AnsweredAssumed Answered

TA-Qualys for Splunk (was_findings) dont't respect start date of 'data input'

Question asked by Antonio Marcos on Feb 27, 2020
Latest reply on Mar 4, 2020 by Antonio Marcos

Recently in a test environment I had to delete the Qualys logs.

 

I recreated the data input in the splunk and put the start date 2020-01-01T00: 00: 00Z this is the time I have the logs on Qualys Cloud.

 

However when the App makes the call in the API it does not call the start date that I put, it calls the last fetched 2020-02-24:

 

TA-QualysCloudPlatform: 2020-02-27 08:00:12 PID = 7200 [MainThread] INFO: TA-QualysCloudPlatform (was_findings) - WAS findings were last fetched on 2020-02-24T15: 00: 02Z

 

The App is thinking that I still have this data and tries to pull only the delta.

Is there a way to re-force all data starting with the start date #2020-01-01T00: 00: 00Z?

Outcomes