Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Qualys Technology Add-on (TA) for Splunk
SHA256 checksum (qualys-technology-add-on-ta-for-splunk_134.tgz) 3687e6e0bc8710daefc23bebd9fe27158226f2f612dade07c956d92d04e9a820 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_133.tgz) 708fed1a4fe4412fd7911b1af871065fdc6519af286ce68d904e0fbcacf429fa SHA256 checksum (qualys-technology-add-on-ta-for-splunk_132.tgz) 29143ce546f4254180d3135d0283d26ad6db6dfa6b273072cc1244fb7118037b SHA256 checksum (qualys-technology-add-on-ta-for-splunk_130.tgz) 9c4b8bd493f783206e5ff20c50552e5c2e18ae2af1f89051f32fa7b7e5bd7372 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_123.tgz) db389da40734173e69b01cb526240d8aef87af8c7947035dec5db9eec51d5090 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_120.tgz) 37dffaa26e167aac781d89565a44eb002d80fc51859411033af50fef15a1a0d4
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Qualys Technology Add-on (TA) for Splunk

Splunk AppInspect Passed
Overview
Details
The Qualys Technology Add-on (TA) for Splunk is a Technology Add-On for Qualys Cloud Platform data. It fetches Vulnerability Management (VM), Web Application Scanning (WAS), Policy Compliance (PC) and KnowledgeBase (KB) data using modular input and indexes it which then can be searched using the Search app, Splunk Enterprise Security app or the Qualys VM App, WAS App or PC App for Splunk Enterprise.
Support and resources

For documentation please see: https://community.qualys.com/docs/DOC-4876

Support

In case any assistance is needed, please visit https://www.qualys.com/forms/contact-support/

Release Notes

Version 1.3.4
Sept. 18, 2018

On top of earlier version (1.3.3), this release has following additions:

* Additional fields in HOST_SUMMARY and HOST_VULN events.
New fields in HOSTSUMMARY event: NETWORK_ID, LAST_VM_SCANNED_DATE, LAST_VM_SCANNED_DURATION
New fields in HOSTVULN event: LAST_FIXED_DATETIME, TIMES_FOUND, IS_IGNORED, IS_DISABLED

* More validation for seed file path in VM Detection - Advanced Settings.
If you are configuring this TA on Splunk Cloud, the seed file path MUST start with $SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform/tmp

Version 1.3.3
July 24, 2018

on top of earlier version 1.3.2, this release has following additions:
* Policy Posture Input
- new option added to decide details level (All/Basic).
- new option added to configure number of policy ids to include in Policy Posture API call. (min 1, max 10)
- log messages for policy parsing started/completed. This helps understand activities when TA is parsing large XML.
- overall API response parsing improvements to reduce parsing time.

Version 1.3.2
May 31, 2018

* New Features
- Policy Compliance posture information data input
- Support for client certificates
- utility script to cleanup leftover, orphan XML files

* Enhancements
- Uses vm_processed_after API parameter instead of vm_scan_since to avoid data loss because of late processing of scan data.
- Some input validations. In case of error, your save operation will fail and you can see the reason in splunkd.log.
- If Qualys API returns error/warning, TA to log the message as it is.
- When installed on Splunk Search Head, TA will not run any data input except knowledgebase.
- Check if the credentials it got indeed belong to Qualys TA.

* Bugs fixed
- "Another process is running" message was not getting into TA log.
- Error faced while checking if process indeed running was not getting into TA log.
- TA would not start fetching the data if pid file is empty.
- WAS Findings feed was getting into recursion problem after 483rd API call.
- Illegal characters/not well formed XML elements were breaking the data pull.

Version 1.3.0
March 5, 2018

* New Features
- Policy Compliance posture information data input
- Support for client certificates
- utility script to cleanup leftover, orphan XML files

* Enhancements
- Uses vm_processed_after API parameter instead of vm_scan_since to avoid data loss because of late processing of scan data.
- Some input validations. In case of error, your save operation will fail and you can see the reason in splunkd.log.
- If Qualys API returns error/warning, TA to log the message as it is.
- When installed on Splunk Search Head, TA will not run any data input except knowledgebase.
- Check if the credentials it got indeed belong to Qualys TA.

* Bugs fixed
- "Another process is running" message was not getting into TA log.
- Error faced while checking if process indeed running was not getting into TA log.
- TA would not start fetching the data if pid file is empty.
- WAS Findings feed was getting into recursion problem after 483rd API call.
- Illegal characters/not well formed XML elements were breaking the data pull.

Version 1.2.3
Aug. 23, 2017

* Enhancements
- Improved logic to confirm only one instance of data input is running at any given time. This handles case of PID getting repeated for Non-TA process.
- TA log entries mention data input name when actually doing the job. This will help debugging. You can grep by data input name and see logs for ALL runs of that input in single go.

* Bug fixes
- "Another process is already running for data input" message wasn't getting into TA log.
- WAS Findings fetch was halting after first set of data is pulled.
- Even if you set "Log debug messages" on TA setup page, debug messages were not getting into TA log.
- Proxy settings were not working in run.py (the debug script).
- Setting show_results=1 in detection extra parameters does not pull RESULTS tag.

Version 1.2.0
May 4, 2017

1,006
Installs
5,644
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2018 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.