1) Changes to the TA setup page for Qualys API credentials: We have added a realm for Qualys API credentials that get stored in 'passwords.conf' file. When you upgrade to TA 1.8.9, please re-enter the Qualys API credentials. The TA won't be able to access the Qualys API credentials until then. We recommend you empty the cache of your browser and do a hard reload before entering the credentials.
2) The Indication of Compromise (IOC) data inputs rebranded as Endpoint Detection and Response (EDR) data inputs: From this version, the TA will show a deprecation warning in the TA log for IOC data input. Please disable and delete earlier IOC data input and add a new EDR data input. You can use the new Qualys EDR App for Splunk Enterprise.
1) Fixed 400 Bad Request issues for certain pagination calls for Container Security.
2) Fixed incomplete API response XML file issue for Policy Compliance.
3) Added milliseconds in the checkpoint file for FIM data inputs to be compliant with API.
Host and Detection fields to log are now configurable from the TA setup page
Truncate the Results field at the TA side
Features / Improvements:
Read the VM data input configuration values from 'qualys.conf' instead of the app configuration file
New logic implemented for policy ids distribution for PC data input
VM host summary logged in Splunk even though excluded in the TA setup
WAS summary events were not indexing while WAS data input was running in multi-thread mode
PC Evidence details were not logged in case 'lastUpdated' attribute not present in the API output
-Fix for byte string present in the data ingested for host detection in Splunk version 8.0.0 or higher which uses Python 3 interpreter
-Added support for activity_log data feed in cleanup.py and run.py scripts
-Added validation for Start date while adding/editing data input
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.