Vulnerability Qualys Integration - When loading a Qualys vulnerable item with source status FIXED does not set the corresponding vulnerable item in state in service now as FIXED/CLOSED
As per the documentation, If the vulnerable item source status is Fixed (updated by a scan or import), then when the group changes its state, the vulnerable item changes its state to Closed/Fixed. This is true no matter what states the other associated groups are in. The vulnerable item search for group state does not occur.
In the script QualysHostImportReportProcessor under the function handleVulnerableItem, there is a part of the code that is missing an !
There is a PRB1292082 that has been raised for this where the Fix will be in madrid and in the meantime you can use the following work around.
Add the ! before the "this._stateIsFixed(vit)"
So it should look like the following snippet:
Document on Vulnerability group and vulnerable items states