All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Will somebody please fix the Splunk QualysGuard app?

responsys_cm
Builder
‎06-06-2012 03:47 PM

I'm usually pretty impressed with the apps built by the Splunk team. That is not the case with the Splunk for QualysGuard app. When the app is installed on 4.3 (Windows or Linux), there are a dozen or so errors like the following:

Error while parsing 'C:\Program Files\Splunk\etc\apps\QualysGuard\default\data\ui\views\PaxHeader\searchvulnkb.xml': syntax error: line 1, column 0

Line 1 in those files is:

The dashboard.html file does not exist anywhere within the Qualys app or the default Splunk build.

I can successfully get Splunk to login to the Qualys KB and download the contents. But when I look at log file generated by the python scripts, all of the CVSS metrics are empty. When I put the URL into a browser, I see all of that data correctly. So, that would seem to indicate that the XML style sheets used by the python script to extract data isn't working properly.

I've emailed both the author of the app and the support address listed in the README and gotten no response...

Tags (1)
0 Karma
Reply

TQP9999
New Member
‎11-12-2012 09:04 AM

can you help me get the API connector working with Qualys? when I ran the module i get error below

Traceback (most recent call last):
File "C:\Program Files\Splunk\etc\apps\QualysGuard\bin\qualysapi.py", line 13, in
APP_PATH = os.path.join(os.environ ['SPLUNK_HOME'], 'etc', 'apps', 'QualysGuard')
File "C:\Python27\lib\os.py", line 423, in getitem
return self.data[key.upper()]
KeyError: 'SPLUNK_HOME'

0 Karma
Reply

DaveSavage
Builder
‎11-12-2012 10:50 AM

Post this as your own submission for better visibility? The 'Key Words' will pick it out thereafter?
Br, Dave

0 Karma
Reply

responsys_cm
Builder
‎06-06-2012 04:13 PM

Thanks! I could probably download the KB with curl and write field extractions for everything, but that seems like a ton of work. I appreciate the quick reply.

Any idea why Splunk is complaining about the view template line?

0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎06-06-2012 04:04 PM

dashboard.html is not in the app, but it is in the view system. Almost all dashboards, regardless of the app, use dashboard.html as the view template.

I do think there is a problem in the app based on your experience and the two other issues reported here on Answers, and I have alerted the folks responsible for it.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...