Welcome to the first in a new series of blog posts about Qualys integrations.
This first blog in the series covers our integrations as they relate to CMDB Sync, which is a part of Qualys CyberSecurity Asset Management (CSAM) and has two versions. One version is for basic ServiceNow customers who have CMDB without ITOM (IT Operations Management); while the other version is for those who do have ITOM and can utilize the Service Graph tool sets within ServiceNow. Except where indicated, this blog post applies to both versions.
Qualys CMDB Sync & CMDB Sync Service Graph: Why 2 Versions?
At a high level both apps achieve the same goals:
- Sync asset data from Qualys to ServiceNow CMDB in the correct structure, and map it to the right classes, tables, and attributes
- Enrich your CMDB with additional content, such as OS, hardware, and software EOL/EOS dates
- Normalize and categorize your hardware and software products, e.g. placing products in a taxonomy
- Import missing IP addresses from ServiceNow to Qualys in an asset group or with a tag, so that they can get scanned, and hence eliminate that gap from your security program
- Import business information from ServiceNow to Qualys
The Main Differences of Qualys CMDB Sync
There are two main differences of CMDB Sync:
First, it does not support cloud metadata such as region, instance ID, machine size, etc. for AWS, GCP, and Azure. This is because your CMDB would need to be upgraded to ITOM visibility for this to be supported.
Second, it does not support Internet of Things (IoT) type classes because your CMDB would need to be upgraded to ITOM visibility for this to be supported.
Service Graph is where ServiceNow wants its customers and vendor partners like Qualys to move in the long term. They want every vendor to develop their integrations using Service Graph. However, they still need to push thousands of vendors to do this before they can deprecate the non-service graph method.
So, the Service Graph version is more strategic for Qualys and our customers. These two apps have separate code bases, so we always prioritize feature development on the Service Graph app first, followed by the non-Service Graph version after three months, approximately.
How to Setup Qualys CMDB Sync
From the ServiceNow store, select the right version of CMDB Sync for your environment. If you have ITOM as a paid add-on for your ServiceNow instance, then select the Service Graph connector version. Otherwise choose the plain version.
Once it’s installed, you need to add a Qualys credential record to use for syncing.
Then set up a schedule for different groups of assets. More dynamic assets like workstations may need syncing more often than more static assets like servers.
Once you have set up your schedules and successfully run them, you will have assets to approve in the approval step. You can auto-approve assets in the Schedule window, but we recommend only doing that after you have run it manually and are happy with the sync results.
Qualys CMDB Sync and Business Metadata
Here at Qualys, we’ve recently added the ability to sync asset metadata on business information with already created assets in Qualys CSAM.
This blog has detailed the two primary use cases of the Qualys CMDB Sync and CMDB Sync Service Graph connectors. For more details on all this functionality, please refer to the respective documentation. Qualys customers can reach out directly to their Technical Account Manager if they would like to trial CSAM and CMDB Sync at no cost.
ServiceNow’s Now Community Blog: Introducing ServiceNow Service Graph
ServiceNow Solution Brief: Confidently Integrate with Third Parties
ServiceNow Solution Brief: Service Graph FAQ
ServiceNow Webinar playback: Introducing New Service Graph Connectors