Container Security Data Settings for Containers

Configure these settings for collecting Container Security data for containers.

To configure CS data settings, follow these steps: 

1. Go to Apps > Manage Apps > Qualys Technology Add-on for Splunk > Set up.
2. Choose one or more logging options to indicate the type of data you want to view in Splunk.

   You can choose Log individual docker container vulnerability events and/or Log docker container summary events. The Summary includes the total number of vulnerabilities including potential, confirmed and patchable vulnerabilities.

3. Enter API input parameters in the Extra filters for Containers for the Container Vulnerability API to pull specific containers and their vulnerability data from your Qualys account.

   For example, if you want to download data only about running containers that has severity 5 vulnerabilities, you would specify state:RUNNING and vulnerabilities.severity:5 in the Extra filters field. For API information, refer to the Container Security API user guide.

4. Enter CS Container Maximum API retry count, which defines the number of times TA can retry the API call after encountering any error. Error 429 (Too Many Requests error) is an exception for this case.
   If the maximum retry count is exceeded, TA skips the API call and proceeds to pick the next container ID to pull the data from Qualys.

   The CS Container API retries on failure up to the configured number of times. Enter 0 for infinite retry, and this feature is applicable only in the case of multithreading.

   

Event Types for Container Security Data Settings for Containers in Splunk

You can use default event types to search for CS data for containers data pulled in Splunk. For more information, refer to Event Types for Searching your Apps Data.