Qualys CVR Integration

The Container Vulnerability Integration provides two options for pulling container images. It is configured based on specific requirements.

Option 1: Pull Only In-use Images

Option 2: Pull All Available Images

Option 1: Pull Only In-use Images

If you choose this option, the Qualys CVR integration retrieves only the active image data linked to the configured account from the Qualys platform.

The following table shows the integration details:

Sequence	Integration Name	Active	Default Run Type	Default Time (if applicable)	Next Integration
1	Qualys Container Vulnerability Integration	true	On-Demand	NA	Qualys Image Integration
2	Qualys Image Vulnerability Integration	true	On-Demand	NA	Qualys Knowledge Base Integration
3	Qualys Knowledge Base Integration	true	On-Demand	NA	NA

Qualys Container Vulnerability Integration

When the 'Pull Only In-Use Images' option is used, this integration pulls in-use image data associated with the configured account from the Qualys platform.

Perform the following steps from the Qualys CVR Integration:

Select Integration.
Click Qualys Container Vulnerability Integration.
Choose the frequency of the scheduled Run.
By default, the Run is set to On Demand.

The scheduling can be performed only for Qualys Container Vulnerability Integrations.

Qualys recommends not making changes to the Integration Details section.

You can choose to run the integration using one of the following options:
- Daily: Runs the integration daily at the configured time.
- Weekly: Runs the integration weekly at the configured time of the configured day.
- Monthly: Runs the integration monthly at the configured month-day time.
- Periodically: Runs the integration at the configured interval
- Once: Runs the integration only once at the configured date and time.
- On-Demand: Runs the integration only when the Execute Now is hit.
- Business Calendar: Entry Start: Refer to the ServiceNow documentation for information on the Business calendar.
- Business Calendar: Entry End: Refer to the ServiceNow documentation for information on the Business calendar.
By default, no filter is applied in the Image Filter section of the Container Vulnerability Integration. However, the 'ImageInUse' parameter is used in the Bulk Image API call to retrieve the data. You can optionally provide a query in the filter to refine the image data further.

Provide the filters in the form of QQL that are used on the Qualys Platform UI for the Container Security application.

Refer to the example given in the following image.

Click the symbol to see how to provide the query for data searching.
The API page size value is set to '50' by default.
This is the optional configuration; you can alter the API Page Size as per requirement.
For example, if the total result set has 1000 images and the API page size is 100, the result is divided into ten pages, with 100 images on each page.
To select a date for the Import Data Since field, click the calendar.

For Container Vulnerability Integration, the Import Data Since field allows you to select a date only up to a maximum of 30 days in the past.

After the initial installation, this field is pre-filled with a date from the past seven days. If you want to pull data from a specific date, choose it from the calendar in the Import Data Since field.

Once the data is successfully imported, the Import Data Since field is updated to reflect the most recent lastUpdated date from the previous response. In subsequent runs, the system performs incremental data synchronization starting from this last updated date.
Click Update.

Now, you are done with the Container Vulnerability Integration.

When ready to run the integration, click Execute Now or click Update to run it according to the defined schedule.

Next Integration: After completing the current integration run, the next sequential Integration starts running automatically.

Qualys Image Vulnerability Integration

Qualys Image Vulnerability Integration syncs Cluster and Namespace information from containers, only for images that are synced in the Container Vulnerability Integration.

The Qualys Image integration is auto-triggered after the Container Vulnerability Integration is completed.

We recommend not modifying the Qualys Image Integration configuration, as it may affect auto-triggers

Qualys Knowledgebase Integration

Qualys KnowledgeBase Integration syncs KnowledgeBase data, such as CVEs, Impact, and other detailsonly for the vulnerabilities that are synced in the Container Vulnerability Integration.

The Knowledgebase integration is auto-triggered after the Qualys Image Integration is completed.

We recommend not modifying the KnowledgeBase Integration configuration as it may affect auto-triggers.

kb integration

Vulnerability Integration Runs

Every time the integration run is executed, it appears in the Vulnerability Integration Runs under the respective integration.

This section summarizes and displays the status of the integration runs between the Qualys Platform and ServiceNow.

The following image shows vulnerability Integration Runs for Qualys Container Vulnerability Integration:

cvr run logs

The following image shows vulnerability Integration Runs for Qualys Image Integration:

The following image shows vulnerability Integration Runs for Qualys KnowledgeBase Integration:

kb run logs

Option 2: Pull All Available Images

The following table shows the integration details:

Sequence	Integration Name	Active	Default Run Type	Default Time (if applicable)	Next Integration
1	Qualys Image Vulnerability Integration	true	On-Demand	NA	Qualys Knowledge Base Integration
2	Qualys Knowledge Base Integration	true	On-Demand	NA	NA

When the 'Pull all Available Images' option is used, the Qualys CVR integration retrieves all image data from the Qualys platform using the configured account.

To use this option, you need to update the Qualys Image Vulnerability Integration configuration.

We recommend not modifying the Qualys Container Vulnerability Integration configuration.

Qualys Image Vulnerability Integration

Qualys Image Integration syncs image information such as registry, repository, tags, and Image layers for all the vulnerable images associated with the configured account from the Qualys platform.

To pull all image data, perform the following steps from the Qualys CVR Integration:

Select Integration.
Click Qualys Image Vulnerability Integration.
Uncheck the Running Container Only checkbox.

This checkbox is selected by default, which means only Option 1: Pull Only In-use Images will run.
Choose the frequency of the scheduled Run.
By default, the Run is set to On Demand.

The scheduling can be performed only for Qualys Image Vulnerability Integrations.

Qualys recommends not making changes to the Integration Details section.

You can choose to run the integration using one of the following options:
- Daily: Runs the integration daily at the configured time.
- Weekly: Runs the integration weekly at the configured time of the configured day.
- Monthly: Runs the integration monthly at the configured month-day time.
- Periodically: Runs the integration at the configured interval
- Once: Runs the integration only once at the configured date and time.
- On-Demand: Runs the integration only when the Execute Now is hit.
- Business Calendar: Entry Start: Refer to the ServiceNow documentation for information on the Business Calendar.
- Business Calendar: Entry End: Refer to the ServiceNow documentation for information on the Business Calendar.
To further refine the image data, provide a query in the filter. By default, the Image filter in the Image Vulnerability Integration does not have any filters applied. The lastVmScanDate is utilized in the Bulk Image API call to fetch the data.

Provide the filters in the form of QQL that are used on the Qualys Platform UI.

Refer to the example given in the following image.

Click the symbol to see how to provide the query for data searching.
The API page size value is set to '50' by default.
This is the optional configuration; you can alter the API Page Size as per requirement.
For example, if the total result set has 1000 images and the API page size is 100, the result is divided into ten pages, with 100 containers on each page.
To select a date for the Import Data Since field, click the calendar.

For Image Vulnerability Integration, the Import Data Since field allows you to select a date only up to a maximum of 90 days in the past.

The default value for the Import Data Since field is blank, and only data from the last seven days is retrieved. If you want to pull data from a specific date, choose it from the calendar in the Import Data Since field.

After the successful data pull is completed, the Import data since field is updated to the maximum of the lastUpdated date from the previous response. During every subsequent run, incremental data is synced from the lastUpdated date of the previous response.
Click Update.

Now, you are done with the Qualys Image Vulnerability Integration.