icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Qualys Technology Add-on (TA) for Splunk
SHA256 checksum (qualys-technology-add-on-ta-for-splunk_1811.tgz) 48ef46f3bca8a050b25c6f404865219fcacfeca63f5a2e3221e2efdbe6430009 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_1810.tgz) edd986ef6bab8f392aa04cced22f4b5eec87a42676db984d5a736b942f206887 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_189.tgz) c53bf806992a71023af11beab5cdbf2ee86fdc52ec93e9a1c93029ccf075a63e SHA256 checksum (qualys-technology-add-on-ta-for-splunk_188.tgz) 7e3c9b519d58b7bef896b28f22dc2915483fa1a0638ddb278e146849344bb3f0 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_187.tgz) faa776481d3d55edb6f1fe685c8a28f91df1c33d45ccdb055dc69931406402d3 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_186.tgz) 92a04c6936708379c22836f9fcfaae1c4cf250f8449179079c7c417ba9b915d6 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_185.tgz) 8d74296a3f4e803ba0947674d5568c5ec5f010e229c59f87e4e83d37a78a74cd SHA256 checksum (qualys-technology-add-on-ta-for-splunk_184.tgz) b96c0e791c1e0a33eb0a5c393efa9dbc2b657e409db3b33b7c7b28917b6453a4 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_183.tgz) fda288e44a2decf75a856eeb3d0387a8a1978d513982c7cbb571e3b01c73f1ab SHA256 checksum (qualys-technology-add-on-ta-for-splunk_182.tgz) f43b4ba52115180a3578e840eba989b0519f4df393b513be75b738a1d2140ed5 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_181.tgz) 43be622705f3876d1996686701c8dda0327c8c6276b77cc8b799a80ef00dbfd4 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_180.tgz) e05be6fea383e3a26809fb96c369331141135a344416be42e6386a7f519cff7e
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Qualys Technology Add-on (TA) for Splunk

Overview
Details
The Qualys Technology Add-on (TA) for Splunk is a Technology Add-On for Qualys Cloud Platform data. It fetches Vulnerability Management (VM), Web Application Scanning (WAS), Policy Compliance (PC), Container Security(CS), File Integrity Monitoring(FIM), Indication of Compromise(IOC) and KnowledgeBase (KB) data using modular input and indexes it which then can be searched using the Search app, Splunk Enterprise Security app or the Qualys VM App, WAS App or PC App for Splunk Enterprise.
Support and resources

For documentation please see: https://community.qualys.com/docs/DOC-4876

Support

In case any assistance is needed, please visit https://www.qualys.com/forms/contact-support/

Release Notes

Version 1.8.11
Nov. 19, 2021

Bug fixes
Users can now ingest detected service names in the event along with TCP/UDP ports

Version 1.8.10
Oct. 28, 2021

Users can now ingest detected service names in the event along with TCP/UDP ports

Version 1.8.9
July 15, 2021

ATTENTION PLEASE!
1) Changes to the TA setup page for Qualys API credentials: We have added a realm for Qualys API credentials that get stored in 'passwords.conf' file. When you upgrade to TA 1.8.9, please re-enter the Qualys API credentials. The TA won't be able to access the Qualys API credentials until then. We recommend you empty the cache of your browser and do a hard reload before entering the credentials.

2) The Indication of Compromise (IOC) data inputs rebranded as Endpoint Detection and Response (EDR) data inputs: From this version, the TA will show a deprecation warning in the TA log for IOC data input. Please disable and delete earlier IOC data input and add a new EDR data input. You can use the new Qualys EDR App for Splunk Enterprise.

Other Fixes:
1) Fixed 400 Bad Request issues for certain pagination calls for Container Security.
2) Fixed incomplete API response XML file issue for Policy Compliance.
3) Added milliseconds in the checkpoint file for FIM data inputs to be compliant with API.

Version 1.8.8
May 27, 2021
  • FIM data inputs will accept the date format for milliseconds
Version 1.8.7
May 18, 2021
  • Updated CS Images and CS Containers API version to 1.3
  • Added DISA STIG SV values to PC Data Input
  • Minor improvements on the TA setup page
Version 1.8.6
April 8, 2021
  • The processing logic of Policy Compliance posture information has been changed.
  • The logic of XML file processing has been changed.
  • Help text on the data inputs page has been updated.
Version 1.8.5
March 8, 2021

Host and Detection fields to log are now configurable from the TA setup page
Truncate the Results field at the TA side

Version 1.8.4
Dec. 4, 2020
  • Knowledgebase data can now be indexed as well, by enabling the indexing from the TA Setup page, this feature will mainly help in Splunk distributed setup.
  • Container Security image data input has the capability to index image label info.
  • Minor improvements for fields validation on the setup page.
Version 1.8.3
Nov. 6, 2020

Features / Improvements:
Read the VM data input configuration values from 'qualys.conf' instead of the app configuration file
New logic implemented for policy ids distribution for PC data input

Bug Fixes:
VM host summary logged in Splunk even though excluded in the TA setup
WAS summary events were not indexing while WAS data input was running in multi-thread mode
PC Evidence details were not logged in case 'lastUpdated' attribute not present in the API output

Version 1.8.2
Oct. 7, 2020
  • Enhancements to VM Detection Event, moved the Results field to the end of the event
Version 1.8.1
Sept. 9, 2020

-Fix for byte string present in the data ingested for host detection in Splunk version 8.0.0 or higher which uses Python 3 interpreter
-Added support for activity_log data feed in cleanup.py and run.py scripts
-Added validation for Start date while adding/editing data input

Version 1.8.0
July 28, 2020
  • Splunk Cloud Compatibility changes - Setup xml replaced with Setup view. We have also done visualization changes to the Setup page.
  • New data feed - Activity Log. The user activity log that you see on Qualys UI > User > Activity Log, can now ingest.
  • Added Page Size field on the Setup page for CS, FIM, and IOC to control the number of records returned in API calls
5,498
Installs
19,681
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.