Trying to setup this app, I'm being asked which API account type is needed for it- Scanner, Reader, or Manager?
Does it matter?
I would use a reader account, since you will only be pulling in the vulnerability information with that account. Once the reader account has been created you will need to assign which asset groups you would like to pull into Splunk.
Qualys user definitions (https://qualysguard.qualys.com/qwebhelp/fo_help/user_accounts/users_user_role.htm)
- Manager. A Manager has full rights and access to all account resources, including all asset groups in the subscription. Managers have the same rights as the subscriber of the account, who was automatically assigned a Manager role.
- Scanner. A Scanner can launch maps and scans on assigned groups and generate reports based on the results.
- Reader. A Reader can view saved map and scan results for assigned groups and generate reports based on the results.