Qualys VMDR & Core Apps Revamped: Ultimate Cyber Defense Partnership for Streamlined Vulnerability Management with ITSM 

Himanshu Kathpal
Himanshu Kathpal, Senior Director, Product Management, Qualys Platform and Sensors.
- 8 min read

Table of Contents

Introducing the  Revamped VMDR & Core Apps

Qualys has the dynamic duo of ServiceNow Apps – The Qualys Core App and Qualys VMDR App – that help you close the gap between IT and Security teams, making vulnerability management and ticketing workflows seamless and eliminating manual spreadsheet-based workflows. We announced these apps in June 2022 and received an overwhelming response from all of you as Qualys enabled organizations to automatically import vulnerability data into ServiceNow ITSM, facilitating ticket creation, assignment to appropriate owners, and streamlined remediation processes, reducing MTTR and overall risk – significantly streamlining the workflow and improving efficiency. 

When paired with CMDB Sync, the app leverages CI matches to accurately map vulnerabilities to corresponding assets, achieving close to a 100% match rate. Unmatched assets can later be resolved via a built-in workflow, further enhancing efficiency and accuracy in vulnerability management.  

We are thrilled to see increasing adoption, which is a testament to the vision we built in collaboration with all the customers who partnered with us during the design phase.  

As we mark 25 years of cybersecurity advancements, our mission remains as essential as ever: equipping organizations with powerful, scalable security solutions and integrations. To continue delivering on that vision, we have made several enhancements to both the Core and VMDR apps, aligning them even more closely with ServiceNow’s ITSM guidelines, ensuring a smoother experience for both new and existing users. The updated apps are now available in ServiceNow Store. This blog post provides an overview of what is new and how these changes benefit you, so that your teams can plan for the upgrade.  

What’s New? 

Tasks are now created directly in Incident Management 

Previously, the Core app allowed users to create tasks in a custom table within the app itself. With this update, tasks will now be created directly in the Incident Management table by default, improving compatibility with ServiceNow’s ITSM practices. This change helps streamline your workflows by removing the need for custom task tables, while still giving you the flexibility to choose other ITSM tables like Change Management or Problem Management, depending on your needs.  

Detection Event Rule – Incident Table

Additionally, the task navigation menu within the app will now directly point to the Incident table, where records will be filtered based on the newly added Source field. This ensures easy access and better organization, helping your teams work more efficiently.  

Incidents list view from VMDR app 

Flexible data migration for existing users 

If you are already using the Core app, we have made migration to the new version straightforward and adaptable. You can now migrate tasks from the app’s custom table to the Incident table using the migration jobs bundled within the app. You can achieve this in a way that suits your needs. For instance, you might decide to migrate only Open tasks, or prioritize migrating Exception Pending and Open tasks first, leaving Resolved tasks for later auditing.  

This phased migration approach allows for smoother transition, ensuring that your team remains focused on open vulnerabilities without disrupting the existing workflow.  

Migration jobs as provided by the Qualys Core App 
Migration job script, which can be customized according to customer need. 

Introducing the Source field for better traceability 

With this update, any ticket created by the apps will now have a ‘Source’ field in the Incident table. The value of this field will be set to “Qualys”, making it easier to distinguish between incidents generated by our app and other sources. This not only improves traceability but also allows for better reporting and auditing.  

Incidents created by the app are identified by ”Qualys” source.

New Qualys VMDR view for enhanced vulnerability visibility 

To further enhance your vulnerability management, we have introduced a new custom view for the Incident table, which displays all the relevant fields from Qualys platform. This view is named as “Qualys VMDR” view. This makes it easier for your teams to see all the important data in one place, streamlining your vulnerability response process and allowing for quicker decision-making.  

Qualys VMDR view for the Incident record.

Why These Changes Matter 

The recent update to the Core and VMDR apps brings several key benefits to your organization.  

Seamless Data Migration 

The flexible migration options ensure that existing users can transition without disrupting their current vulnerability management workflows. You can migrate tasks at your own pace, ensuring business continuity.  

Retained Earlier Use cases 

In the updated version of the app, we retained all the existing use cases to ensure that Qualys customers are not missing any of them. 

Some of these use cases are widely used by many customers. As we have moved to the ITSM—Incident Management tables, you will observe a few changes in the layout. 

All the TruRisk attributes are available. We recommend that customers leverage these to prioritize the open vulnerabilities and accurately define SLAs with their remediation owners. 

Automate your ticketing workflows by integrating with the VMDR for ITSM Integration 

Grouping of Unique Vulnerability Tickets 

Unique vulnerability tickets are grouped for the remediation owners’ ease of operations. The grouping workflows can be configured based on multiple parameters, such as CI attributes, Qualys Host/Asset ID, IP Address, Vulnerability Severity/Qualys Detection Score (QDS), Vulnerability QID/Category, and more.  

This results in fewer, more organised tasks for IT teams to track and remediate, improving visibility and efficiency. 

Detection Event Rules – Grouping 
Grouping of the Unique Vulnerability Tickets 

 End-End Risk Acceptance Process 

The constant emerging threats and the shorter timelines to meet the SLA for all the open vulnerabilities pose significant challenges for IT teams and, without enough downtime for patching/applications incompatible with upgrades, cause friction between Infrastructure & Security teams. With the end-end multiple approval workflow, classify your vulnerabilities tickets by capturing the compensatory controls, file exceptions and accept these from your reporting. 

Risk acceptance through exception management in the Qualys VMDR app.
Exception Request Approval Flow 

During the upcoming Scans/Rescans/Schedule Sync between Core App and Qualys, if the Vulnerability status is marked as Fixed, then the exception task state is changed to Closed. 

Submit False Positives 

Give your infrastructure team the ability to file False Positives by capturing the artefacts for any remediation that was applied in the past. The security teams can approve/reject the submitted false positive requests upon investigation. 

False Positive submission workflow in Qualys VMDR app.
False Positive – Approved/Rejected Status 

ITIL Best Practice Compliance & Automated Patch Management 

By creating tasks directly in ServiceNow’s Incident Management table, your workflows fully comply with ITIL standards. This change simplifies task management and eliminates the need for custom tables.  

In the last couple of years, most organisations have adopted automated patch management, and with the VMDR for ITSM, this has been further enriched by following the ITIL best ITIL practices. Customers can use the Vulnerability Grouping Rules to create automated change request tickets for open vulnerabilities. Upon the change approval, an automated patch mpatch deployment job will be initiated in the Qualys Patch Management module, which will help reduce risks faster. 

Patch Deployment Job in the App 
A patch job created in the Qualys portal.

Enhanced Traceability and Reporting 

The new ‘Source’ field and updated task navigation menus give your team better visibility into the origin of incidents, improving tracking and management.  

In the updated version of the app, we retained all your existing reports, which will help you track the overall progress made for your open vulnerabilities. 

Overview dashboard in the VMDR app
SLA dashboard in the VMDR app

Getting Started with the Updated Core and VMDR Apps 

For new users, now is the perfect time to adopt these apps. The App User Guide provide all the details you need to get started. These guides cover everything from setting up vulnerability data integration to configuring ticketing workflow Vulnerability Grouping, Exception Filing (with approval flow), and False Positive request submissions. 

For existing users, our migration jobs make the upgrade process simple and manageable, allowing you to move tasks in stages and ensure no disruption to your ongoing vulnerability management efforts.  

We are also further expanding ServiceNow integration to support Qualys Policy Compliance and Qualys Total Cloud by the end of 2024.  

How to get Qualys VMDR for ITSM 

To get Qualys VMDR for ITSM and Qualys Core certified & compatible with Xanadu, Washington DC & Vancouver, Simply request the app from the ServiceNow store. The Qualys representative will review the VMDR 2.0 subscription and approve the app, and the app requester will be notified.   

If you have any questions or need assistance with the migration process, please do not hesitate to reach out to our TAM. 

Qualys VMDR for ITSM User Guide 

Earlier blogs about Qualys VMDR for ITSM 

Qualys CMDB Sync User Guide 

Co-Author: Ramesh Ramchandran 

Contributors: Prabhas Gupte 

Qualys VMDR TruRisk

Free Trial

Start your free trial of Qualys VMDR with Qualys TruRiskTM

Get the Free Trial
Share your Comments

Comments

Your email address will not be published. Required fields are marked *