The Vulnerability Response application and its dependency plugins must be installed and activated.
- For more information on the Vulnerability Response application compatibility, see Vulnerability Response Compatibility Matrix and Release Schema Changes in the Supporting Links and Docs section on this page.
- Permissions and roles:
- Role required:
- System Admin (admin) for installation
- Vulnerability Admin (sn_vul.vulnerability_admin) or admin for configuration
- Role required: