Has anyone implemented the Qualys App for Splunk? Anything anyone would like to share about it? Is it good? Is it not? Can you get the same from building your own dashboards?
Rusty, while I've not implemented the Splunk App, if you need some information on how to set up, this document will help you.
Qualys Apps for Splunk Enterprise
Thanks Shyam. Do you know if the Qualys ticket information can be put into Splunk?
The TA for Splunk is the component which pulls the data from Qualys. You can certainly modify or supplement those scripts to include pulling ticket data but it is not included 'out of the box'.
Thanks Ian. Is it modifying existing API calls? I haven't seen it before and we use the Qualys ticketing data to do our reporting.
The TA just uses existing API calls but it only uses some of them - the API calls for ticketing aren't included in the TA but if you know the scripting language used by that TA then you can add those API calls in yourself and push the data into Splunk.
Thanks Ian. Do you know how I could find out the scripting language used by the TA?
The apps are described here, with an attached document on the TA which describes how to set it up and maintain its data. It uses Python predominantly.
Thanks Ian. Will review the docs.
Retrieving data ...