Vulnerable Item Table
Table Name: (sn_vul_vulnerable_item)
The following information gets fetched for the synced Vulnerable Item:
|
Field on Qualys ETM UI |
Field in Qualys ETM API Response |
Field on ServiceNow Table |
|---|---|---|
|
Finding ID |
finding.status |
Qualys ETM Finding ID |
|
CVE |
finding.cveId |
Vulnerability |
|
Title |
finding.title |
Description |
|
QDS |
finding.qds |
Source Risk Score |
|
Last Detected |
finding.lastFound |
Last Found (last_found_dt_tm) |
|
First Detected |
finding.firstFound |
First found (first_found_dt_tm) |
|
Hostname |
finding.assetName |
Configuration Item |
VIT Closure
A single VIT can have multiple linked detections for the same CVE. It remains open until all associated detections are resolved.
In VR integration, a Vulnerability Instance Ticket (VIT) remains open until all linked detections are closed. A single VIT can have multiple detections because Enterprise Threat Management (ETM) may generate more than one finding for the same CVE on the same asset using different identification rules. For each finding, VR integration creates a detection, and all detections are linked to the same VIT.