The Now Platform® Washington DC release is live. Watch now!
10-11-2018 10:32 AM
We are an MSP, a client is considering using his Qualys investment for Web Application (WAS) and CIS benchmark (PC) scanning to support FedRAMP accredidation requirements. We are told by Qualys that API’s do not currently exist for importation of the WAS, and PC scan data but it is on the ServiceNow Roadmap as SN develops the API’s not Qualys. Can you advise if it is on Roadmap and a target release date?
Solved! Go to Solution.
10-11-2018 01:23 PM
Hi there,
ServiceNow's Configuration Compliance app supports Qualys Policy Compliance (PC) today in the London and Kingston releases, out of the box - so that's some good news for you!
ServiceNow's APIs are comprehensive and do support the ability to load web application scan data as well. Ultimately two tables should be loaded:
These tables can be loaded via the REST API from a Qualys --> ServiceNow standpoint, or instead as a pull from Qualys REST API to ServiceNow. See Data sources, Import Sets and Transform Maps in Docs for more info on these techniques.
Unlike Policy Compliance, there is not an out of the box connector for this info at this time, but it is certainly possible to establish using the methods above. I imagine you would like this feature, so I'll forward a request on your behalf to Product Management.
Alex
10-11-2018 01:23 PM
Hi there,
ServiceNow's Configuration Compliance app supports Qualys Policy Compliance (PC) today in the London and Kingston releases, out of the box - so that's some good news for you!
ServiceNow's APIs are comprehensive and do support the ability to load web application scan data as well. Ultimately two tables should be loaded:
These tables can be loaded via the REST API from a Qualys --> ServiceNow standpoint, or instead as a pull from Qualys REST API to ServiceNow. See Data sources, Import Sets and Transform Maps in Docs for more info on these techniques.
Unlike Policy Compliance, there is not an out of the box connector for this info at this time, but it is certainly possible to establish using the methods above. I imagine you would like this feature, so I'll forward a request on your behalf to Product Management.
Alex
10-15-2018 06:32 AM
Hello Alex,
Thanks very much for the insights and direction. It is greatly appreciated. Our engineering team made terrific progress this past weekend thanks to your guidance. Best regards Steve
04-01-2020 06:43 AM
Alex, Also working to have Qualys Policy and Compliance data brought into the VR application. If you could please add another vote for this enhancement, that would be appreciated.
Interested in if there is any advancement, as we will be looking to build this REST API call in the coming months. Thanks!
04-03-2020 01:08 PM
Hello devsite,
There is now support for Qualys Policy & Compliance data, using the Configuration Compliance application. This works very similarly to VR, but the data model is quite different!
Here is a link to the docs landing page for that application: