Event Types for Searching your Apps Data
Here is the list of default event types for Qualys apps. You can use these event types when searching your app data in Splunk.
If the customer has used custom index then replace {INDEX_NAME} with custom index name else replace with main.
Event Types for VM detection
- Event Type Name -
qualys_vm_detection_eventSearch Query -
index={INDEX_NAME} (sourcetype="qualys:hostDetection" OR sourcetype="qualys_vm_detection") "HOSTVULN" - Event Type Name -
qualys_host_summary_eventSearch Query -
index={INDEX_NAME} (sourcetype="qualys:hostDetection" OR sourcetype="qualys_vm_detection") "HOSTSUMMARY"
Event Types for Policy Compliance Data
- Event Type Name -
qualys_policy_info_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:pc:policyInfo" "POLICY_INFO" - Event Type Name -
qualys_posture_info_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:pc:postureInfo" "POSTURE_INFO" - Event Type Name -
qualys_policy_summary_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:pc:postureInfo" "POLICY_SUMMARY"
Event Types for WAS Findings Data
- Event Type Name -
qualys_was_finding_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:wasFindings" "WAS_FINDING" - Event Type Name -
qualys_was_summary_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:wasFindings" "WAS_SUMMARY"
Event Types for Container Security Data for Images
- Event Type Name -
cs_image_info_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:cs:csimageinfo" "IMAGE_INFO" - Event Type Name -
cs_vuln_info_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:cs:csimagevulninfo" "VULN_INFO" - Event Type Name -
cs_vuln_summary_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:cs:csimagevulninfo" "VULN_SUMMARY"
Event Types for Container Security Data for Containers
- Event Type Name -
qualys_cs_container_detailsSearch Query -
index={INDEX_NAME} sourcetype="qualys:cs:container" "CONTAINER_DETAILS" - Event Type Name -
qualys_cs_container_vulnSearch Query -
index={INDEX_NAME} sourcetype="qualys:cs:containerVuln" type=CONTAINER_VULN - Event Type Name -
qualys_cs_container_vuln_summarySearch Query -
index={INDEX_NAME} sourcetype="qualys:cs:containerVuln" type=CONTAINER_VULN_SUMMARY
Event Types for FIM Data for Events, Ignored Events, and Incidents
- Event Type Name -
qualys_fim_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:fim:event"splunk_event_type=FIM_EVENT - Event Type Name -
qualys_ignored_fim_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:fim:ignored_event" splunk_event_type=FIM_IGNORED_EVENT - Event Type Name -
qualys_fim_incidentSearch Query -
index={INDEX_NAME} sourcetype="qualys:fim:incident" splunk_event_type=FIM_INCIDENT
Event Types for Endpoint Detection and Response Data
-
Event Type Name -
qualys_edr_eventSearch Query -
index={INDEX_NAME} source="qualys" sourcetype="qualys:ioc:ioceventinfo" OR sourcetype="qualys:edr:event"
Event Types for Activity Log Data
-
Event Type Name -
qualys_activity_log_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:activityLog"
Event Types for Secure Enterprise Mobility
-
Event Type Name -
qualys_sem_asset_summary_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:sem:asset_summary" -
Event Type Name -
qualys_sem_detection_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:sem:detection"
Event Types for Policy Compliance Reporting Service
-
Event Type Name -
qualys_pcrs_policy_info_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:pcrs:policyinfo" -
Event Type Name -
qualys_pcrs_policy_summarySearch Query -
index={INDEX_NAME} sourcetype="qualys:pcrs:policy_summary" -
Event Type Name -
qualys_pcrs_posture_info_eventSearch Query -
index={INDEX_NAME} sourcetype="qualys:pcrs:postureinfo"
Event Types for Cyber Security Asset Management
- Event Type Name -
qualys_csam_assetsSearch Query -
index={INDEX_NAME} sourcetype="qualys:csam:assets" - Event Type Name -
qualys_csam_businessAppsSearch Query -
index={INDEX_NAME} sourcetype="qualys:csam:businessApps" - Event Type Name -
qualys_csam_softwaresSearch Query -
index={INDEX_NAME} sourcetype="qualys:csam:softwares"
Event Types for CertView
-
Event Type Name -
qualys_certview_certificatesSearch Query -
index={INDEX_NAME} sourcetype="qualys:certview:certificates"