Starting version v10.3, Qualys tags are stored in the new tag framework in Vulnerability Response. Follow the steps below to start using this new tag framework.
- Run the Qualys Host List Integration after upgrade to store all the existing Qualys host tags in the new framework.
- In the new tag framework, Qualys tags are shown as host tag in the Discovered item table, so you need to update the rules as shown in the example below:
- All the business rules or script includes using the old tables need to be updated to use the new tables.
Prior to version v10.3, Qualys host tags are stored in the sn_vul_qualys_host_tag_table and sn_vul_qualys_m2m_ci_host_tag tables. They are also referred from the sn_vul_qualys_host_tag column of Unmatched CIs table [sn_sec_cmn_unmatched_ci].
From version v10.3 onward, Qualys host tags are stored in the sn_sec_cmn_host_tag and sn_sec_cmn_m2m_src_ci_tag tables and referred from the host_tag column of the Discovered item table [sn_sec_cmn_src_ci].
Existing Qualys host tags in the old tables stay, but the new host tags are stored in the new tables.
Note: If Qualys tags processing needs to done using the old tables, (those tables prior to v10.3), you can set the system property sn_vul_qualys.use_legacy_qualys_host_tags to true. This ensures that the Qualys host tags are stored in the old tables again, in addition to the new tables. However, this property will be present only in Vulnerability Response v10.3, and will be deprecated going forward. By default, this property is set to false.