Archive

Hurricane Labs Add-On for QUALYS: Why is no data coming in from API?

Explorer

I changed the app settings on the indexer (which is also the search head) to include api credentials and all proper settings enabled, I do not see any data. Must I place a forwarder on the appliance itself somehow?

0 Karma
1 Solution

Explorer

Got data to come in. Now trying to pull CVE data in using built in script and getting the following error. Any suggestions?

View solution in original post

0 Karma

Explorer

Got data to come in. Now trying to pull CVE data in using built in script and getting the following error. Any suggestions?

View solution in original post

0 Karma

Explorer

sudo bash /opt/splunk/etc/apps/TA-qualys/bin/update_qualys_kb.sh
Traceback (most recent call last):
File "./update_qualys_kb.py", line 48, in
cfg = get_splunk_config("qualys", "api")
File "./update_qualys_kb.py", line 20, in get_splunk_config
env["LD_LIBRARY_PATH"] = os.path.join(env["SPLUNK_HOME"], "lib")
KeyError: 'SPLUNK_HOME'

0 Karma

Path Finder

Try running that like so:

sudo /opt/splunk/bin/splunk cmd /opt/splunk/etc/apps/TA-qualys/bin/update_qualys_kb.sh

You need to run this from within the Splunk environment in order for certain functionality to be available. The above command will do that.

Let us know if that helps.

Explorer

This did the job! Thank you. However, can I expect the job that runs at 4:15am each night to work as it should? It does not seem to work properly (as of last night).

0 Karma