icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

End User License Agreement for Third-Party Content

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Qualys Technology Add-on (TA) for Splunk
SHA256 checksum (qualys-technology-add-on-ta-for-splunk_1101.tgz) 72571ee33604497042620446310f8e5f07f298fca07eac5be2f0bdf7d2cbcdf7 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_191.tgz) 551e6b35b2a42dba4d75203f26703c6ee8793d9048662967944dfb47f14f26e8 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_190.tgz) cb1318c8cb046598358b4bd618701182a518ebfd8cbca16052b177a231005a56 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_1811.tgz) 48ef46f3bca8a050b25c6f404865219fcacfeca63f5a2e3221e2efdbe6430009 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_1810.tgz) edd986ef6bab8f392aa04cced22f4b5eec87a42676db984d5a736b942f206887 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_189.tgz) c53bf806992a71023af11beab5cdbf2ee86fdc52ec93e9a1c93029ccf075a63e SHA256 checksum (qualys-technology-add-on-ta-for-splunk_188.tgz) 7e3c9b519d58b7bef896b28f22dc2915483fa1a0638ddb278e146849344bb3f0 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_187.tgz) faa776481d3d55edb6f1fe685c8a28f91df1c33d45ccdb055dc69931406402d3 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_186.tgz) 92a04c6936708379c22836f9fcfaae1c4cf250f8449179079c7c417ba9b915d6 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_185.tgz) 8d74296a3f4e803ba0947674d5568c5ec5f010e229c59f87e4e83d37a78a74cd SHA256 checksum (qualys-technology-add-on-ta-for-splunk_184.tgz) b96c0e791c1e0a33eb0a5c393efa9dbc2b657e409db3b33b7c7b28917b6453a4 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_183.tgz) fda288e44a2decf75a856eeb3d0387a8a1978d513982c7cbb571e3b01c73f1ab SHA256 checksum (qualys-technology-add-on-ta-for-splunk_182.tgz) f43b4ba52115180a3578e840eba989b0519f4df393b513be75b738a1d2140ed5 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_181.tgz) 43be622705f3876d1996686701c8dda0327c8c6276b77cc8b799a80ef00dbfd4 SHA256 checksum (qualys-technology-add-on-ta-for-splunk_180.tgz) e05be6fea383e3a26809fb96c369331141135a344416be42e6386a7f519cff7e
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate
splunk

Qualys Technology Add-on (TA) for Splunk

Splunk Cloud
Overview
Details
The Qualys Technology Add-on (TA) for Splunk is a Technology Add-On for Qualys Cloud Platform data. It fetches Vulnerability Management (VM), Web Application Scanning (WAS), Policy Compliance (PC), Container Security(CS), File Integrity Monitoring(FIM), Endpoint Detection & Response (EDR), Security Enterprise Mobility (SEM), Activity Log and KnowledgeBase (KB) data using modular input and indexes it which then can be searched using the Search app, Splunk Enterprise Security app or the Qualys VM App, WAS App or PC App, EDR App, FIM App, CS App , Policy Compliance Reporting Services (PCRS) App for Splunk Enterprise.
Support and resources

For documentation please see: https://community.qualys.com/docs/DOC-4876

Support

In case any assistance is needed, please visit https://www.qualys.com/forms/contact-support/

Release Notes

Version 1.10.1
April 19, 2022
  • Integration of the Qualys Policy Compliance Reporting Service (PCRS) with Splunk TA
  • PCRS improves the data fetching of the huge data from the Qualys Cloud
  • PCRS fetches data continuously in the streaming manner hence, millions of assets and postures can be pulled quickly as compared to
    legacy PC
  • Minor bug fixes and improvements
Version 1.9.1
Dec. 21, 2021
  • Minor bug fixes and improvements
Version 1.9.0
Dec. 14, 2021
  • Integration of the Qualys Secure Enterprise Mobility with Splunk TA
  • User can view Diagnosis, Consequence, and Solution information in Knowledgebase data in Splunk by enabling it from the TA setup page
  • Minor bug fixes and enhancements
Version 1.8.11
Nov. 19, 2021

Bug fixes
Users can now ingest detected service names in the event along with TCP/UDP ports
Version 1.8.10
Oct. 28, 2021

Users can now ingest detected service names in the event along with TCP/UDP ports
Version 1.8.9
July 15, 2021

ATTENTION PLEASE!
1) Changes to the TA setup page for Qualys API credentials: We have added a realm for Qualys API credentials that get stored in 'passwords.conf' file. When you upgrade to TA 1.8.9, please re-enter the Qualys API credentials. The TA won't be able to access the Qualys API credentials until then. We recommend you empty the cache of your browser and do a hard reload before entering the credentials.

2) The Indication of Compromise (IOC) data inputs rebranded as Endpoint Detection and Response (EDR) data inputs: From this version, the TA will show a deprecation warning in the TA log for IOC data input. Please disable and delete earlier IOC data input and add a new EDR data input. You can use the new Qualys EDR App for Splunk Enterprise.

Other Fixes:
1) Fixed 400 Bad Request issues for certain pagination calls for Container Security.
2) Fixed incomplete API response XML file issue for Policy Compliance.
3) Added milliseconds in the checkpoint file for FIM data inputs to be compliant with API.
Version 1.8.8
May 27, 2021
  • FIM data inputs will accept the date format for milliseconds
Version 1.8.7
May 18, 2021
  • Updated CS Images and CS Containers API version to 1.3
  • Added DISA STIG SV values to PC Data Input
  • Minor improvements on the TA setup page
Version 1.8.6
April 8, 2021
  • The processing logic of Policy Compliance posture information has been changed.
  • The logic of XML file processing has been changed.
  • Help text on the data inputs page has been updated.
Version 1.8.5
March 8, 2021

Host and Detection fields to log are now configurable from the TA setup page
Truncate the Results field at the TA side
Version 1.8.4
Dec. 4, 2020
  • Knowledgebase data can now be indexed as well, by enabling the indexing from the TA Setup page, this feature will mainly help in Splunk distributed setup.
  • Container Security image data input has the capability to index image label info.
  • Minor improvements for fields validation on the setup page.
Version 1.8.3
Nov. 6, 2020

Features / Improvements:
Read the VM data input configuration values from 'qualys.conf' instead of the app configuration file
New logic implemented for policy ids distribution for PC data input

Bug Fixes:
VM host summary logged in Splunk even though excluded in the TA setup
WAS summary events were not indexing while WAS data input was running in multi-thread mode
PC Evidence details were not logged in case 'lastUpdated' attribute not present in the API output
Version 1.8.2
Oct. 7, 2020
  • Enhancements to VM Detection Event, moved the Results field to the end of the event
Version 1.8.1
Sept. 9, 2020

-Fix for byte string present in the data ingested for host detection in Splunk version 8.0.0 or higher which uses Python 3 interpreter
-Added support for activity_log data feed in cleanup.py and run.py scripts
-Added validation for Start date while adding/editing data input
Version 1.8.0
July 28, 2020
  • Splunk Cloud Compatibility changes - Setup xml replaced with Setup view. We have also done visualization changes to the Setup page.
  • New data feed - Activity Log. The user activity log that you see on Qualys UI > User > Activity Log, can now ingest.
  • Added Page Size field on the Setup page for CS, FIM, and IOC to control the number of records returned in API calls
21,792
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Qualys Inc.
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions App Contents: Inputs, Alert Actions
Compatibility
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud
Splunk Versions: 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.2, 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.2, 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.2, 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.2, 7.3, 8.0 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.2, 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x Splunk Versions: 7.0, 7.2, 7.3, 8.0, 8.1, 8.2 Platform: Linux CIM Versions: 4.x
Licensing
End User License Agreement for Third-Party Content
Category & Contents
Categories: Security, Fraud & Compliance
App Type: Add-on
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2022 Splunk Inc. All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.