Policy Compliance Data

Configure settings for collecting Policy Compliance data. 

1. Go to Apps > Manage Apps > Qualys Technology Add-on for Splunk > Set up.
2. Choose one or more options to specify what posture data you want to fetch and index in Splunk for your policy.

   The policy_id parameter is used to pull posture information. TA uses the Compliance Policy List API to fetch all policy IDs and then the Compliance Posture Information API to fetch the posture information for each policy ID.

   

   Refer to the following table to learn more about various Policy Compliance Settings.

   Settings	Description
   Log individual PC Compliance Posture events.	It is used to fetch posture information for all the host assets. This option is selected by default.
   Log Policy Summary	It is used to fetch policy summary information. This option is selected by default.
   Log "All" details	It is used to fetch full posture data.  If the check box is not selected, only basic details for your policy are displayed.
   Add additional fields (REMEDIATION, RATIONALE, EVIDENCE, CAUSE_OF_FAILURE)	It is used to fetch and index full posture data as well as data for these additional fields,
   Number of posture information records per API request	Specify the number of posture information records that is returned per request for a single policy.  The value in this field is used for the truncation_limit parameter of the PC posture API request. If the requested list identifies more records than the truncation limit, the XML output includes the <WARNING> element and the URL for making another request for the next batch of records. Default value: 1000 If you specify 0, then TA fetches all the posture information for a policy ID in a single output. We recommend paginating the output if the posture information data is large.
   Extra parameters for Posture Information API	Enter API input parameters. For example, specify the IDs of the hosts for which you want to collect the compliance posture information.

   For more information on Qualys APIs, refer to API User guides.

Event Types for Searching Policy Compliance Data in Splunk

You can use default event types to search for policy compliance data pulled in Splunk. For more information, refer to Event Types for Searching your Apps Data.