This topic explains how to create a routine to synchronize events in the Workflow module with remediation tickets in Qualys. Vulnerabilities identified by QualysGuard can be imported to the system and mapped to assets through an integration task. These assets can then be included in the scope of risk projects, where analysts can check any vulnerabilities identified for them and decide whether to accept them or create risk treatment events, which are managed from the Workflow module.
As the vulnerability lifecycle is fast, it may be that events still open in the Workflow module were created to treat vulnerabilities that no longer exist. Through this integration task, events created for vulnerabilities identified by Qualys that are listed as resolved according to the remediation policy set can be automatically updated. For events treating a single vulnerability, the progress is automatically updated to 100% and the event is closed. For consolidated events treating a number of vulnerabilities, an entry is created in the progress of the event indicating that a certain vulnerability has been resolved. In this case, only the progress of the event is updated while the status remains unchanged. An entry will also be included in the progress of the event for any comments entered for the associated ticket history.
Keep in mind that, for tickets to be updated or closed, users registered in the Qualys website must first enable the API checkbox in the User Role option when editing users.