Qualys VMDR for ITSM

Welcome to Qualys Cloud Platform! We’ll show you how to use the Qualys Core and Qualys VMDR applications.

Qualys VMDR for the ServiceNow application comprises an application that manages the connection between ServiceNow and Qualys - Qualys Core. Once the connection is configured, you can define import configurations, import schedules, incidents and related event detection rules, and service-level agreement (SLA) definitions in the Qualys Core application. You can also configure detection rules for Qualys-patchable vulnerabilities that reflect in the automatic creation of change requests and the creation of patch jobs in Qualys Patch Management. This helps in faster remediation and thus helps to meet the SLAs to reduce risk within the organization.

Qualys VMDR

The Qualys VMDR is an application that tracks open vulnerabilities and maps remediation tickets to the respective resolver groups. It acts as a bridge between Security and IT teams and avoids manual intervention by creating automated workflows.

A Qualys Vulnerability Management, Detection, and Response (VMDR) subscription includes both Qualys VMDR and the Qualys Core app.

Key Features

The following are the key features of Qualys VMDR for ServiceNow:

  • Automated data import from Qualys VMDR, File Integrity Monitoring (FIM), and  Patch Management with predefined criteria- on demand or through a defined schedule.

    FIM incidents and related events can be configured from Qualys Core version 1.2.0 and later

  • Automated ticket creation, identification or matching of CIs with ServiceNowCMDB, assignment to rightful owners, and closure on remediation.

  • Vulnerability groups are based on multiple parameters, such as operating system, severity, Qualys TruRisk score, and so on. This helps reduce the number of incidentss for the IT teams to track and remediate.

  • Custom SLA can be defined for open vulnerabilities based on Qualys real-time threat indicators (RTIs) and Qualys VMDR 2.0 with TruRisk.

  • Automated Change request creation, approval enforcement, and integration with Qualys patch management

  • Integrated Exception Management and false positive process to offer a comprehensive and complete VM solution.

  • The rescan feature to measure the impact of patching. If the vulnerability is identified by Qualys as Fixed, based on the outcome of the consecutive scan or agent data, the incidents is automatically closed.

  • Dynamic dashboards and reports can be created to display data and status based on the status of the vulnerability, SLA monitoring, critical assets with RTIs, and Asset Risk Scoring.

Get Started

Get started with Qualys Core and Qualys VMDR applications using the following steps:

  1. Install the App
  2. Upgrade the App

Related Topic

Prerequisites

User Roles and Permissions