If you are a current ServiceNow customer interested in cybersecurity, this blog is for you. If you are a Qualys customer who also uses ServiceNow, this blog is for you (too). ServiceNow and Qualys have enjoyed a multi-year partnership, being two of the premier SaaS vendors covering the IT and Cybersecurity spaces respectively.
At this point both companies have produced integrations to facilitate workflows in/across our respective tools. Due to the extensive nature of both company’s toolsets, we admit that keeping straight who built what has gotten a bit confusing. Hence this post which will try and clarify these integrations.
ServiceNow’s Integrations with Qualys
ServiceNow has built the Security Operations Vulnerability Remediation tool that includes integrations with Qualys Vulnerability Management. Detection & Response and Qualys Container Security. ServiceNow’s Compliance module has Qualys Policy Compliance integrated.
Qualys Integrations with ServiceNow
Qualys has built two versions of CMDB Sync for syncing ServiceNow’s CMDB information (CIs) from Qualys CyberSecurity Asset Management (CSAM). One uses ServiceNow’s Service Graph functionality (requiring its IT Operations Management add-on) and one doesn’t. Both will sync CIs from Qualys to ServiceNow, and sync business information about assets from ServiceNow to Qualys.
Read more about Qualys CMDB Sync integration.
We have built the connector for ServiceNow’s Vulnerability Response (VR) tool to import Qualys Web Application Scanning data into VR. See the WAS/VR Integration User Guide for more information.
Qualys VMDR for ITSM 2.0 includes key features like: Vulnerability Grouping, Exception Filing (with approval flow), and False Positive request submissions. It works on a “pull” mechanism with a scheduled frequency that is configured by the customer; we recommend pulling at least once per day.
With the continuous growth of the vulnerability threat landscape, Qualys is introducing the Vulnerability Push Mechanism, which will be in real-time sync with a critical vulnerability identified/published on any business-critical asset. Then the customer can configure an alert rule in Qualys which will trigger a ticket from Qualys VMDR to ServiceNow’s ITSM.
We are also further expanding ServiceNow integration to support Qualys File Integrity Management, Qualys Policy Compliance, Qualys Cloud Security and Qualys Patch Management by the end of 2022.
Here’s a handy chart to keep it all straight. We welcome further input from joint customers of Qualys and ServiceNow who want to lend their input to these ongoing integration efforts.