Here are some CIM mappings for the KB and the Host Detections.  

[qualys:knowledgebase]
FIELDALIAS-qualys_alias_1 = QID AS qid TITLE AS signature SEVERITY AS severity_id CATEGORY AS category SOLUTION AS solution CONSEQUENCE AS impact DIAGNOSIS AS description
EVAL-published = substr('PUBLISHED_DATETIME',1,10)
EVAL-modified = substr('LAST_SERVICE_MODIFICATION_DATETIME',1,10)
EVAL-cvss = max('CVSS_BASE','CVSS_TEMPORAL','CVSS_V3_BASE','CVSS_V3_TEMPORAL')
EVAL-cve = mvsort(trim(split('CVE',",")))
EVAL-threat = mvsort(trim(split('THREAT_INTEL_VALUES',",")))
EVAL-remote = lower('DISCOVERY_REMOTE')
EVAL-patchable = lower('PATCHABLE')
EVAL-pci = lower('PCI_FLAG')
EVAL-bugtraq = mvsort(trim(split('BUGTRAQ_IDS',",")))
EVAL-authentication = mvsort(trim(split('AUTHENTICATION',",")))
EVAL-xref = mvsort(trim(split('VENDOR_REFERENCE',",")))
LOOKUP-qualys_severity_lookup = qualys_severity_lookup severity_id AS SEVERITY OUTPUT severity

[qualys:hostDetection]
FIELDALIAS-qualys_alias_2 = QID AS qid FIRST_FOUND_DATETIME AS first_found LAST_FOUND_DATETIME AS last_found LAST_FIXED_DATETIME AS last_fixed HOST_ID AS dest_host_id IP AS dest_ip OS AS os
EVAL-status = lower('STATUS')
EVAL-type = lower('TYPE')
EVAL-first_found_date = substr('FIRST_FOUND_DATETIME',1,10)
EVAL-first_found_epoch = substr(strptime('FIRST_FOUND_DATETIME',"%F"),1,10)
EVAL-last_found_date = substr('LAST_FOUND_DATETIME',1,10)
EVAL-last_found_epoch = substr(strptime('LAST_FOUND_DATETIME',"%F"),1,10)
EVAL-last_fixed_date = substr('LAST_FIXED_DATETIME',1,10)
EVAL-last_fixed_epoch = substr(strptime('LAST_FIXED_DATETIME',"%F"),1,10)
EVAL-dest_host = upper(coalesce('HOSTNAME','NETBIOS'))
EVAL-dest = upper(coalesce('HOSTNAME','NETBIOS','IP'))
EVAL-tags = mvsort(trim(split('TAGS',",")))
LOOKUP-qualys_kb_lookup = qualys_kb_lookup qid AS QID OUTPUT published modified signature cvss cve threat patchable remote category pci bugtraq xref authentication solution impact description