All Apps and Add-ons

Splunk Add-on for Qualys CIM mapping: Why does the add-on map the endpoints with vulnerabilities to dvc instead of dest?

madcitygeek
Explorer

Why does the Splunk Add-on for Qualys map the endpoints with vulnerabilities to dvc instead of dest?

Per the CIM manual:
dvc The system that discovered the vulnerability.
dest The host with the discovered vulnerability.

1 Solution

jcoates_splunk
Splunk Employee
Splunk Employee

It's wrong to do so; there is a bug on this.

View solution in original post

jcoates_splunk
Splunk Employee
Splunk Employee

It's wrong to do so; there is a bug on this.

Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...