Container Security Data Settings for Containers

Configure these settings for collecting Container Security data for containers.

To configure CS data settings, follow these steps: 

1.  Go to Apps > Manage Apps > Qualys Technology Add-on for Splunk > Set up.
2. Choose one or more logging options to indicate the type of data you want to view in Splunk.

   You can choose Log individual docker container vulnerability events and/or Log docker container summary events. The Summary includes the total number of vulnerabilities including potential, confirmed and patchable vulnerabilities.

3. Enter API input parameters in the Extra filters for Containers for the Container Vulnerability API to pull specific containers and their vulnerability data from your Qualys account.

   For example, if you want to download data only about running containers that has severity 5 vulnerabilities, you would specify state:RUNNING and vulnerabilities.severity:5 in the Extra filters field. For API information, refer to the Container Security API user guide.

   

Event Types for Container Security Data Settings for Containers in Splunk

You can use default event types to search for CS data for containers data pulled in Splunk. For more information, refer to Event Types for Searching your Apps Data.