Configure Qualys Technology Add-on (TA) for Splunk App

Provide information to connect to the Qualys API Server and configure settings for collecting VM, WAS, PC, FIM, EDR, CS detection data, Activity log, and KB Data.

  • If you are installing TA for the first time or upgrading your TA that has no configuration, you must restart your Splunk once the configurations in TA are saved successfully. You are required to restart Splunk only when you configure TA for the first time. Restarting Splunk enables TA to reload the configurations from the app.conf file, which are modified after TA configuration.
  • When upgrading to TA 1.8.9, manually re-entering your Qualys API credentials is necessary; otherwise, you can not access to the Qualys API server. Before entering the credentials, we recommend that you clear your browser's cache and perform a hard reload.

To access this page, go to Apps > Manage Apps > Qualys Technology Add-on for Splunk > Set up.

Enter URL for the Qualys API Server

Enter the Qualys API Server URL for the Qualys Cloud Platform where your account is located. Click here if you need help identifying the URL.

Provide Account Credentials

The username and password for the Qualys account you want to sync with Splunk.

  • If you return to TA Setup page at a later time, your saved credentials are not visible. Do not enter credentials again as this adds another credential pair to the passwords.conf file and may cause issues when trying to pull data.
  • If your TA version is 1.8.7 or higher, you do not have to remove the passwords.conf file to update TA credentials. Just update the credentials from the TA setup page without removing the passwords.conf file.

Authenticate Using a Client Certificate

Select 'Use a Client certificate for authentication' and provide your PEM-encoded X.509 certificate (.pem file). You need to provide the certificate key (.key file) if it is separate from the certificate and enter a passphrase if the certificate/key file is encrypted.

Configure Multiple Qualys Instances 

A single TA app instance does not support configuring multiple Qualys user accounts. To create multiple TA instances across multiple forwarders and configure one user account on each TA instance.

Now you are connected to the Qualys API Server, proceed to configure various applications.

Next Step

Step 2 b: Configuration Settings 

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.