KEMBAR78
Qualys CMDB Sync User Guide | PDF | Computers | Technology & Engineering
0% found this document useful (0 votes)
58 views69 pages

Qualys CMDB Sync User Guide

Cmdb sync user guide for Qualys

Uploaded by

Ashutosh Mate
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
58 views69 pages

Qualys CMDB Sync User Guide

Cmdb sync user guide for Qualys

Uploaded by

Ashutosh Mate
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 69

Qualys CMDB Sync App

User Guide
Version 2.4.0

June 2, 2022

Verity Confidential
Copyright 2021-2022 by Qualys, Inc. All Rights Reserved.
Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
are the property of their respective owners.

Qualys, Inc.
919 E Hillsdale Blvd
4th Floor
Foster City, CA 94404
1 (650) 801 6100
Table of Contents
About this guide................................................................................................ 5
About Qualys ........................................................................................................................... 5
Qualys Support ........................................................................................................................ 5

Welcome to Qualys CMDB Sync App 2.4 ................................................... 6


Key Features ............................................................................................................................. 6
What’s New .............................................................................................................................. 6
Migration of Assets after Upgrade .................................................................................. 7
Pre-requisites ........................................................................................................................... 7

Get Started ......................................................................................................... 8


Install the App ......................................................................................................................... 8
Add API Source ........................................................................................................................ 9
Add Custom Pod (PCP) .................................................................................................... 10
Create Schedules ................................................................................................................... 11
Qualys to ServiceNow Scheduling ................................................................................. 12
ServiceNow to Qualys Scheduling ................................................................................. 14
Dynamic Asset Tagging Configuration ............................................................................... 20
Attribute List for Tagging ..................................................................................................... 22
Update Properties .................................................................................................................. 24
Customize Data List Columns .............................................................................................. 25

Syncing ..............................................................................................................26
Sync Queue ............................................................................................................................ 26
Download: Qualys to ServiceNow ................................................................................. 26
Upload: ServiceNow to Qualys ...................................................................................... 27
Approve Qualys Assets ......................................................................................................... 27
Failed Qualys Assets ............................................................................................................. 30

Advanced Configuration ................................................................................31


App Scheduled Jobs ............................................................................................................... 31
Transform Maps .................................................................................................................... 33
Identification Engine ............................................................................................................. 34
Qualys Category - CI Class Mappings .................................................................................. 35
Qualys Category - Hardware Device CI Mappings ............................................................. 37
Related Tables for Custom Fields ........................................................................................ 37
Application Log ...................................................................................................................... 39

View Reports................................................................................................... 40
Customize Overview Page .................................................................................................... 43

Verity Confidential
Add a Report .................................................................................................................... 43
Remove a Report ............................................................................................................. 44
Refresh Overview page .......................................................................................................... 44

Debugging and Troubleshooting................................................................45


How to debug ......................................................................................................................... 45
Observed Issues ..................................................................................................................... 45
Identification Engine Issues .................................................................................................. 46
Missing Dependency | File system ....................................................................................... 48
MISSING_MATCHING_ATTRIBUTE ...................................................................................... 50
Anticipated Issues ................................................................................................................. 51
Common Questions ............................................................................................................... 51
Backward Compatibility Issues and Observations ...................................................... 53
Recommendations .......................................................................................................... 55

Field Mapping for Tables ..............................................................................56


Classified Tables .................................................................................................................... 56
Asset Data Model ............................................................................................................ 56
Software Data Model ...................................................................................................... 57
Related Tables ........................................................................................................................ 58
Asset Data Model ............................................................................................................ 58
Software Data Model ...................................................................................................... 60
Hardware Data Mappings ..................................................................................................... 61
Appendix ................................................................................................................................. 64
Asset Metadata ................................................................................................................ 65
Business App Metadata .................................................................................................. 65

Migration Support...........................................................................................67
Why Migration Needed? ................................................................................................. 67
Get Started ....................................................................................................................... 67
Qualys CMDB Sync App
About this guide

About this guide


Welcome to Qualys Cloud Platform! We’ll show you how to use the Qualys CMDB Sync
App to synchronize Qualys IT asset discovery and classification with the ServiceNow
Configuration Management Database (CMDB) system.

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses
simplify security operations and lower the cost of compliance by delivering critical
security intelligence on demand and automating the full spectrum of auditing,
compliance and protection for IT systems and web applications.
Founded in 1999, Qualys has established strategic partnerships with leading managed
service providers and consulting organizations including Accenture, BT, Cognizant
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT,
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a
founding member of the Cloud Security Alliance (CSA). For more information, please visit
www.qualys.com

Qualys Support
Qualys is committed to providing you with the most thorough support. Through online
documentation, telephone help, and direct email support, Qualys ensures that your
questions will be answered in the fastest time possible. We support you 7 days a week,
24 hours a day. Access support information at www.qualys.com/support/

5
Qualys CMDB Sync App
Welcome to Qualys CMDB Sync App 2.4

Welcome to Qualys CMDB Sync App 2.4


The Qualys CMDB Sync App 2.4 for Configuration Management Database (CMDB)
automatically synchronizes comprehensive information about your global IT resources
that are continuously monitored by Qualys Asset Inventory. This leverages Qualys’ highly
distributed and scalable cloud platform, and various data collection tools, including
Qualys’ groundbreaking Cloud Agents, to compile and continually update a full inventory
of your IT assets everywhere: on premises, in elastic clouds and mobile endpoints.

Key Features
- Asset information is automatically enriched with additional context such as lifecycle
date and support stage, license category
- For assets that already exist in both, asset metadata can be synchronized
- Optionally, asset information is staged for user approval before being written to CMDB
- Support for multiple Qualys accounts/API sources
- Synchronization schedules can be configured and saved
- Preconfigured table transform maps for open ports, assets, network interfaces, software,
processors and volumes
- Preconfigured reports
- Preconfigured CI Class Manager that pre-populates the source-destination field
mappings and also allows you to create your own mappings for CI Class.
- Support for Cloud Data (metadata) synchronization for Amazon Web Services, Microsoft
Azure, Google Cloud Platform cloud providers till staging area.

What’s New
Here's what's new in Qualys CMDB Sync App 2.4.0!
In ServiceNow to Qualys Flow:
- If CI is NOT present in Qualys: the CMDB sync app allows you to create and add dynamic
asset groups or dynamic asset tags to Qualys assets when CI is not present in Qualys.
- If CI is already present in Qualys: the CMDB sync app allows you to create and add
dynamic asset tags using asset metadata while syncing business information with Qualys
for existing Qualys assets.

6
Qualys CMDB Sync App
Welcome to Qualys CMDB Sync App 2.4

Migration of Assets after Upgrade


We do not support backward compatibility once you upgrade to Qualys CMDB
Sync App 2.1 version. Once upgrade to 2.1 version and before you sync assets or
create schedules, we recommend you to migrate all assets (that belong to
Computer Extended tables) to the CMDB production tables. We provide a
scheduled job for migration of such assets. For more information and detailed
steps, refer to Migration Support.

Pre-requisites
You must have a valid Qualys account subscription with API Access and access to
following modules:
- Qualys Subscription with CyberSecurity Asset Management (Qualys to ServiceNow Sync)
- Asset Inventory CMDB Sync enabled within your Qualys subscription (Qualys to
ServiceNow Sync)
- Vulnerability Management (ServiceNow to Qualys Sync)
- To sync from ServiceNow to Qualys, you need a Qualys account with a Manager role.
- The user's role must have the "Update Asset" permission for the CSAM module.
(ServiceNow to Qualys Sync - Business Information Sync)

7
Qualys CMDB Sync App
Get Started

Get Started
Here we’ll help you with the initial configuration and setup needed to get started.

Quick Steps
Install the App - You’ll get the app from the ServiceNow app store.
Add API Source- Provide the API Source details and use Test Connection to know if the
connection between ServiceNow and the defined source is working fine.
Create Schedules - Provide details to create a schedule. Once a schedule is successfully
created, the sync between the source and CMDB gets working as per the schedule.
Update Properties - The Properties have pre-defined values, however you can always
update a property to better suit your needs.

Install the App


Visit the ServiceNow Online Store.
Search for Qualys CMDB Sync App, and click Contact Seller. Your Technical Account
Manager (TAM) will contact you, and then ServiceNow provisions the app into an instance
of your choice. The app then appears in the “Downloads” list of your instance. Click
“Install” to start using the app.
In the Search field, type Qualys CMDB Sync, and then select Qualys CMDB Sync App from
the left pane. After you are done, new module appears in your ServiceNow instance that
looks like this:

8
Qualys CMDB Sync App
Get Started

Add API Source


Once you install the Qualys App, you need to add the API source. Go to Qualys CMDB Sync
App > Configuration > API Sources, and click New.

Enter required details to create the source:


Name - Provide a name for the API source.
POD - Click and select the valid Qualys POD. The Private Cloud Platform (PCP) users can
create and add details of their PCP environment. For information on how to add custom
pod details, see Add Custom Pod (PCP).
Username and Password - Enter valid Qualys Cloud Platform credentials with API access
enabled for the account on the selected POD.
Enable Qualys to ServiceNow Sync and Enable ServiceNow to Qualys Sync - Select these
options to allow uninterrupted sync between Qualys and ServiceNow.
Active - Select this option to tell us the source is active and assets should be synced from
the active source. In case of multiple sources, you can use this option to activate or
deactivate a source.
Sync Software Catalog

Select Sync Software Catalog option to enable software sync to staging tables.

9
Qualys CMDB Sync App
Get Started

By default, this check box is disabled. Only after you enable the Sync Software Catalog
check box, the Sync Software Catalog to CMDB check box is displayed. Use this check box
to enable software sync and add the software data to CMDB tables. Once the sync cycle is
complete, the sync details are populated in Last Sync Timestamp, Last Sync Key and in
Sync notes fields.
Click Submit to create the API source.
Then, after configuring and saving the API source, choose the record you just created from
the API source list, open the record and click Test Connection.

Add Custom Pod (PCP)


Qualys provides you with pre-defined pod details for Qualys platforms. If you are a PCP
user, we also give you the option to create and add details of your PCP environment.
Here are the steps to add new POD entry/PCP URLs:
1. Go to Qualys CMDB Sync App > Configuration > API Sources, and click New.

2. Click the search icon in the POD field.

The list of PODs - 'Qualys PODs' table is displayed.


3. Click New to add POD information.

4. Provide the following information and save the custom record.


a. POD: Name for the custom POD record

b. Server: Click the unlock icon to provide the Server URL.


c. Asset Inventory Server: Click the unlock icon to provide the Qualys API Gateway URL.

10
Qualys CMDB Sync App
Get Started

The Qualys API URL you should use for Server and Asset Inventory Server fields depends
on the Qualys platform where your account is located. For more information on Qualys
platform URLs, see Qualys Platforms.

Create Schedules
You need to set up at least one schedule. You may eventually want many more. Once a
schedule is successfully created, the sync between the source and CMDB gets working as
per the defined schedule.

11
Qualys CMDB Sync App
Get Started

Qualys to ServiceNow Scheduling


Go to Qualys CMDB Sync App > Schedules and select “Qualys to ServiceNow” for Sync
Direction.

Enter required details to configure the schedule:


Name - Provide a unique name for your schedule that helps you identify your schedule.
Active - Select to enable and activate the schedule you create. If you want to activate a
schedule sometime later, you can disable this checkbox.
API Source - Select the API Source.
Sync Direction - Select Qualys to ServiceNow.
Target Transform Map - Select the custom transform map that tells us which destination
table to put the assets in. Support of Configuration Item (CI) Class Selection allows you to
define/customize the destination tables into which the pulled asset information should go
after the assets are approved. For more information, refer to Transform Maps section.
Download Assets Since: Define the date and time to sync assets from Qualys to
ServiceNow. The schedules will download the assets after the defined time.
API Filter: Use search tokens to filter the assets as per the requirement.
Example: operatingSystem.category1:'Linux’
This token will list all the assets with the Linux operating system.

12
Qualys CMDB Sync App
Get Started

Click here for help on using the search tokens.


Run, Starting, Repeat Interval - Tell us the frequency of the schedule to be executed. For
example, you could schedule it periodically every 15 minutes.
Auto Approve - Select this to enable auto-approval of assets. This will save the effort of
manually approving the assets to be staged on the production tables.
Qualys to ServiceNow Sync - Select the information we should fetch for each asset: Sync
Ports Info, Sync Volumes Info, Sync Network Interfaces Info, Sync Software Info.
For initial sync from Qualys to ServiceNow, we recommend that you plan your schedules
at an interval of every fifteen minutes.
Once you configure your selections, click Submit to create the schedule.
Note: The Meta Info fields and few other blank fields such as Last Run Timestamp, Last
Fetched Host Id are populated with information only after the schedule is executed.

13
Qualys CMDB Sync App
Get Started

ServiceNow to Qualys Scheduling


Go to Qualys CMDB Sync App > Schedules and select “ServiceNow to Qualys” for Sync
Direction.

14
Qualys CMDB Sync App
Get Started

Enter required details to configure the schedule:

Name - Provide a unique name for your schedule that helps you identify your schedule.
Active - Select to enable and activate the schedule you create. If you want to activate a
schedule sometime later, you can disable this option.
API Source - Select the API source.
Sync Direction - Select ServiceNow to Qualys.
Run, Starting, Repeat Interval - Tell us the frequency of the schedule to be executed. For
example, we could configure to execute schedule only on-demand.
ServiceNow to Qualys Sync - You can sync the IPs and Asset Metadata from ServiceNow
to Qualys.
For initial sync from ServiceNow to Qualys, we recommend that you plan your schedules
at an interval of every ten minutes.
Asset Scope: - Define the scope of assets to be synced.

The Table and Query components allow you to select the asset metadata table as per
your requirement.
Filter the query by choosing from the default fields to sync asset metadata to Qualys.

15
Qualys CMDB Sync App
Get Started

If CI is already present in Qualys


Configuration Item (CI) includes the base configuration for all the assets in the CMDB
table.

You can sync business information along with asset metadata to Qualys then enable the
Sync Business Information to Qualys checkbox.
Note: If you do not enable the checkbox then the asset metadata will not get synced. Only
the asset with new IP addresses will get synced to Qualys.
Asset Metadata Attributes: Unlock the Asset Metadata Attributes option by clicking the
unlock button > Click Add/Remove multiple option.

A new pop-up window appears, and you can select the attributes from the list. Use Add
Filter and Run Filter options to isolate the records > click Save > Click the lock button to
lock your selected attributes.

16
Qualys CMDB Sync App
Get Started

All of the selected attributes from the list can sync asset metadata from ServiceNow to
Qualys.
Appendix to view the mapping of the fields for asset and business application metadata
Business Application Table: Select the table for business applications or services to get
sync from ServiceNow
- Business applications: Use to sync the CMDB configuration item application data.

- Services: Use to sync the CMDB configuration item services data.

Business Application Attributes: Unlock the Business Application Attributes option by


clicking the unlock button > Click Add/Remove multiple option.

A new pop-up window appears, and you can select the attributes from the list. Use Add
Filter and Run Filter options to isolate the records > click Save > Click the lock button to
lock your selected attributes.
All of the selected attributes for the business applications or services can get synced from
ServiceNow to Qualys.

17
Qualys CMDB Sync App
Get Started

Note: For Business Metadata sync, if CI is present in Qualys, then it must be synced into
ServiceNow and transformed to CMDB tables at least once. That CI will be associated
with a Qualys Asset ID, and it will be used to sync Business Metadata from ServiceNow to
Qualys.
Note: For Asset Metadata and Business Applications, 'created' and 'last updated' fields are
mandatory for asset metadata sync and should not be removed; if these fields are
removed, API calls to sync data will fail.
If Sync Business Information to Qualys is enabled, you can configure the application to
create dynamic tags for asset/business metadata attributes.
To configure Dynamic Tagging for asset/business metadata attributes, navigate to
Configuration > Dynamic Tagging Configuration.

18
Qualys CMDB Sync App
Get Started

Dynamic Asset Tagging Configuration


We've added a new dynamic asset tagging configuration feature that allows you to
automatically create and maintain tags based on CMDB business information (Status,
Organization, Environment, Business Criticality, Business Application Attributes) and use
them across all Qualys solutions/apps for VMDR prioritization, asset scoping, and
organizing vulnerability scans and reports.

Enter required details to configure the dynamic asset tagging:


Enable Dynamic Tagging - Select the checkbox to enable the dynamic tagging
configuration.
Once you enable the dynamic tagging configuration, a new option, Use Parent Tag will
appear, and it will help you to set the Parent Tag.
Use Parent Tag - Select the checkbox to enable the options to create or use any existing
tag.
Note: If you don't enable the parent tag, then the dynamic tag will be created without any
hierarchy.
Parent Tag Creation - Use this option to create a new tag or select any existing tag.

19
Qualys CMDB Sync App
Get Started

Enter Parent Tag Name - Use this option to provide and set the name of your parent tag.

The Select Tag will appear on the page if you select the “Use Existing Tag” option from the
Parent Tag Creation field. It will make it easier for you to choose the appropriate tag.
Select Tag - Use this option to select an existing tag. Select any existing tag from the Asset
Tag List by using the Search button.
Note: You can select the existing tag as a parent tag to create dynamic tags for the
business metadata. If a parent tag doesn't exist in the Qualys Subscription, the application
will create a new static tag with the same name.
Save - Click save to save your parent tag configuration.
Once the tags for the attributes have created, the business metadata will get synced.
When the business metadata get synced, Qualys automatically generates the tags for the
asset's attributes in the backend.
You can select or deselect attributes from the attribute list to create the tag according to
your preferences.
Note: If you don't want to tag to be created for any attribute, then make that attribute
active false.

20
Qualys CMDB Sync App
Get Started

Attribute List for Tagging


In the attribute list for tagging section, you can create and add the parent tag.

Attribute - This field shows the attribute name and will be similar to the parent tag name
e.g. 'Department'
Active - Select the checkbox to activate the dynamic tag for the by default selected
attribute.

Use Parent Tag - Select the checkbox to appear the new options on the page - It will help
you to create a new tag or select any existing parent tag.
Parent Tag type - Use this option to create a new tag or select any existing parent tag.
Selected Parent Tag - Use this option to select any existing parent tag. Use the Search
button to find and select any existing parent tag from the Asset Tag List.

21
Qualys CMDB Sync App
Get Started

The Parent Tag Name will appear on the page if you select the “Create New Tag” option
from the Parent Tag Type field. It will make it easier for you to give the appropriate name
to your tag.
Parent Tag Name - Use this option to provide and set the name of your parent tag.

Once you enable the Tag Prefix checkbox then Tag Prefix Value text-box will appear on
the page.
Tag Prefix - Select the checkbox and enable the tag prefix to add a prefix to your tag.
Tag Prefix Value - Use this field to enter your tag prefix value.
The prefix will be appended to that specific attribute tag once you enter it.
Sample Tag Name - This text box displays the details of your attribute tag.
Update - Click update to update your newly created parent tag attribute configuration.

22
Qualys CMDB Sync App
Get Started

If CI is NOT present in Qualys


If CI configuration does not exist in the Qualys configuration environment then you will
get only IPs from ServiceNow to Qualys.

Tracking Method - Choose the tracking method from IP, DNS, or NETBIOS for assets when
syncing from ServiceNow to Qualys.
Assign Tag/Group (Optional) - We modified this functionality by adding a dropdown that
includes Dynamic Asset Group, Dynamic Asset Tag, Static Asset Group, and Static Asset
Tag.
When you select Dynamic Asset Group from the dropdown, an empty text box appears,
which you can use to create the asset group on the runtime to sync the assets or CI with
the Qualys.
When you select the Dynamic Asset Tag, an empty text box appears, which you can use to
create a dynamic asset tag on the runtime to sync the assets or CI with the Qualys.
- To create the dynamic asset group name or tag name, a plain string and attributes name
can be used. The attribute name can be used in format ${attribute name} e.g.,
${environment}

23
Qualys CMDB Sync App
Get Started

You can use the Show available fields/columns option to add the attributes from the
target table. It is a read-only list of available attributes from the target table, where you
can copy the available attributes and paste them into the dynamic group or tag name field
using the format ${attribute_name}

- If the dynamic tag name or group name is already present in staging tables, i.e.,
x_qual5_itam_nwapp_qualys_asset_groups or x_qual5_itam_nwapp_qualys_asset_tags -
in that case, the Service graph connector will not initiate to create a call for another
duplicate group or tag name. Instead, it will fetch and use the tag id or group id of the
existing tag/group from staging tables.
When you select Static Asset Group, an empty text box appears, which you can use to
search and enter the existing qualys asset group. Click the Search button to select the
qualys asset group from the list.
When you select Static Asset Tag, an empty text box appears, which you can use to search
and enter the existing qualys asset tag. Click the Search button to select the qualys asset
tag from the list.
A Static Asset Tag or Static Asset Group. The "Static Asset Tag" or "Static Asset Group" box
will assign that tag in Qualys Cloud Platform to any assets synced from ServiceNow.
Note: The Asset Tags that belong to only the NETWORK_RANGE type are populated. All
other asset tags are ignored.
We also highly recommend adding filter conditions (at minimum IP Address) to assets to
be synced. When selecting a TABLE, ensure that the table has a column with the
"ip_address" name; otherwise, the ServiceNow > Qualys sync may not function.
VM (Vulnerability Management) is enabled by default to scan the assets you sync. We
recommend that you do not disable this option. It is optional to enable PC (Policy
Compliance).
Once you configure your selections, click Submit to create the schedule.
Note: The Meta Info fields and few other blank fields such as Last Run Timestamp are
populated with information only after the schedule is executed.

24
Qualys CMDB Sync App
Get Started

Update Properties
The Asset Sync Properties have pre-populated values. However, you can always change the
values to suit your needs. To view the existing properties or update the values, go to
Qualys CMDB Sync App > Configuration > Properties.

Let’s take a look at how each property functions.


Size of Download batch - Configure two properties using this setting:
- The maximum number of assets to be fetched in a single API request call made by the
scheduler.
- The maximum number of records to be fetched and processed at one go from the queue
by the download processor.
Size of Upload batch - Maximum number of records to be picked by the upload processor
from the queue to be uploaded to Qualys.
Max Transaction Lifetime (in minutes) - The Qualys App has time restrictions on
schedule run time. Although by default the time restriction is set to 10 minutes, you can
change the time restriction to any time between 10 and 60 minutes. If you configure the
schedule time to 20 minutes, the schedule is stopped after 20 minutes. In such a case,
next scheduled run will resume from where the earlier run was stopped.
API Timeout Setting (in milliseconds) - The wait time (in milliseconds) for the response to
the API request.
How to add data in CMDB - Choose a method to insert the data in CMDB:
- Transform Maps. Allows you to use single or multiple attributes but only single condition
to define which assets to add/update to the CI records. For more information, see the
Transform Maps section.
- Identification Engine. Allows you to use single or multiple attributes along with multiple
conditions to define which assets to add/update to the CI records. or more information,
see the Identification Engine section.

25
Qualys CMDB Sync App
Get Started

Software catalog API page size - The number of software catalog records to be fetched in
a single API request call made by the Software Catalog Sync – Scheduled job.

Customize Data List Columns


We display few columns in the data lists. You can customize which columns appear and
change the column sequence. We’ll show you an example for adding the column “Updated
by” to data lists.
1) Click the icon in the main pane. The Personalize List Columns pop-up appears.

2) The Available list includes columns that are currently hidden. From this list, select the
column you want to display. For example, double-click the column “Updated by” and you’ll
see it moved to the Selected list.
3) Enable or disable other settings like Wrap column text, double click to edit, and so on.
4) Click OK.
You’ll start seeing the Updated by column. If for some columns, the data is not available,
the value in the column will be empty.

26
Qualys CMDB Sync App
Syncing

Syncing
Start syncing your asset information between Qualys and ServiceNow CMDB.

In Summary
Sync Queue: This is where you’ll see all jobs involved during the flow of assets between
Qualys and ServiceNow.
Approve Qualys Assets: This is where you’ll see assets that need manual approval when
auto-approval is not enabled.
Failed Qualys Assets: This is where you’ll see assets that failed to get transformed.

Sync Queue
The Sync Queue lists jobs of two types: Upload and Download. The Type column indicates
the direction of the flow of assets.

Download: Qualys to ServiceNow


This shows the list of jobs run from Qualys to ServiceNow assets. The status indicates
whether the application was able to parse the XML response successfully. The XML that
was transferred is also available here (usually attached as response.xml).

27
Qualys CMDB Sync App
Syncing

Upload: ServiceNow to Qualys


This is the list of assets to be synced from ServiceNow to Qualys Cloud Platform. Defining
IP along with Asset Tag or Asset Group in Schedules will add two entries for an asset
during upload: one for IP address and one for Asset Tag or Asset Group.

Approve Qualys Assets


Assets imported from Qualys to ServiceNow will appear here for approval after successful
processing in Sync Queue. If processing fails for any record in Sync Queue (status = Error),
none of the host assets in that XML will be visible here. You’ll need to approve each asset
individually or one screen at a time. You will overwrite data in your CMDB when you
approve the asset.

Save time by using auto-approval


Enabling auto-approval of assets saves you effort and time because you won’t have to
manually approve each asset. If you enable auto-approval, none of the assets are
displayed in the Approve Qualys Assets list.

28
Qualys CMDB Sync App
Syncing

Support for Cloud Meta data


We currently support three cloud providers: Amazon Web Services (AWS), Microsoft
Azure, Google Cloud Platform (GCP). All your cloud assets imported from Qualys to
ServiceNow appear in Asset Details related tables for approval after successful processing
in Sync Queue. Let us view few examples.

AWS

AWS: Staging Cloud Metadata

29
Qualys CMDB Sync App
Syncing

Microsoft Azure

Microsoft Azure: Staging Cloud Metadata

30
Qualys CMDB Sync App
Syncing

GCP

GCP: Staging Cloud Metadata

Failed Qualys Assets


All of the assets imported from Qualys to ServiceNow that fail to get transformed are
listed in the Failed Qualys Assets list. The transformation from Qualys to ServiceNow
could fail due to criteria not being matched. For example, if you define the method to add
data as “Identification Engine” and there is no identifier in the app.

31
Qualys CMDB Sync App
Advanced Configuration

Advanced Configuration
The Advanced Configuration tells you about various pre-defined configurations and steps
to customize them to your need. Transform Maps and Identification Engine are methods
you can use to add data to your CMDB.

In Summary
App Scheduled Jobs - List of all scheduled jobs. Update or change the frequency of
scheduled jobs as per your needs.
Transform Maps - Use transform mapping to map source and destination fields
dynamically. Use predefined Transform Maps.
Identification Engine - Use this method to define the criteria using single or multiple
attributes that uniquely identify the source assets and asset information before the assets
get approved and are added to the CMDB system.
Qualys Category - CI Class Mappings - Provides pre-defined class mappings to identify
source assets.
Application Log - All log entries related to the important activities in Qualys App.

App Scheduled Jobs


All of the App Scheduled Jobs are listed under Advanced > App Scheduled Jobs.

We support the following App Scheduled Jobs. The function and frequency of execution of
each job is described. However, you can always update or change the frequency of
scheduled jobs as per your needs.

32
Qualys CMDB Sync App
Advanced Configuration

Auto Approval Processor - Checks the records to know which schedule does it belong to and
processes it further. Only records that have auto-approval enabled are processed by the
Auto Approval Processor.
Download Processor - Picks the records of type Download with Queued status from sync
queue and parses the XML. The number of records to be picked in a batch is defined by the
Size of Download batch setting in Properties section. Currently, we support three
download processors that work in parallel to fasten the process.
Fetch Qualys Asset Groups Schedule - By default, this schedule is executed once daily. Once
executed, it syncs all of the Asset Groups in Qualys Cloud Platform for use within the App.
You may run this more than once a day if you generate Asset Groups in Qualys Cloud
Platform frequently.
Fetch Qualys Asset Tags Schedule - By default, this schedule is executed once daily. Once
executed, it syncs all of the Asset Tags in Qualys Cloud Platform for use within the App.
You may run this more than once a day if you generate Asset Tags in Qualys Cloud
Platform frequently.
Migration 1.x - By default, this job is deactivated. The purpose of this job is only for
migration of approved assets that belong to Computer Extended table and need to be in
production tables. To know more about the complete migration process, refer to Migration
Support.
Qualys Sync Queue Cleanup Job - Clears the Sync Queue records with 'SUCCESS' status (older
than 30 days) and records with 'ERROR' status (older than 60 days) on daily schedule.
Qualys Terminate Schedule Logs - Maintains a log of the transactions that are terminated
due to exceeding the time required to execute the transaction.
Software Catalog Sync - This schedule fetches Software Catalog records from Qualys to
ServiceNow. By default, this schedule is executed every 4 hours. Once executed, it syncs
all the Software Catalog records from Qualys Cloud Platform. You may run this more than
the default frequency (4 hours) if Software Catalog details get updated in Qualys Cloud
Platform frequently.
Uploader - Picks the records of type Upload with Queued status from Sync Queue and
sends it to Qualys.

33
Qualys CMDB Sync App
Advanced Configuration

Transform Maps
A transform map is a set of field maps that determine the relationships between fields in
an import set and fields in an existing ServiceNow table.
After creating a transform map, you can reuse it to map data from another import set to
the same ServiceNow table. The Transform Maps module allows an administrator to
define destinations for imported data on any ServiceNow table. Transform mapping can
be as simple as a drag and drop operation to specify linking between source fields on an
import set table and destination fields on any ServiceNow table.

Use transform mapping to map source and destination fields dynamically. You could
easily use the predefined Transform Maps or create one to suit your need.
Qualys Pre-defined Transform Map Type of Asset Information Affected
Qualys CMBD Sync OS Details Transform Map  Qualys OS Details
Qualys CMBD Sync Software Instance Transform Map Software Instance
Qualys CMBD Sync Computer Transform Map    Computer
Qualys CMBD Sync Network Interface Transform Network Adapter
Map
Qualys CMBD Sync Master Software Transform Map Software
Qualys CMBD Sync Hardware Details Transform Map  Additional Hardware Details
 

Qualys Migration Transform Map    Computer


Qualys CMBD Sync Software Details Transform Map Additional Software Details
Qualys CMBD Sync Serial Numbers Transform Map Serial Number
Qualys CMBD Sync Qualys Asset Details Transform Qualys Asset Details
Map 

34
Qualys CMDB Sync App
Advanced Configuration

Qualys Pre-defined Transform Map Type of Asset Information Affected


Qualys CMBD Sync Open Ports Transform Map  Asset Open ports
Qualys CMBD Sync IP Address Transform Map IP Address
Qualys CMBD Sync Volumes Transform Map File System

Learn more
Please refer to the ServiceNow documentation to learn more about transform maps.

Identification Engine
You could opt to use Identification Engine instead of Transform Maps. Similar to
transform maps, the identification engine helps you to decide which assets should be
added to CMDB system. You can to define the criteria using single or multiple attributes
that uniquely identify the source assets and asset information before the assets get
approved and are added to the CMDB system.

Pre-requisites
- Identification Engine uses the “Configuration Management for Scoped Apps” plugin
which must be installed before you start using it. Please refer to the ServiceNow
documentation for detailed installation steps.
- Ensure that you add Qualys as Choices in the Discovery Source (column) of the
Configuration Item (cmdb_ci table). Go to System Definition > Tables and search for
Configuration Item table. In the table, open the Discovery Source column. Click New
under Choices section and add Qualys as Label and Qualys as Value and click Submit.

35
Qualys CMDB Sync App
Advanced Configuration

Qualys Category - CI Class Mappings


We have pre-defined tables that contains set of records with matching rules. The rules are
defined using single or multiple attributes to uniquely identify source assets. The rules
form the criteria to identify the assets to be picked from the source and then added to
target CI classification.
The fields that could be mapped directly with the ServiceNow tables got listed in the
classified tables. The custom fields that could not be directly mapped with the existing
ServiceNow tables are listed in the related tables.

Classified Tables
The classified table includes the mapping of source fields with target fields that are
recommended/used by ServiceNow.

Each column of the categorized CI class mappings is listed below:


Name: The pre-defined name given by Qualys to the CI class mapping.

36
Qualys CMDB Sync App
Advanced Configuration

Active: The status of the mapping indicating if the current mapping is active or not. True
indicates mapping being active.
Deprecated: The status of the record if it is displayed in the table or not while creating new
rule. This is a read-only field used by application for processing purposes.
Priority: The priority decides the sequence in which the mappings should be acted upon. In
case of multiple mappings for similar fields, the mapping with lowest number gets higher
priority. For example, if there are two mappings with priority 50 and 100. The mapping
with priority 50 gets higher precedence than 100.
Rules: The rule that forms the criteria to select the assets from the source table (Qualys).
Table: The column used to hold reference to staging table on which rules conditions are
being executed
Target CI Class: The name of the destination/target table (defined by ServiceNow) on the
production environment where the data should be inserted. If you want change
destination table, you can change the target CI class for the corresponding source field.
For detailed list of field mappings for classified tables, refer to the Classified Tables.

CI Class Mapping for Custom Fields


Let us see an example of creating custom fields mapping based on the hardware
manufacturer for Windows server.
Click New and the blank form to create a new record for CI class mapping is displayed.

1. Provide a name for the record you want to create. For example, Windows Server Sample
as we are creating mapping for Windows server.
2. Select the Active check box to activate the mapping you create. If the check box is clear,
it indicates that the current mapping will not be used for inserting data in production
table of ServiceNow.
3. Define the priority for the mapping. For highest precedence, use the lowest number in
priority.

37
Qualys CMDB Sync App
Advanced Configuration

4. Select the Target CI Class table from the pre-populated list. The table you choose forms
the destination table for the mapping.
5. Define the rule that would form the criteria to choose the source assets to be picked and
mapped. You could form a rule using single or multiple attributes and filters.
Click Submit to complete the mapping process.

Qualys Category - Hardware Device CI Mappings


Similar to Computer CI Class mappings, we have pre-defined tables that contains set of
records with matching rules for hardware related fields. The rules are defined using two
attributes to uniquely identify source assets. If an asset meets the attributes that match
the attributes listed in category 1 and category 2, only then the source asset is moved to
the target CI classification table.
Note: The Computer CI Class Mappings has precedence over hardware devices CI
mappings.
For detailed mappings, see Hardware Data Mappings section.

Related Tables for Custom Fields


The custom fields that could not be accommodated in the classified tables are listed in
separate tables called as related tables.
If you are using custom table that includes custom fields (excluding pre-defined fields),
you need to create new mappings record to match the customizations.
Note: We do not recommend that you edit the mappings we provide in the related tables
as it could lead to mismatch of the data and result it Identification Engine discarding the
data.

How to identify and view related table entries in out of the box table entries
1. Open the CMDB Table Record Entry (cmdb_ci_computer.list).

38
Qualys CMDB Sync App
Advanced Configuration

2. On the top grey bar, right-click and choose Configure > Related lists from the menu.

4. Select the required column names from Available and then click the > (Add) button to
Selected check box and then click Save.

39
Qualys CMDB Sync App
Advanced Configuration

You can then view the details for the added columns in Related Links section.

Application Log
Log entries are listed under Advanced > Application Logs.

Logged activities include:


- API Response. For example, when you click Test Connection and if the account does not
have access to Global IT Asset Inventory module.
- Schedule Lifecycle (Start, Run, and Finish)
- Lifecycle of Download Processor and Upload Processor (Start, Run, and Finish)
- Transform Type being used (Transform Map or Identification Engine)
- Asset Approval type (Manual or Auto Approval)
- Fetching Asset Tags and Asset Groups

40
Qualys CMDB Sync App
View Reports

View Reports
Go to Qualys CMDB Sync App > Overview. The Overview page displays a consolidated view
of all the reports. If you view this page before syncing the assets, it may display all values
as zero.
Note: From version 1.0 onwards, the Reports option is merged in the Overview option.
Thus, you will no longer see the Reports option in the menu.

Note: From v2.3.0 onwards all these widgets - Application Categories, Application
Publishers, Database Distributors will get updated from the Additional software details
table when software catalog sync for CMDB is enabled.
When the Overview page is launched for the first time, you see a list of 10 default reports.
However, the reports can be customized based on your preference. For more information,
see, Customize Overview Page.

41
Qualys CMDB Sync App
View Reports

Types of reports that you can configure:


Report Name Description
Qualys Assets Reports
Approved Qualys Assets The Approved Qualys Assets report lists the assets auto/manually
approved. This number is listed on the production table.
Asset Categories The Asset Categories report gives a clear picture of the various types
of assets across your organization. The chart is a diagrammatic
representation of the asset categories. Click the bar to view additional
details about the respective asset category.
End of Life Operating The End of Life (EOL) Operating Systems report gives a clear picture of
Systems the various types of operating systems with the end of life across your
organization. The chart is a diagrammatic representation of the
operating systems. Click the bar to view additional details about the
respective operating system.
Failed Qualys Assets The Failed Qualys Assets lists the number of assets that are not
transformed into the CMDB table.
Hardware Manufacturers The Hardware Manufacturers report gives a clear picture of the
various manufacturers of hardware across your organization. The
chart is a diagrammatic representation of the hardware
manufacturers. Click the slice to view additional details about the
respective manufacturer.
OS Distribution The OS Distribution report gives a clear picture of the operating
systems installed on the assets across your organization. The chart is
a diagrammatic representation of the operating systems. Click the
slice to view additional details about the respective operative system.
Pending Qualys Assets The Pending Qualys Assets report lists the assets which are not
approved.
Synced Qualys Assets The Synced Qualys Assets report lists the assets synced from Qualys
to ServiceNow.
Software Report
Application Categories The Application Categories report gives a clear picture of the various
types of applications installed on the assets across your organization.
The chart is a diagrammatic representation of the various
applications. Click the bar to view additional details about the
respective application category.
Application Publishers The Application Publishers report gives a clear picture of the various
publishers of the application installed on assets across your
organization. The chart is a diagrammatic representation of the
publishers. Click the bar to view additional details about the
respective publisher.
Database Distribution The Database Distribution report gives a clear picture of the various
types of the database used across your organization. The chart is a
diagrammatic representation of the database distribution. Click the
bar to view additional details about the respective database type.

42
Qualys CMDB Sync App
View Reports

Report Name Description


End of Life Application The End of Life (EOL) Application report gives a clear picture of the
various types of applications with end of life across your organization.
The chart is a diagrammatic representation of the Application. Click
the bar to view additional details about the respective operating
system.
Software Distribution The Software Distribution report gives a clear picture of the various
types of software used across your organization. The chart is a
diagrammatic representation of the software distribution. Click the
bar to view additional details about the respective database type.
Software Lifecycle Stage The Software Lifecycle Stage report lists the lifecycle stages of
applications. Example: GA, EOL/EOS.

43
Qualys CMDB Sync App
View Reports

Customize Overview Page


You can add or remove the reports from the Overview page.

Add a Report
Click on Add content, the Add content pop-up appears. Select one of the following options
to add reports:
-To add Qualys Assets reports: Select Reports from the first column, Qualys Assets from the
second column and in the third column, select the required report from the displayed list.

-To add Software reports: Select Reports from the first column, Staging Master Software
from the second column and in the third column, select the required report from the
displayed list.

Once you select the required report, click one of the Add here options. The 10 Add here
options indicate different locations where you can add the report on the Overview page.

44
Qualys CMDB Sync App
View Reports

Remove a Report
To remove a report from the overview page, click on the close option. Once you delete
the report, you cannot undo the process. To add the same report again, see Add a Report.

Refresh Overview page


To refresh all the reports on the Overview page at a fixed interval, click on the Homepage
Settings icon and select the required Refresh interval.

45
Qualys CMDB Sync App
Debugging and Troubleshooting

Debugging and Troubleshooting


Here are scenarios that will help you debug certain common issues.

How to debug
In case of any unexpected application behavior one should check the application logs.
The application log has four different levels of logging: Information, Error, Warning, Debug
The application writes log entries after important transitions. For example, Schedule run,
on click of test connection to API Server [Qualys CMDB Sync App > Advanced >
Application Log]

Observed Issues
Scenario: Sometimes clicking on 'Test Connection” gives 'error' response to user.
Workaround: Check the error message.
- Try to repeat the ‘Test Connection’ a couple more times (if all input parameters are
correct then ‘success’ message will be displayed)
- One can get the error message under ‘Schedule Logs’ for related entries in schedule
record
- If no valid error is displayed (i.e. you are sure that the credentials are correct but API
reported “unauthorized”), try again after some time. If error persists, contact Qualys
Support

Scenario: When Download processor takes too much time to process


Workaround: Go to Properties and lower the Size of Download batch.

Scenario: Download Processor failed to process Sync Queue record(s) Workaround: This
may leave the corresponding Sync Queue entry in ‘Error’ state and the error details can be
verified from ‘Processing Notes/Message’
User should manually change the status back to
- ‘Queued’, and reset the 'Processor GUID' if the user wants to process that response again.
If you reprocess any response, it will not lead to duplicate data, as application checks whether
the record already exists in staging tables before inserting.
- 'Error’, if the user does not want to process it again.

Scenario: Failed to approve asset using Identification Engine/Invalid Update


This error is displayed when the application finds some error with Identification and
Reconciliation APIs.

46
Qualys CMDB Sync App
Debugging and Troubleshooting

To verify the issue, you can to navigate to Failed Qualys Assets > Open the asset record
and see the Notes section. This section contains the detailed error response, as received
from Identification and Reconciliation API.

Scenario: Sometimes it is observed that ‘approving’ manually multiple assets gives


‘Transaction Timeout’ by ServiceNow
Workaround:
- In such case there is no data loss observed in asset transformation
- To overcome transaction timeout error, it is recommended to use ‘Auto Approval’ in
schedule

Scenario: Duplicate entries found in cmdb_ci_computer for assets which were synced
from ServiceNow to Qualys, scanned and then synced back from Qualys to ServiceNow
Workaround:
- If the user has added only IP address for the asset in the 'cmdb_ci_computer' table
Reason: Name is a mandatory parameter for ServiceNow IRE mechanism.
- If user added both name (any dummy name) and IP Address for the asset in
'cmdb_ci_computer' table
Reason: After scanning the asset, the name discovered during the authenticated /
unauthenticated scan and the dummy name that was provided could be different.
Note: There would be no duplicate entry in 'cmdb_ci_computer' if the name is exactly
same for the asset before sending the data from ServiceNow to SericeNow

Identification Engine Issues


Scenario: When an asset transformation using identification engine is failing with an
error IDENTIFICATION_RULE_MISSING
Ideally, you should get either of the following two errors in IRE notes.
IDENTIFICATION_RULE_MISSING
- In this error, you need to add an identification rule for the target class in question.
- Adding an identification rule will be your responsibility as it is outside the CMDB sync
app scope.
Sample IRE notes containing the following error:
{
"error": "IDENTIFICATION_RULE_MISSING",
"message": "Identity Rule Missing for table
[cmdb_ci_ip_phone]"
}

47
Qualys CMDB Sync App
Debugging and Troubleshooting

IDENTIFICATION_RULE_FOR_RELATED_ITEM_MISSING
- This error will be logged in IRE notes if the identification rule is present, but related
entries for the target class in question are not present in the cmdb_related_entry table.
Also, it can be fixed by adding respective entries manually in the cmdb_related_entry
table for the identifier table, e.g., IP phone (cmdb_ci_ip_phone). It is user configurable.
Sample IRE notes containing the following error:
{
"error": "IDENTIFICATION_RULE_FOR_RELATED_ITEM_MISSING",
"message": "Identity Rule for table [cmdb_ci_ip_phone]
missing Related Rule for class
[x_qual5_itam_app_qualys_asset_details]"
},

Scenario: When Identifier is missing in table cmdb_identifier


- Related entry for any of the target class added from the CMDB sync app does not reflect
in the 'cmdb_related_entry' table if the respective identifier is missing in table
cmdb_identifier.
- The CMDB sync app can't create this identifier because it is outside of its scope.
In this case,
- Asset approval will fail with an error -
IDENTIFICATION_RULE_FOR_RELATED_ITEM_MISSING
- If you check-in - My company applications > installed CMDB sync app > installed Files -
> filter all the installed files by the class name 'Related Entry.'
- Here, you will notice the 'Identifier' field will be empty for some of the entries.
But this is again configuration dependency beyond the CMDB sync app scope, and you
can fix it by using the steps in the below example:

48
Qualys CMDB Sync App
Debugging and Troubleshooting

1. Navigate to My company applications > installed CMDB sync app > installed Files ->
filter all the installed files by the class name 'Related Entry.' Refer to the screenshot below

2. Here, open one of the four empty entries created for the IP Phone class.
3. Update the 'Identifier' field with 'cmdb_ci_ip_phone'

4. Repeat the same steps for the rest of the three entries as well.

Missing Dependency | File system


This is due to the fact that the 'Storage Volume' class (parent of the file system class)
required a 'Containedby: Contains' dependent relationship with the hardware class.
Also, this is a configurational issue that can be resolved by updating the dependent
relationship of the Storage Volume class.
It should already contain the Containedby: contains relation with Computer class. Hence
you can either update the existing dependent relation of the computer class by replacing
the computer class with the hardware class. Refer to the following screenshot.

49
Qualys CMDB Sync App
Debugging and Troubleshooting

You can create additional dependent Containedby: contains relation with hardware
class.

50
Qualys CMDB Sync App
Debugging and Troubleshooting

Scenario: When an asset belongs to hardware and its child class (except for the
computer and its child classes) and contains volume information approved using the
identification engine, approval fails with the 'MISSING_DEPENDENCY' error pointing
cmdb_ci_file system class is logged in IRE notes.
"error": "MISSING_DEPENDENCY",
"message": "In payload no relations defined for dependent class
[cmdb_ci_file_system] that matches any containment/hosting rules:
[cmdb_ci_storage_volume >> Managed by >>
cmdb_ci_rubrik_cluster,cmdb_ci_storage_volume >> Contained by >>
cmdb_ci_computer,cmdb_ci_storage_volume >> Owned by >>
cmdb_ci_storage_cluster,cmdb_ci_storage_volume >> Hosted on >>
cmdb_ci_logical_datacenter]. Add appropriate relations in payload for
'{\"className\":\"cmdb_ci_file_system\",\"values\":

{\"size_bytes\":\"53833891\",\"discovery_source\":\"Qualys\",\"name\":\"/
\",\"provided_by\":\"3a2402ac1b328510626e6579b04bcb10\",\"free_space_byte
s\":\"47112519\"}
,\"internal_id\":\"fe69ef14f7c38910252c174f3b9fd2a3\",\"sys_object_source
_info\":{\"source_name\":\"Qualys\"},\"settings\":{},\"sys_ire_info\":{\"
ire_received_time\":\"2022-04-20 10:29:44\"},\"display_values\":{}}'"
},

MISSING_MATCHING_ATTRIBUTE
When the Target class has an identification entry with a specific attribute missing in the
payload.
Scenario: When the asset approval fails due to an IRE with an error MISSING
MATCHING ATTRIBUTE.
Workaround: We have given the following workaround for asset approval fails due to an
IRE with an error missing matching attribute.
- Navigate to CI Class Manager.
- Browse the specific target class throwing an error.
- Navigate to 'Identification Rule' Section.
- Go to sub-section 'Identifier entries'.
- Add an additional entry for the target class with,

51
Qualys CMDB Sync App
Debugging and Troubleshooting

- Select option 'Use attribute from main table 'target_class_name'.

- Provide input as,


Search On Table - target class
Priority - 100
Attribute - Name
Active - True
Re-approve the asset again after adding this entry.

Anticipated Issues
It is quite frequent to have error in opening/viewing attached ‘response.xml’ from sync
queue records. Those response.xmls are considered as incomplete.
List of expected failure modes
- Qualys API server is undergoing maintenance/downtime
- Qualys subscription expired
- User credentials used are incorrect
- User credentials are correct, but user has no Qualys App subscription from Qualys

Common Questions
Do you currently support the Identification and Reconciliation API for CMDB CRUD
actions?
Yes, Qualys App supports Identification and Reconciliation APIs. The goal of this API is to
maintain the integrity of the database, and to correctly identify CIs so that new records
are created only if CI is truly new to CMDB. See CMDB Identification and Reconciliation

52
Qualys CMDB Sync App
Debugging and Troubleshooting

You can change how to add data in CMDB from default Transform Map to Identification
Engine from Properties page. You also need to create CI Identifier Rule for Target table.

Can user add data to ServiceNow app from different Qualys servers?
Yes, user can add asset data from different Qualys PODs. User needs to create different
API Sources and Schedules as per Qualys servers.

What are Upload and Download type records in Queue?


It can be easily differentiated by Type field available in the table. For Downloading data to
ServiceNow app (i.e syncing assets from Qualys to ServiceNow) Type will be Download. For
Uploading data to Qualys (Syncing assets from ServiceNow to Qualys servers) Type will be
Upload.

Where can I find Assets which failed to transform in ServiceNow table?


You’ll find these assets in Failed Qualys Assets. Users can then approve these assets again.

Why do I view timestamps in GMT for schedules despite configuring a different


timezone?
In the schedule scripts, we use ServiceNow’s new
GlideDateTime().getDisplayValueInternal(); function to update the schedule
last_run_timestamp. When this object is directly instantiated and used (e.g. in scoped
application background script), it returns time in GMT, irrespective of the timezone
configured for user under whom this script runs. That’s how it is designed.
Also, since ServiceNow does not allow scoped applications to set the timezone, the app
cannot do that on behalf of the user who created the schedule. However, the time value
you see on the UI is shown in the user set timezone - even if you set GMT date-time in this
column. When the schedule runs next time, it fetches value in GMT, and not the one you
see on UI. That may lead to confusion, and log entries show time in GMT, for this reason
we recommend that the ServiceNow user sets their time to GMT.

The Schedules I defined pulled the data accurately till yesterday. But, today, the same
schedule is unable to fetch any assets or related data.
Check your application logs. The reason the schedules are unable to fetch assets is
because either your trial period or your subscription has expired. Contact your TAM to
extend your subscription. Once you have an active subscription, you need to activate your
API Source and the schedules will fetch the assets.

If an asset is purged from Qualys, what will its status be in ServiceNow CMDB?
The asset purged from Qualys will not automatically be purged in ServiceNow CMDB. The
asset must be manually purged from ServiceNow.

What is the difference between Computer CI Class Mapping and Qualys Category
Hardware Device CI Mappings?
The Computer CI Class Mapping is the main base table and contains the hierarchy for
assets and tables. It also has higher priority in comparison to Qualys Category Hardware
Device CI Mappings. As a result, assets to be transferred to destination tables are checked

53
Qualys CMDB Sync App
Debugging and Troubleshooting

against rules in Computer CI Class Mapping first. Only if they do not satisfy/meet any of
the rules in Computer CI Class Mapping, the Qualys Category Hardware Device CI
Mappings are used.

Backward Compatibility Issues and Observations


The Qualys CMDB Sync App 2.1.1 does not support backward compatibility. As a result,
you may notice few scenarios that you may have not encountered earlier. We are
highlighting some of the common scenarios that you may come across.

Application Log
After you upgrade 2.1.1 version, when the transformation mode set to 'Transform Map'
and if you have assets in the staging area, on approval of such assets, the assets are
transformed to the correct CI Classes. But, the application log may not reflect this
correctly.
For example: Asset abcd (AssetID) Manually Approved using Transform Map updated in
x_qual5_itam_app_computers_extended.
Although the asset has been correctly transformed to the CI Class, the application log
incorrectly states name of computer extended table instead of the CI class name where
the asset has been correctly moved.
Resolution: Ignore the application log in such cases.

Custom Transform Map Fails to Work


The latest version of the app is designed to move assets to the out of box tables provided
by ServiceNow. As a result, the custom transform maps that were created in previous
version will not work in version 2.1. However, the custom transform map that you create
in 2.1 version will work fine.
Cause: The Import Set Row Tables have changed.
Resolution: Refrain usage of custom transform maps that were created in previous
versions. If you need to use custom transform maps, you need to rewrite or create new
transform map as per the new set of import set row tables.

Sync Queue is blank for Approved Assets


The 'Queue ID' is displayed empty in 'Approve Qualys Assets' for the approved Qualys
assets. However, the clicking 'Preview' (on the 'i' icon) displays the correct the sync queue
details.
Table structure has changed...updated fields
Resolution: Ignore Queue ID field and instead view the preview to verify the information.

Number Mismatch Between Staging and Production Tables: Software


Scenario: When transformation method is IRE, 100 assets in staging area, only 98 are
moved to production after upgrade.
Causes for discrepancy:

54
Qualys CMDB Sync App
Debugging and Troubleshooting

- IRE version needs name and version of the data being transformed. Name being
mandatory parameter for transformation. If name is missing for asset, then the asset may
not get approved and instead get failed. Such entries are listed in the application log.
For example, if a software has no Name/Version: The software without a name doesn't
make any sense, The Software (OOB table) uses a 'key' attribute consisting of name and
version. Thus, empty names causes assets to fail.
- If there are multiple records with same name. Assets get approved, on production class,
not all will be added as separate records. The first asset which is approved gets added as a
separate record. All the other assets with same name get approved, but the IRE version
creates multiple records or skips records.
For example, software have same name and version number in staging area. In such case,
duplicate entries may be created. Check application log. Skipping duplicate entry.

Number Mismatch Between Staging and Production Tables: Assets


Assets with Same Name: When transformation method is IRE, 100 assets in staging area,
only 98 are moved to production after upgrade. If there are multiple assets with same
name. Assets get approved, on production class, not all will be added as separate records.
The first asset which is approved gets added as a separate record. All the other assets with
same name get approved, but the IRE version updates the same record.However, the same
record may contain multiple values for same fields.
Discrepancy is observed in following scenarios:
- Assets discrepancy could be there in the production table if the assets have same names
- If serial number is missing and assets have same name,
Cause: IRE version uses name to identify the CI class. Name being mandatory parameter
for transformation.

Field name missing in production tables


If you notice few fields that exist on Qualys UI or API response, but cannot locate it in
ServiceNow out of box (OOB) tables.
Cause: Mapping for such fields may not exist. For complete list of mappings, refer to Field
Mapping for Tables. If field mappings does not exist in the OOB tables, then such fields are
not transformed to production tables.
For example, the 'hostname' for network adapter exists in staging table but missing from
production table (cmdb_ci_network_adapter).
Cause: The cmdb_ci_network_adapter table does not have mapping for the hostname
field. Hence the field value is not available in the production table.

Truncated Value
If the field value exceeds the field limit then the value may get truncated. The application
does not update any of the OOB table structures: like field value lengths.

55
Qualys CMDB Sync App
Debugging and Troubleshooting

Asset Sync Properties Retained


The Asset Sync Properties are retained after the upgrade to 2.1. If the set default
transform mode is Identification Engine, the same properties are available after
application upgrade. However, if you install the app (and not upgrade from a previous
version), the default transform mode is set to Identification Engine.

Recommendations
We recommend following tips for better and smooth data migration.

Partial data migration observed while switching transformation mode


We recommend to not switch the transformation mode when the data migration is in
process. The change in transformation mode will not reflect during migration.

Transformation mode IRE


Configuring transformation mode as IRE is recommended as usage of Transform Maps can
cause higher time for approval of assets.

56
Qualys CMDB Sync App
Field Mapping for Tables

Field Mapping for Tables


This chapter lists the detailed field mapping (source to target) for classified as well as
related tables.

Classified Tables
The classified table includes the mapping of source fields with target fields that are
recommended/used by ServiceNow

Asset Data Model


Computer (SN Table)
Qualys Staging Table Attributes ServiceNow Production Table Attributes
manufacturer manufacturer
memory ram
bios_asset_tag asset_tag
os_full_name os
os_update os_service_pack
os_architecture os_address_width
model model_id
os_version os_version
name name
processor_cpu_counts cpu_count
processor_description cpu_name, cpu_manufacturer
ip_address ip_address
iprocessor_speed processor_speed

Serial Number (SN Table)


Qualys Staging Table Attributes ServiceNow Production Table Attributes
bios_serial_number serial_number
hardware_serial_number serial_number
<additional field> serial_number_type

File System (SN Table)


Qualys Staging Table Attributes ServiceNow Production Table Attributes
name name

57
Qualys CMDB Sync App
Field Mapping for Tables

free_size free_space_bytes
total_size size_bytes

Network Adapter (SN Table)


Qualys Staging Table Attributes ServiceNow Production Table Attributes
netbios_name name
interface_name name
mac_address mac_address

IP Address (SN Table)


Qualys Staging Table Attributes ServiceNow Production Table Attributes
ip_address ip_address
ip_address name

Software Data Model


Master Software (SN Table)
Qualys Staging Table Attributes ServiceNow Production Table Attributes
name name
version version
<additional field> key

Software Instance (SN Table)


Qualys Staging Table Attributes ServiceNow Production Table Attributes
name name
install_date install_date
<additional field> <Reference to cmdb_ci_package>
<additional field> Reference to the CI the software is installed on

58
Qualys CMDB Sync App
Field Mapping for Tables

Related Tables
The related tables list the custom field mappings that could not be accommodated in the
classified tables. We recommend that you do not alter the mappings in the related tables.

Asset Data Model


Qualys Asset details
Qualys Related Table Attributes ServiceNow Production Table Attributes
asset_lastloggedonuser asset_lastloggedonuser
asset_mostfrequentuser asset_mostfrequentuser
asset_id qualys_asset_id
asset_uuid asset_uuid
bios_description bios_description
last_boot last_boot
last_modified_date last_modified_date
timezone timezone
qweb_host_id qweb_host_id
netbios_name netbios_name

Qualys Operating System details


Qualys Related Table Attributes ServiceNow Production Table Attributes
os_category os_category
os_category_1 os_category_1
os_category_2 os_category_2
os_category_type os_category_type
os_edition os_edition
os_lifecycle_confidence os_lifecycle_confidence
os_lifecycle_eol_date os_lifecycle_eol_date
os_lifecycle_eol_support_stage os_lifecycle_eol_support_stage
os_lifecycle_eos_date os_lifecycle_eos_date
os_lifecycle_eos_support_stage os_lifecycle_eos_support_stage
os_lifecycle_ga os_lifecycle_ga
os_lifecycle_stage os_lifecycle_stage
os_market_version os_market_version
os_name os_name
os_product_name os_product_name
os_publisher os_publisher

59
Qualys CMDB Sync App
Field Mapping for Tables

Qualys Hardware details


Qualys Related Table Attributes ServiceNow Production Table Attributes
hardware_category hardware_category
hardware_category_1 hardware_category_1
hardware_category_2 hardware_category_2
hardware_category_type hardware_category_type
hardware_lifecycle_confidence hardware_lifecycle_confidence
hardware_lifecycle_eos_date hardware_lifecycle_eos_date
hardware_lifecycle_ga hardware_lifecycle_ga
hardware_lifecycle_intro_date hardware_lifecycle_intro_date
hardware_lifecycle_obsolete_date hardware_lifecycle_obsolete_date
hardware_lifecycle_stage hardware_lifecycle_stage
hardware_product hardware_product
hardware_full_name hardware_full_name

Qualys Open Ports details


Qualys Related Table Attributes ServiceNow Production Table Attributes
description description
detected_service detected_service
port port
protocol protocol

Qualys Processors details


Qualys Related Table Attributes ServiceNow Production Table Attributes
processor_cpu_counts processor_cpu_counts
processor_description processor_description
processor_speed processor_speed

60
Qualys CMDB Sync App
Field Mapping for Tables

Software Data Model


Qualys Software details
Qualys Related Table Attributes ServiceNow Production Table Attributes
architecture architecture
category category
category_1 category_1
category_2 category_2
category_type category_type
component component
edition edition
is_ignored is_ignored
is_ignored_reason is_ignored_reason
language language
license_category license_category
type type
update update
lifecycle_ga lifecycle_ga
lifecycle_stage lifecycle_stage
market_version market_version
product product
publisher publisher
software_lifecycle_confidence software_lifecycle_confidence
software_lifecycle_eol_support_stage software_lifecycle_eol_support_stage
software_lifecycle_eos_date software_lifecycle_eos_date
software_lifecycle_eos_support_stage software_lifecycle_eos_support_stage

61
Qualys CMDB Sync App
Field Mapping for Tables

Hardware Data Mappings


The details of the hardware-data mappings are listed in the table below.

Note: ServiceNow has soft-deprecated the following classes for Qubec version:
- Human Machine Interface [cmdb_ci_hmi]
- Manufacturing Device [cmdb_ci_manufacturing]
- Programmable Logic Controller [cmdb_ci_plc]
For more information on alternative solutions, see ServiceNow notification.

Category1 Category2 Target CI Class Active


Printers Laser cmdb_ci_printer true
Communication IP Phones cmdb_ci_hardware true
Devices
Virtualized Container cmdb_ci_computer true
Computers Point of Sale (POS) cmdb_ci_pos true
Terminal
Networking Device Wireless Access Point cmdb_ci_wap_network true
Power Conditioning Power Distribution Unit cmdb_ci_pdu true
Equipment (PDU)
Wearable Devices Smart Glasses cmdb_ci_wearable true
Printers Line Matrix Printers cmdb_ci_printer true
Networking Device Unidentified cmdb_ci_netgear true
Input Devices RFID Device cmdb_ci_iot true
Mobile Smartphone cmdb_ci_hardware true
Computers Mainframe cmdb_ci_mainframe_ha true
rdware
Building Automation Smart Appliance cmdb_ci_iot true
Devices
Power Conditioning Uninterruptible Power cmdb_ci_ups true
Equipment Supply (UPS)
Industrial Industrial Ethernet cmdb_ci_ip_switch true
Networking Switch
Industrial Control Intelligent Electronic cmdb_ci_manufacturing true
System (ICS) Device (IED)
Networking Device Concentrators, Hubs, cmdb_ci_hub_network true
and Multiplexers
Building Automation BACnet Controller cmdb_ci_iot true
Devices
Building Automation HVAC Control cmdb_ci_iot true
Devices

62
Qualys CMDB Sync App
Field Mapping for Tables

Computers Assembled cmdb_ci_computer true


Audio and Visual Portable Media Player cmdb_ci_media_player true
Equipment
Communication Conferencing cmdb_ci_hardware true
Devices Equipment
Industrial Control Distributed Control cmdb_ci_manufacturing true
System (ICS) System (DCS)
Audio and Visual Smart TV cmdb_ci_stv true
Equipment
Industrial Control Human Machine cmdb_ci_hmi true
System (ICS) Interface (HMI)
Wearable Devices Health and Activity cmdb_ci_wearable true
Monitor
Field Instruments Sensor cmdb_ci_iot true
Network Security Firewall Device cmdb_ci_firewall_device true
Device
Wearable Devices Smart Footwear cmdb_ci_wearable true
Building Automation Security Camera cmdb_ci_security true
Devices
Networking Device Bridges and Routers cmdb_ci_ip_router true
Industrial Control Remote Terminal Unit cmdb_ci_manufacturing true
System (ICS) (RTU)
Networking Device Other cmdb_ci_netgear true
Audio and Visual Media Streaming Device cmdb_ci_media_player true
Equipment
Building Automation Other cmdb_ci_hardware true
Devices
Communication Other cmdb_ci_hardware true
Devices
Computers Notebook cmdb_ci_pc_hardware true
Wearable Devices Smart Apparel cmdb_ci_wearable true
Industrial Control Industrial PC cmdb_ci_computer true
System (ICS)
Printers Multi-Function Printer cmdb_ci_mfp_printer true
(MFP)
Field Instruments Motion Control cmdb_ci_iot true
Building Automation BACnet Router cmdb_ci_iot true
Devices
Field Instruments Field Device cmdb_ci_iot true
Management

63
Qualys CMDB Sync App
Field Mapping for Tables

Call Management Premise Branch cmdb_ci_hardware true


Systems or Exchange (PBX)
Accessories
Building Automation Leak Detection cmdb_ci_iot true
Devices
Industrial Industrial Wireless LAN cmdb_ci_wap_network true
Networking
Audio and Visual Smart Earpiece cmdb_ci_media_player true
Equipment
Computers Other cmdb_ci_computer true
Printers 3D Printers cmdb_ci_printer true
Building Automation Intrusion Detection and cmdb_ci_security true
Devices Access Control
Networking Device Access Servers cmdb_ci_server true
Field Instruments Measurement Systems cmdb_ci_iot true
Networking Device Server Load Balancer cmdb_ci_server true
Industrial Control Programmable Logic cmdb_ci_plc true
System (ICS) Controller (PLC)
Building Automation Lighting and Control cmdb_ci_iot true
Devices
Computers Desktop cmdb_ci_pc_hardware true
Wearable Devices Smart Watch cmdb_ci_wearable true
Storage Devices Other cmdb_ci_storage_device false
Building Automation Power and Energy cmdb_ci_iot true
Devices Monitoring
Networking Device Print Server cmdb_ci_server true
Printers Thermal Tape Printers cmdb_ci_printer true
Networking Device Modem cmdb_ci_modem_netwo true
rk
Networking Device Terminal Server cmdb_ci_netgear true
Wearable Devices Wearable Camera cmdb_ci_wearable true
Building Automation Fire Safety cmdb_ci_iot true
Devices
Industrial Other cmdb_ci_netgear true
Networking
Communication Video Phone cmdb_ci_hardware true
Devices
Industrial Control Safety Instrumented cmdb_ci_manufacturing true
System (ICS) System (SIS)
Industrial Industrial Media cmdb_ci_netgear true
Networking Converter

64
Qualys CMDB Sync App
Field Mapping for Tables

Communication Answering Machine cmdb_ci_hardware true


Devices
Mobile Tablet cmdb_ci_hardware true
Communication Keyphone System cmdb_ci_hardware true
Devices
Field Instruments Robots cmdb_ci_iot true
Printers Other cmdb_ci_printer true
Networking Device Wireless Fidelity Base cmdb_ci_wap_network true
Stations Wifi
Virtualized Virtual Machine cmdb_ci_vm_instance false
Industrial Industrial Serial Device cmdb_ci_hardware true
Networking Server
Industrial Control Other cmdb_ci_manufacturing true
System (ICS)
Printers Inkjet cmdb_ci_printer true
Audio and Visual Projector cmdb_ci_display true
Equipment
Field Instruments Smart Meter cmdb_ci_iot true
Industrial IoT Gateway cmdb_ci_iot_gateway true
Networking
Networking Device Switch cmdb_ci_ip_switch true
Industrial Communication cmdb_ci_netgear true
Networking Processor
Audio and Visual Smart Speaker cmdb_ci_media_player true
Equipment
Computers Server cmdb_ci_server true

Appendix
The below table shows the mapping between ServiceNow fields and Qualys.

65
Qualys CMDB Sync App
Field Mapping for Tables

Asset Metadata
ServiceNow Field Label Qualys UI Field
qualys_asset_id Qualys Asset ID
name Asset Name
company company
created First Seen (On Connector Screen)
department Department
environment Environment
ip_address IP Address
last_updated Last Updated Date (On Connector screen)
location Assigned Location
managed_by Managed By
owned_by Owner/Custodian
status Status
supported_by Supported By
support_group Support Group

Business App Metadata


ServiceNow Field Label Qualys UI Field
name Business App Name
business_criticality Business Criticality
environment environment
managed_by Managed By
owned_by owned_by
supported_by Supported By
support_group Support Group
operational_status Operational Status

66
Qualys CMDB Sync App
Migration Support

Migration Support
We provide you with migration scheduled job to assist you with data migration from your
previous versions of Qualys CMDB Sync App to the latest version of the app. The Qualys
CMDB Sync App 2.1 provides you with usage of out of box production tables by
ServiceNow.
Once upgrade to 2.1 version and before you sync assets or create schedules, we
recommend you to migrate assets available in computer extended tables to out of box
production tables provided by ServiceNow. To ease migration task, we provide you with a
scheduled job for migration of assets (optional).

Why Migration Needed?


In the previous versions, the assets were spread across various extended tables such as
computer extended table or software extended table. Once you upgrade, if we do not opt
for migration, the assets in these extended table may not be transformed to the correct
tables in production as per thew new CI class mappings. To prevent this issue, you need to
migrate the assets from the computer extended tables. You can activate the scheduled job
to initiate the migration of assets (approved assets).

Get Started
We provide the you with ready to use Migration 1.x app scheduled job. The function and
frequency of execution this job is explained below. You can always update or change the
frequency of the scheduled job as per your needs.
Migration 1.x- By default, this job is deactivated. The purpose of this job is only for
migration of assets that belong to Computer Extended table and need to be migrated to
production tables.
Assets that belong to Computer extended table are migrated to the respective CMDB
tables on production. For example, assets in computer extended table that belong to
Windows server are migrated to the Windows Server CI class.

67
Qualys CMDB Sync App
Migration Support

Steps to execute migration 1.x job.


1. Go to App Scheduled Jobs and click Migration 1.x job.

2. Click Edit.
3. Select Active check box to enable activation.

If activated, the default configured frequency is 100 assets for every 15 minutes. You can
also alter the frequency to suit your requirements of asset migration.
4. Click Update.
Alternately, you could click Execute Now to immediately run the job.

68
Qualys CMDB Sync App
Migration Support

Once the job is executed, the application logs reflect migration. Once the migration is
completed, the application log lists the number of assets are migrated.
If any assets fail to migrate, the Migration State and Migration Notes indicate that the
migration has failed. Migration Notes field is available only for assets whose criteria is
defined by Identification engine rule. For assets using transform maps, only migration
state is available.
To trigger migration for failed migration assets, reset the migration state to None for all
such assets and clear the Migration Notes field.
Once, all the assets are migrated, you can de-activate the Migration 1.x job.

69

You might also like