Qualys CVR Integration
The Qualys Container Vulnerability Response Integration app offers three integrations:
- Qualys Container Vulnerability Integration
- Qualys Image Integration
- Qualys Knowledgebase Integration
The following table shows the integration details:
|
Sequence |
Integration Name |
Active |
Default Run Type |
Default Time (if applicable) |
Next Integration |
|---|---|---|---|---|---|
|
1 |
Qualys Container Vulnerability Integration |
true |
On-Demand |
NA |
Qualys Image Integration |
|
2 |
Qualys Image Integration |
true |
On-Demand |
NA |
Qualys Knowledge Base Integration |
|
3 |
Qualys Knowledge Base Integration |
true |
On-Demand |
NA |
NA |
Qualys Container Vulnerability Integration
The Qualys CVR integration fetches all the Container data associated with the configured account from the Qualys platform.
Perform the following steps from the Qualys CVR Integration:
- Select Integration.
- Click Qualys Container Vulnerability Integration.
- Choose the frequency of the scheduled Run.
By default, the Run is set On Demand.
The scheduling can be performed only for Qualys Container Vulnerability Integrations.
Qualys recommends not making changes to the Integration Details section.
You can choose to run the integration using one of the following options:
- Daily: Runs the integration daily at the configured time.
- Weekly: Runs the integration weekly at the configured time of the configured day.
- Monthly: Runs the integration monthly at the configured month-day time.
- Periodically: Runs the integration at the configured interval
- Once: Runs the integration only once at the configured date and time.
- On-Demand: Runs the integration only when the Execute Now is hit.
- Business Calendar: Entry Start: Refer to the ServiceNow documentation for information on the Business calendar.
- Business Calendar: Entry End: Refer to the ServiceNow documentation for information on the Business calendar.
-
By default, the Filter is set to state: ' RUNNING'. You can optionally provide a query in the Filter to filter the container data.
Provide the filters in the form of QQL that are used on Qualys Platform UI for the Container Security application.
Refer to the example given in the following image.
Click
the symbol to see how to provide the query for data searching.
-
The API page size value is set to '50' by default.
This is the optional configuration; you can alter the API Page Size as per requirement.
For example, if the total result set has 1000 containers and the API page size is 100, the result is divided into ten pages, with 100 containers on each page. -
Select the date from the calendar in the Import Data Since field.
The 'Import data since' field's default value is blank, and data is pulled from the last seven days only. If you want to pull data from a specific date, select the date in the 'Import data since' field calendar. Once the successful pull is completed, the 'Import data since' field is updated to reflect the last successful run's completion date. During every subsequent run, incremental data syncs from the updated date of the successful run.
-
Click Update.
Now, you are done with the Container Vulnerability Integration.
When ready to run the integration, click Execute Now or click Update to run it according to the defined schedule.
Next Integration: After completing the current integration run, the next sequential Integration starts running automatically.
Qualys Image Integration
Qualys Image Integration syncs image information such as registry, repository, and tags only for the containers that are synced in Container Vulnerability Integration
The Qualys Image integration is auto-triggered after the Container Vulnerability Integration is completed.
We recommend not modifying the Qualys Image Integration configuration as it may affect auto-triggers
Qualys Knowledgebase Integration
Qualys KnowledgeBase Integration syncs KnowledgeBase data such as CVES, Impact, and other details only for the vulnerabilities that are synced in the Container Vulnerability Integration.
The Knowledgebase integration is auto-triggered after the Qualys Image Integration is completed.
We recommend not modifying the KnowledgeBase Integration configuration as it may affect auto-triggers.
Vulnerability Integration Runs
Every time the integration run is executed, it appears in the Vulnerability Integration Runs under the respective integration.
This section summarizes and displays the status of the integration runs between the Qualys Platform and ServiceNow.
The following image shows vulnerability Integration Runs for Qualys Container Vulnerability Integration:
The following image shows vulnerability Integration Runs for Qualys Image Integration:
The following image shows vulnerability Integration Runs for Qualys KnowledgeBase Integration:
Next Step
View Qualys Container Data in ServiceNow