Smarter ITSM Automation with ServiceNow Integration

Vaishnavi Awasthi
Vaishnavi Awasthi, Associate Product Manager
- 7 min read

Table of Contents

Effective Information Technology and Service Management (ITSM) today requires intelligent automation, proactive security, and seamless integration between platforms. To keep security operations efficient, vulnerability management workflows need to be streamlined and connected with broader IT processes.

The latest releases of Qualys Core 3.0.0 and Qualys VMDR 3.0.1 introduce enhancements designed to reduce manual effort, improve incident accuracy, and empower teams with smarter tools and deeper insights. By strengthening integration with ServiceNow, these updates help automate compliance workflows, improve asset visibility, and maintain clean, actionable incident queues.

This blog outlines the key updates, including compatibility with ServiceNow Yokohama, automated closure rules for stale vulnerability tickets, improved CI matching for precise asset management, and enhanced cloud asset visibility, all of which aim to make your ITSM and security operations more effective and efficient.

ServiceNow Yokohama Compatibility: Seamless Integration for Continuous Security

We are committed to ensuring our integrations stay in sync with the latest ServiceNow platform releases. The Qualys Core and VMDR apps are fully compatible with ServiceNow Yokohama, allowing users to maintain operational continuity and security alignment. Customers upgrading to the ServiceNow Yokohama can benefit from:

  • Qualys Policy Audit App Integration—Now available on the ServiceNow store, the Qualys Policy Audit app imports configuration assessment data to help automate compliance remediation workflows.
  • Automated Incident Auto-Closure Rules – Automatically close stale or non-actionable vulnerability tickets based on detection and asset lifecycle data.
  • Improved CI Matching Accuracy – Strengthen asset-to-CI associations using additional identifiers like serial number.
  • Enhanced Cloud Asset Mapping: Utilize Cloud Account IDs for better visibility and classification of assets in hybrid cloud environments through enhanced metadata tagging.

Introducing Qualys Policy Audit Integration with ServiceNow

We’re launching the Qualys Policy Audit app on the ServiceNow Store, expanding integration beyond vulnerability management.

This integration empowers enterprises to:

  • Manage configuration compliance with the same intelligence and automation that drives modern vulnerability management.
  • Ensure that misconfigurations are identified, assigned, remediated, and tracked, all within a unified platform.

This powerful enhancement ensures that compliance management becomes as intelligent and automated as vulnerability management, all from within ServiceNow.

To learn more, refer to our documentation: Get Started with Qualys Policy Audit for ServiceNow.

Streamline Incident Management with Auto-Closure Rules

Security teams often face backlogs of unresolved or outdated incidents. With environment changes, configuration items are decommissioned, cloud assets are purged, and endpoints go offline, creating one of the most common challenges: keeping ServiceNow incidents aligned with the current state of Qualys-reported purged or retired assets.

To address this, we’re introducing Auto-Closure Rules as part of the latest version of the apps. This feature is designed to automatically close stale or non-actionable incidents, giving your teams a more accurate, manageable, and actionable incident queue, without the need for manual intervention. With Auto-Closure Rules in place, your vulnerability incident management process becomes cleaner, faster, and more reliable, helping you focus only on what matters most.

Why Auto-Closure Rules Matter

In today’s dynamic environment, Assets are ephemeral. When an asset is removed from your Qualys subscription, its information is lost. However, the corresponding vulnerability tickets often remain open in ServiceNow, leading to stale records in the environment. 

Similarly, under the Qualys Auto-Purge Rules, assets are purged while their synced vulnerability data and generated tickets remain in ServiceNow. Once the asset is purged, these tickets no longer serve any purpose. 

Auto-closure rules address these use cases by automatically cleaning up obsolete tickets, reducing the number of stale vulnerability incidents for remediation owners. This is a one-configuration that ensures your incident list remains clean and actionable.

How Auto-Closure Works

Auto-Closure evaluates incident relevance based on configured data criteria. If respective dates exceed the defined thresholds, the stale incidents are automatically closed,  leaving only current and actionable items.

Configure rules based on any one of the following three parameters: 

  • Detection Last Found

During the synchronization of data from ServiceNow to Qualys, if the last detection date for an incident is older than the configured number of days, the vulnerability incident ticket is automatically closed.

  • Asset Last Scanned Date

When the last scan date from Qualys is beyond the defined threshold, it signals inactivity, prompting auto-closure.

In the upcoming release, we will introduce the ‘Asset Last Updated Date’ parameter. This will help ensure data accuracy by automatically closing related incidents when a host asset hasn’t been updated in Qualys within the expected timeframe.

Reduce Noise in Vulnerability Management: Auto-Closure for Retired Configuration Items (CIs)

We’ve also introduced the ability to automatically close vulnerability incident tickets linked to retired Configuration Items (CIs). In scenarios where a CI is marked as Retired in ServiceNow’s CMDB, the associated infrastructure asset is considered decommissioned.

However, vulnerability incidents related to these assets often remain open, leading to unnecessary stale incidents. This enhancement ensures that such stale tickets are automatically closed, maintaining a clean and relevant incident queue. 

This capability helps teams focus on active risk while improving the hygiene and efficiency of ITSM processes. Just check the “Auto Close Incident for Retired CI” option, and the platform will do the rest. Also, note that this rule applies only to Qualys assets that are successfully matched to Configuration Items (CIs) in ServiceNow. 

By enabling Auto-Closure Rules, you’ll experience:

  • Cleaner Incident Queues – Remove noise and focus only on active issues
  • Improved Operational Efficiency – Minimize manual cleanup and boost response speed
  • Accurate Reporting & Metrics – Trust that your dashboards and SLAs reflect real-time status

Improve Asset-to-CI Mapping with Serial Number and Future Cloud Resource ID Integration

Maintaining reliable asset-to-CI mapping is critical for effective IT operations and coordinated security response. With the latest Qualys VMDR ITSM integration, CI matching is enhanced by enriching Identification and Reconciliation Engine (IRE) rules.
 
We have added Serial Number as a supported identifier, joining existing attributes to increase the precision of CI identification during data synchronization. This is especially valuable in large-scale, dynamic, or cloud-native environments where accurate mapping supports incident correlation and remediation tracking. For customers using ServiceNow discovery to maintain their CMBD, the Serial Number addition to the IRE rule will ensure all Qualys Hosts are matched to your CIs.

Looking ahead, we plan to extend support for Cloud Resource ID, further reinforcing CI alignment across hybrid cloud environments and improving end-to-end visibility.

Boost Asset Visibility Using Cloud Account ID in Host View

As organizations expand their cloud infrastructure across multiple accounts and hybrid environments, maintaining clear visibility and control over assets becomes more complex. To address this complexity, we’ve introduced the Cloud Account ID column in the Qualys Host Asset table.

This update helps security and IT teams map assets more accurately to their corresponding cloud accounts or subscriptions, leading to visibility and tracking of cloud-based assets. It enhances metadata accuracy and improves the effectiveness of vulnerability tracking and remediation in hybrid and multi-cloud environments.

Powering the Future of ITSM with Automation and Insight

These updates represent a significant step toward delivering a smarter, more automated ITSM experience. By leveraging these integrations, you can streamline workflows, reduce manual effort, and improve operational efficiency. Whether you’re focused on maintaining clean incident workflows, tracking cloud assets, or driving compliance, the Qualys and ServiceNow integration equips you for what’s next.

How to Get the Qualys VMDR and Policy Audit Apps

If you have any questions or need support during the setup or migration process, please feel free to reach out to your Qualys Technical Account Manager (TAM) for assistance.

Your VMDR subscription includes the Qualys Core and VMDR applications. If you also have a Policy Audit subscription, it includes access to the Qualys Core and Policy Audit applications. To get started, simply request the apps directly from the ServiceNow Store. A Qualys representative will review your subscription and approve access. The requester will be notified once the app is available for installation.

Yokohama Release Notes – ServiceNow

Qualys VMDR for ITSM User Guide 

Get Started with Qualys Policy Audit for ServiceNow

Qualys Policy Audit | Qualys

Streamline vulnerability management with Qualys VMDR powered by TruRisk™

Start Your Free Trial

Share your Comments

Comments

Your email address will not be published. Required fields are marked *