Event Types for Searching your Apps Data

Here is the list of default event types for Qualys apps. You can use these event types when searching your app data in Splunk.

If the customer has used custom index then replace {INDEX_NAME} with custom index name else replace with main.

Event Types for VM detection

  • Event Type Name - qualys_vm_detection_event

    Search Query - index={INDEX_NAME} (sourcetype="qualys:hostDetection" OR sourcetype="qualys_vm_detection") "HOSTVULN"

  • Event Type Name - qualys_host_summary_event

    Search Query - index={INDEX_NAME} (sourcetype="qualys:hostDetection" OR sourcetype="qualys_vm_detection") "HOSTSUMMARY"

Event Types for Policy Compliance Data

  • Event Type Name - qualys_policy_info_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:pc:policyInfo" "POLICY_INFO"

  • Event Type Name - qualys_posture_info_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:pc:postureInfo" "POSTURE_INFO"

  • Event Type Name - qualys_policy_summary_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:pc:postureInfo" "POLICY_SUMMARY"

Event Types for WAS Findings Data

  • Event Type Name - qualys_was_finding_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:wasFindings" "WAS_FINDING"

  • Event Type Name - qualys_was_summary_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:wasFindings" "WAS_SUMMARY"

Event Types for Container Security Data for Images

  • Event Type Name - cs_image_info_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:cs:csimageinfo" "IMAGE_INFO"

  • Event Type Name - cs_vuln_info_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:cs:csimagevulninfo" "VULN_INFO"

  • Event Type Name - cs_vuln_summary_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:cs:csimagevulninfo" "VULN_SUMMARY"

Event Types for Container Security Data for Containers

  • Event Type Name - qualys_cs_container_details

    Search Query - index={INDEX_NAME} sourcetype="qualys:cs:container" "CONTAINER_DETAILS"

  • Event Type Name - qualys_cs_container_vuln

    Search Query - index={INDEX_NAME} sourcetype="qualys:cs:containerVuln" type=CONTAINER_VULN

  • Event Type Name - qualys_cs_container_vuln_summary

    Search Query - index={INDEX_NAME} sourcetype="qualys:cs:containerVuln" type=CONTAINER_VULN_SUMMARY

Event Types for FIM Data for Events, Ignored Events, and Incidents

  • Event Type Name - qualys_fim_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:fim:event"splunk_event_type=FIM_EVENT

  • Event Type Name - qualys_ignored_fim_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:fim:ignored_event" splunk_event_type=FIM_IGNORED_EVENT

  • Event Type Name - qualys_fim_incident

    Search Query - index={INDEX_NAME} sourcetype="qualys:fim:incident" splunk_event_type=FIM_INCIDENT

Event Types for Endpoint Detection and Response Data

  • Event Type Name - qualys_edr_event

    Search Query - index={INDEX_NAME} source="qualys" sourcetype="qualys:ioc:ioceventinfo" OR sourcetype="qualys:edr:event"

Event Types for Activity Log Data

  • Event Type Name - qualys_activity_log_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:activityLog"

Event Types for Secure Enterprise Mobility

  • Event Type Name - qualys_sem_asset_summary_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:sem:asset_summary"

  • Event Type Name - qualys_sem_detection_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:sem:detection"

Event Types for Policy Compliance Reporting Service

  • Event Type Name - qualys_pcrs_policy_info_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:pcrs:policyinfo"

  • Event Type Name - qualys_pcrs_policy_summary

    Search Query - index={INDEX_NAME} sourcetype="qualys:pcrs:policy_summary"

  • Event Type Name - qualys_pcrs_posture_info_event

    Search Query - index={INDEX_NAME} sourcetype="qualys:pcrs:postureinfo"

Event Types for Cyber Security Asset Management

  • Event Type Name - qualys_csam_assets

    Search Query - index={INDEX_NAME} sourcetype="qualys:csam:assets"

  • Event Type Name - qualys_csam_businessApps

    Search Query - index={INDEX_NAME} sourcetype="qualys:csam:businessApps"

  • Event Type Name - qualys_csam_softwares

    Search Query - index={INDEX_NAME} sourcetype="qualys:csam:softwares"

Event Types for CertView

  • Event Type Name - qualys_certview_certificates

    Search Query - index={INDEX_NAME} sourcetype="qualys:certview:certificates" 

 

Event Types for TotalCloud Cloud Security Posture Management Settings for AWS 

  • Event Type Name - qualys_cspm_aws_postureInfo_event

    Search Query - index=main sourcetype="qualys:cspm:aws_postureInfo"

Event Types for TotalCloud Cloud Security Posture Management Settings for AZURE 

  • Event Type Name - qualys_cspm_azure_postureInfo_event

    Search Query - index=main sourcetype="qualys:cspm:azure_postureInfo"

Event Types for TotalCloud Cloud Security Posture Management Settings for GCP

  • Event Type Name - qualys_cspm_gcp_postureInfo_event

    Search Query - index=main sourcetype="qualys:cspm:gcp_postureInfo"

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.