All Apps and Add-ons

Errors running Qualys TA

responsys_cm
Builder

I'm seeing two different errors with the Qualys TA. When I try and setup the app, I see the following:

Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA-QualysCloudPlatform/qualys/qualys_configure/setupentity

When I look in the qualys.conf, I can see the password in clear text rather than being encrypted...

I'm also seeing this error message when running the TA on a search head cluster:

TA-QualysCloudPlatform: 2018-07-20 18:19:05 PID=23510 [MainThread] ERROR: TA-QualysCloudPlatform - This setup is configured as Search Head. You should not run %s on Search Head. I am Exiting.

Why can't the TA run on a search head? That makes no sense considering that all of the searches in the Qualys app depend on the knowledge base lookup table. Do I have to run this on a separate box, have it input the knowledge base and then summary index the results so the search heads can build the KB?

0 Karma

frankwayne
Path Finder

My solution to this problem was to comment out lines 89-91 of qualys.py in the bin directory in the Add-on. This (bad) code checks to see if it is running on a search head and skips the work that we want done.

It would be nice if Qualys fixed the code with a ", input_name" before the closing parenthesis in line 90 so that %s gets filled in, but they can't even find the time to respond to your question. And we're commenting it out anyway. 🙂

For reference, the code to be removed is:

if server_info and server_info.is_search_head() and input_name != "qualys://knowledge_base":
    qlogger.error("This setup is configured as Search Head. You should not run %s on Search Head. I am Exiting.")
    continue

I hope this helps.

ayushchoudhary
Path Finder

The below document will help you to configure Qualys

https://www.qualys.com/docs/qualys-ta-for-splunk.pdf

0 Karma

frankwayne
Path Finder

I downvoted this post because it does not address the question at all.

0 Karma
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...