Hello.
Help properly connect the Qualys vulnerability scanner to the Splunk.
I can not understand on what servers I need to install a technical addon - Qualys Technology Add-on for Splunk ver. 1.3.2
My server architecture is a Splunk:
- Server SH
- Server HF
- Server Indexer - 1 (cluster node)
- Server Indexer - 2 (cluster node)
- Cluster master
With the technical addon are the following intuitions:
- host_detection
- knowledge_base
- policy_posture_info
- was_findings
And also in the most addon (Qualys Technology Add (TA)) there is a config configurable connection by AIPI to cloudy Qualys.
Where is this connection configured ?
If I collect data via HF, then this addon is configured only for HF or also for SH ?