FIM Data Settings for Events, Ignored Events and Incidents

Configure FIM Settings for Events, Ignored Events and Incidents to collect FIM data for events, ignored events and incidents from your Qualys FIM account.

To configure FIM data settings, follow these steps: 

  1. Go to Apps > Manage Apps > Qualys Technology  Add-on for Splunk > Set up.
  2. Enter API input parameters in the Extra filters for FIM Events  API field, Extra filters for FIM Ignored Events API, and Extra filters for FIM Incidents API to pull the data such as events, ignored events, and incidents from your Qualys account.

    For example, specify action: rename to pull all the events generated for this action.

    FIM Settings for Events.

    FIM Settings for Ignored Events

    FIM Settings for Ignored Events.

    FIM Settings for Incidents

    FIM Settings for Incidents.

    • FIM UI uses the user's local timezone while the Splunk-FIM integration uses UTC timezone by default. To ensure accuracy when comparing data between the UI and Splunk integration, it is important to synchronize the time zones in both the Qualys UI and the Splunk integration.

TA versions 1.6.5+ only support FIM API version 2.0.2.0 and later.

Event Types for FIM Data Settings in Splunk

You can use default event types to search for FIM events, ignored events, and incidents pulled in Splunk. See Event Types for Searching Your Apps Data

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.