About CMDB Sync Integration with Qualys CyberSecurity Asset Management

Welcome to the first in a new series of blog posts about Qualys integrations.

This first blog in the series covers our integrations as they relate to CMDB Sync, which is a part of Qualys CyberSecurity Asset Management (CSAM) and has two versions. One version is for basic ServiceNow customers who have CMDB without ITOM (IT Operations Management); while the other version is for those who do have ITOM and can utilize the Service Graph tool sets within ServiceNow. Except where indicated, this blog post applies to both versions.

Read More about Qualys CSAM with CMDB Sync

Qualys CMDB Sync & CMDB Sync Service Graph: Why 2 Versions?

At a high level both apps achieve the same goals:

  1. Sync asset data from Qualys to ServiceNow CMDB in the correct structure, and map it to the right classes, tables, and attributes
  2. Enrich your CMDB with additional content, such as OS, hardware, and software EOL/EOS dates
  3. Normalize and categorize your hardware and software products, e.g. placing products in a taxonomy
  4. Import missing IP addresses from ServiceNow to Qualys in an asset group or with a tag, so that they can get scanned, and hence eliminate that gap from your security program
  5. Import business information from ServiceNow to Qualys

The Main Differences of Qualys CMDB Sync

There are two main differences of CMDB Sync:

First, it does not support cloud metadata such as region, instance ID, machine size, etc. for AWS, GCP, and Azure. This is because your CMDB would need to be upgraded to ITOM visibility for this to be supported.

Second, it does not support Internet of Things (IoT) type classes because your CMDB would need to be upgraded to ITOM visibility for this to be supported.

Service Graph is where ServiceNow wants its customers and vendor partners like Qualys to move in the long term. They want every vendor to develop their integrations using Service Graph. However, they still need to push thousands of vendors to do this before they can deprecate the non-service graph method.

So, the Service Graph version is more strategic for Qualys and our customers. These two apps have separate code bases, so we always prioritize feature development on the Service Graph app first, followed by the non-Service Graph version after three months, approximately.

How to Setup Qualys CMDB Sync

From the ServiceNow store, select the right version of CMDB Sync for your environment. If you have ITOM as a paid add-on for your ServiceNow instance, then select the Service Graph connector version. Otherwise choose the plain version.

This image has an empty alt attribute; its file name is Screen-Shot-2022-06-23-at-10.59.51-AM-1070x391.png

ServiceNow store listings of Qualys CMDB Sync

Once it’s installed, you need to add a Qualys credential record to use for syncing.

This image has an empty alt attribute; its file name is Screen-Shot-2022-06-23-at-4.53.25-PM-1070x610.png

Qualys API source record

Then set up a schedule for different groups of assets. More dynamic assets like workstations may need syncing more often than more static assets like servers.

Once you have set up your schedules and successfully run them, you will have assets to approve in the approval step. You can auto-approve assets in the Schedule window, but we recommend only doing that after you have run it manually and are happy with the sync results.

This image has an empty alt attribute; its file name is Screen-Shot-2022-06-23-at-5.14.07-PM-1070x861.png

Please note: All the ports, software, network adapters, and data volumes are not shown.

Qualys CMDB Sync and Business Metadata

Here at Qualys, we’ve recently added the ability to sync asset metadata on business information with already created assets in Qualys CSAM.

This image has an empty alt attribute; its file name is Asset-Metadata-Info-1070x479.png

Asset metadata business information

This image has an empty alt attribute; its file name is Business-Application-Info-1070x468.png

Business application details

This blog has detailed the two primary use cases of the Qualys CMDB Sync and CMDB Sync Service Graph connectors. For more details on all this functionality, please refer to the respective documentation. Qualys customers can reach out directly to their Technical Account Manager if they would like to trial CSAM and CMDB Sync at no cost.

Read More

Qualys CMDB Sync User Guide

About Qualys CMDB Sync Service Graph Connector

ServiceNow’s Now Community Blog: Introducing ServiceNow Service Graph

ServiceNow Solution Brief: Confidently Integrate with Third Parties

ServiceNow Solution Brief: Service Graph FAQ

ServiceNow Webinar playback: Introducing New Service Graph Connectors

This post was first first published on Qualys Security Blog’ website by Jeff Leggett. You can view it by clicking here