Field Mappings
The Qualys ETM Connector automatically creates or updates work items in Azure DevOps based on Qualys's findings. This process involves incorporating specific fields from Qualys, such as the finding IDs, QIDs, vulnerability title, severity, asset information, and finding details, into the Azure DevOps work item.
Ticket State Field Mapping
The ticket state changes according to the finding status. The mapping is provided below:
|
AzureDevops Field Name |
Qualys ETM Field Name |
|---|---|
|
To Do |
NEW, ACTIVE, REOPNED, PROTECTED, RETEST |
|
Done |
FIXED |
If there are two states in the proposed list, ‘To-Do’ and ‘New’, it will pick the first state (‘To-Do’) and create the ticket with the status ‘To-Do’. Names of the states vary depending on the process template.
Ticket Priority Field Mapping
Severity indicates the risk level of security issues identified in the ETM finding. It helps classify and prioritize the most critical threats that could impact the application’s security. Findings with the highest severity will be prioritized first.
The mapping is provided below:
|
AzureDevops Field Name |
Qualys ETM Field Name |
|---|---|
|
Priority 1 |
Severity 5,4 |
|
Priority 2 |
Severity 3 |
|
Priority 3 |
Severity 2 |
|
Priority 4 |
Severity 1 |
Ticket Description Field Mapping
The following table includes field mappings for ticket description
|
AzureDevops Field Name |
Qualys ETM Field Name |
Description |
|---|---|---|
|
Title |
Title |
Title of the ETM finding |
|
Description |
Description |
Detailed description of the finding |
|
Asset Id |
Asset Id |
Unique identifier of the affected asset |
|
Asset Name |
Asset Name |
Name of the affected asset |
|
Category |
Category |
Category or type of vulnerability/finding |
|
Severity |
Severity |
Severity level of the finding |
|
Status |
Status |
Current status of the finding |
|
Vendor Product Name |
Vendor Product Name |
Name of the affected vendor product |
|
Last Found Date |
Last Found Date |
Date when the finding was last detected |
|
First Found Date |
First Found Date |
Date when the finding was first detected |
|
CVE ID |
CVE ID |
Associated Common Vulnerabilities and Exposures (CVE) identifier |
|
CVE CISA Known Exploits |
CVE CISA Known Exploits |
Indicates whether the CVE is listed in CISA Known Exploited Vulnerabilities |
|
CVE ESPP Score |
CVE ESPP Score |
Exploitability Scoring and Prioritization (ESPP) score |
|
CVSS2 Temporal Score |
CVSS2 Temporal Score |
CVSS version 2 temporal score |
|
CVSS3 Temporal Score |
CVSS3 Temporal Score |
CVSS version 3 temporal score |
|
CVSS3 Base Score |
CVSS3 Base Score |
CVSS version 3 base score |
|
CVSS3 Access Vector |
CVSS3 Access Vector |
Access vector defined in CVSS v3 |