For documentation please see: https://community.qualys.com/docs/DOC-4876
Support
In case any assistance is needed, please visit https://www.qualys.com/forms/contact-support/
Added Multithreading support in EDR for data ingestion
Retry logic enhancement for EDR Module
Bug fixes for VM Module
-Debugging enhancement for VM Detection Data
-Added feature on the TA setup Page to let the user terminate the running PID for the respective data input.
-Enhanced configuration for the VM Detection Settings.
-Minor bug fixes and enhancements
Note: Not compatible with Splunk 9.0
Bug fixes
Users can now ingest detected service names in the event along with TCP/UDP ports
Users can now ingest detected service names in the event along with TCP/UDP ports
ATTENTION PLEASE!
1) Changes to the TA setup page for Qualys API credentials: We have added a realm for Qualys API credentials that get stored in 'passwords.conf' file. When you upgrade to TA 1.8.9, please re-enter the Qualys API credentials. The TA won't be able to access the Qualys API credentials until then. We recommend you empty the cache of your browser and do a hard reload before entering the credentials.
2) The Indication of Compromise (IOC) data inputs rebranded as Endpoint Detection and Response (EDR) data inputs: From this version, the TA will show a deprecation warning in the TA log for IOC data input. Please disable and delete earlier IOC data input and add a new EDR data input. You can use the new Qualys EDR App for Splunk Enterprise.
Other Fixes:
1) Fixed 400 Bad Request issues for certain pagination calls for Container Security.
2) Fixed incomplete API response XML file issue for Policy Compliance.
3) Added milliseconds in the checkpoint file for FIM data inputs to be compliant with API.
Host and Detection fields to log are now configurable from the TA setup page
Truncate the Results field at the TA side
Features / Improvements:
Read the VM data input configuration values from 'qualys.conf' instead of the app configuration file
New logic implemented for policy ids distribution for PC data input
Bug Fixes:
VM host summary logged in Splunk even though excluded in the TA setup
WAS summary events were not indexing while WAS data input was running in multi-thread mode
PC Evidence details were not logged in case 'lastUpdated' attribute not present in the API output
-Fix for byte string present in the data ingested for host detection in Splunk version 8.0.0 or higher which uses Python 3 interpreter
-Added support for activity_log data feed in cleanup.py and run.py scripts
-Added validation for Start date while adding/editing data input
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.