Notifications

97 views

Description

Symptoms


Once the Qualys integration for the Vulnerability module is configured, if the "Qualys Host Detection Integration" is executed, newly matched CI's are not consistently updated with the Qualys Asset specific data as expected, and values for Qualys ID, Qualys Host ID and Fully Qualified Domain Name (if available) remain blank on the matched CI.

Release


London

Cause


This is expected behaviour. CI information is supposed to be updated by Discovery tool but not Qualys.

Resolution


This is by design. All information related to a CI will be stored in associated Discovered Items record for that CI (sn_sec_cmn_src_ci).

If still needed to update a CI, add the parameter "true" in:
var matchResult = new sn_vul.ImportHost().hostImport(sourceInstance, host, "ID", integrationRun, true);

This will update the CI information.

Ref. documentation pages related to Discovered Items:
https://docs.servicenow.com/bundle/london-release-notes/page/release-notes/security-operations/secops-vuln-resp-rn.html
https://docs.servicenow.com/bundle/london-release-notes/page/product/vulnerability-response/concept/cj-discovered-items.html#discovered-items

Article Information

Last Updated:2019-08-02 20:50:19
Published:2019-06-04