What Changed
Complete QualysVM solution update to align with CCF connector data schema, addressing fundamental data ingestion and parsing incompatibilities identified in GitHub issues #12753 and #12795.
Security Impact (Visibility & Fidelity)
Detection Failures Resolved: Entity mapping corrections fix broken host identification in detections — the “NetBios_s” field reference was incorrect for the CCF schema, causing detection rules to fail entity mapping entirely. Queries referencing NetBios_s against the new connector returned null for all rows.
Parser Data Loss Eliminated: Result_column_count field type conversion from double to string prevents data ingestion failures where numeric data couldn’t be properly parsed. Added missing HostTags field restores host classification data that was being dropped during ingestion.
Workbook Query Restoration: All workbook queries updated from legacy table names (QualysHostDetectionV2_CL) to the CCF schema (QualysHostDetection), restoring vulnerability dashboards that were showing empty results post-CCF migration.
Connector Reference Cleanup: Removed obsolete connector references that could cause deployment conflicts in environments attempting to use both legacy and CCF connectors simultaneously.
Detection Logic
HighNumberofVulnDetectedV2: Host entity mapping corrected from NetBios_s to NetBios field for proper host identification in incident correlation.
NewHighSeverityVulnDetectedAcrossMulitpleHostsV2: Connector dependency cleaned up to reference only the CCF connector (QualysVMLogsCCPDefinition), eliminating configuration conflicts.
Affected Files
Solutions/QualysVM/Analytic Rules/HighNumberofVulnDetectedV2.yaml Solutions/QualysVM/Analytic Rules/NewHighSeverityVulnDetectedAcrossMulitpleHostsV2.yaml Solutions/QualysVM/Parsers/QualysHostDetection.yaml Solutions/QualysVM/Workbooks/QualysVMv2.json Workbooks/WorkbooksMetadata.json (packaging artefacts: mainTemplate.json, etc.)