56 views

 

Symptoms


Vulnerability Qualys Integration - When loading a Qualys vulnerable item with source status FIXED  does not set the corresponding  vulnerable item in state  in service now as FIXED/CLOSED

 

As per the documentation, If the vulnerable item source status is Fixed (updated by a scan or import), then when the group changes its state, the vulnerable item changes its state to Closed/Fixed. This is true no matter what states the other associated groups are in. The vulnerable item search for group state does not occur.

 

Cause


In the script QualysHostImportReportProcessor under the function handleVulnerableItem, there is a part of the code that is missing an !

[...] 
// Check for state conflict with status
if (!insert) 
{
      (status = Qualys /// state = Vulnerable Item state)
      // If Qualys status is fixed, state must be closed, fixed 
      // If Qualys state is not fixed, state must not be closed, fixed
      if (this._statusIsFixed(status) && this._stateIsFixed(vit))  ==>(there is a "!" missing before "this._stateIsFixed(vit)")
     { 
          vit.setValue("state", 3); // Closed
          vit.setValue("substate", 4); // Fixed Because of the missing "!" a vul item state/substate = Close/Fixed are set                again with Close/Fixed ;-))
          changed = true;
     } 
     else if (!this._statusIsFixed(status) && this._stateIsFixed(vit)) 
     { 
           vit.setValue("state", 1); // Open
           changed = true;
     } 
}
[....]

Resolution


There is a PRB1292082 that has been raised for this where the Fix will be in madrid and in the meantime you can use the following work around.

Add the ! before the "this._stateIsFixed(vit)"

So it should look like the following snippet:

[...] 
// Check for state conflict with status
if (!insert) 
{
      (status = Qualys /// state = Vulnerable Item state)
      // If Qualys status is fixed, state must be closed, fixed 
      // If Qualys state is not fixed, state must not be closed, fixed
      if (!this._statusIsFixed(status) && this._stateIsFixed(vit)) 
     { 
          vit.setValue("state", 3); // Closed
          vit.setValue("substate", 4); // Fixed Because of the missing "!" a vul item state/substate = Close/Fixed are set                again with Close/Fixed ;-))
          changed = true;
     } 
     else if (!this._statusIsFixed(status) && this._stateIsFixed(vit)) 
     { 
           vit.setValue("state", 1); // Open
           changed = true;
     } 
}
[....]

 

Additional Information


Document on Vulnerability group and vulnerable items states

Article Information

Last Updated:2018-08-07 23:37:02
Published:2018-08-08