Qualys Knowledge Base (Backfill) Integration: Populating CVE and CWE FieldsIssue The Qualys Knowledge Base (Backfill) integration is responsible for populating the cve_id/CVE entry and cwe_id/CWE entry fields in ServiceNow's Third-Party Vulnerability Entry table. This process is crucial for maintaining up-to-date vulnerability information within the ServiceNow Vulnerability Response module.SymptomsThe CVE entry and CWE entry fields within a Third Party Vulnerability Entry record.Facts Integration Process CVE Population The integration uses the QualysKBImportProcessor Script include to process incoming data from Qualys.When a vulnerability is detected, Qualys maps it to corresponding CVE identifiers from the National Vulnerability Database (NVD).If multiple CVEs are associated with a single Qualys ID (QID), ServiceNow employs prioritization criteria to determine which CVE to display in the CVE entry field. CVE Prioritization Criteria When multiple CVEs are associated with a QID, the selection process may consider: Severity Level: Higher severity CVEs may take precedenceExploitability: CVEs with known exploits might be prioritizedAge or Update Frequency: More recent or actively maintained CVEs could be favored CWE Population The CWE (Common Weakness Enumeration) entry is likely populated using a similar process, drawing from the Qualys data and mapping it to the corresponding CWE identifiers. Data Storage and Display CVE Information The 'CVEs' column in the Third-Party Vulnerability Entry table is a GlideList that stores multiple CVE values.A business rule on the sn_vul_m2m_entry_cve table populates this list.The 'CVE Entry' column, which displays a single CVE, may not always reflect the most current or relevant CVE and should be used with caution. Best Practices Users should refer to the 'CVEs' column for a comprehensive list of associated vulnerabilities rather than relying solely on the 'CVE Entry' field. Conclusion The Qualys Knowledge Base (Backfill) integration plays a vital role in populating CVE and CWE information in ServiceNow. Understanding its functionality and limitations is crucial for effective vulnerability management.ReleaseAll versions.CauseThe Qualys KB Backfill integration might not be active. ResolutionTroubleshooting Empty Fields If CVE or CWE fields are empty, consider the following: Check Integration Settings: Verify that the Qualys KB Backfill integration is correctly configured and running.Review Data Sources: Ensure that ServiceNow is properly syncing with the National Vulnerability Database (NVD).Examine Business Rules: Audit any business rules that might interfere with field population.Investigate Data Compatibility: Some vulnerabilities may not have assigned CVEs or CWEs, particularly if they are proprietary or newly discovered.