Container Security Data Settings for Images

Configure settings for collecting Container Security data for individual docker image vulnerabilities and, summary of events for docker images. 

To configure Container Security data settings, follow these steps : 

1. Go to Apps > Manage Apps > Qualys Technology Add-on for Splunk > Set up.
2. Enter API input parameters in the Extra parameters for Docker Image API to pull only select vulnerability data for Docker images from your Qualys account.

   For example, specify IDs of docker images for which you want to view vulnerability data. For API information, refer to the Container Security API user guide.

3. Enter CS Image Maximum API retry count.
   Specifies the maximum number of retry attempts a TA can make for an API call following an error, excluding HTTP 429 (Too Many Requests) responses. After the maximum number of retries is reached, the TA skips the current API call and continues processing with the next image ID.

   

   The CS Image API retries a failed request up to the number of times you set. To allow unlimited retries, set the value to 0.

Event Types for Container Security Data Settings for Images

You can use default event types to search for CS data for image data pulled in Splunk. For more information, refer to Event Types for Searching your Apps Data.