Getting Data In

Having trouble setting up TA-QualysCloudPlatform App

TheBravoSierra
Path Finder

Hello,

I'm trying to utilize the TA-QualysCloudPlatform app but running into a couple of issues.

 

1) When I go to open the splunk GUI, click on Data Inputs, Qualys Cloud Platform, Add New, >> Where does that data input get stored? I don't see it in either the default or the local inputs.conf of the app, so it must be storing it elsewhere.

2) When I get the app setup and attempt an API call, the internal Qualys log shows No Credentials Found, Cannot Continue. This is after setting up the app, entering the credentials in the GUI, Saving, and Restarting Splunk. Any ideas?

 

Thanks for your help.

Labels (1)
0 Karma
1 Solution

TheBravoSierra
Path Finder

@TheBravoSierra wrote:

Hello,

I'm trying to utilize the TA-QualysCloudPlatform app but running into a couple of issues.

 

1) When I go to open the splunk GUI, click on Data Inputs, Qualys Cloud Platform, Add New, >> Where does that data input get stored? I don't see it in either the default or the local inputs.conf of the app, so it must be storing it elsewhere.

2) When I get the app setup and attempt an API call, the internal Qualys log shows No Credentials Found, Cannot Continue. This is after setting up the app, entering the credentials in the GUI, Saving, and Restarting Splunk. Any ideas?

 

Thanks for your help.


1) It stores it in the search/local directory.

2) I found this was due to a bug in their app when upgrading from a previous version. You have to either re-enter the credentials and delete the old, or reinstall the app. I did the latter and it worked fine. Now just having an IO Error on activity_log, if anyone gets that and finds a fix, you're the greatest. 

View solution in original post

0 Karma

msquicc
Explorer

not 100% answering the original question here, but hoping to help someone in the future.  we're on prem, not splunkcloud, but recently had an issue upgrading our Qualys app and were met with:

ERROR: No credentials found. Cannot continue.

 

the following steps resolved the issue:

 

1. Click Settings> DATA> Data inputs.
2. On the Data inputs screen, click TA-QualysCloudPlatform.
3. On the Qualys screen, disable all the listed data inputs.
4. Open Linux console terminal.
5. Delete passwords.conf file (/opt/Splunk/etc/apps/TAQualysCloudPlatform/local/passwords.conf).
6. Reboot the Splunk instance.
7. Go to the Splunk UI, click Apps > Manage Apps.
8. Click Setup against the Qualys Technology Add-on for Splunk option.
9. On the TA-QualysCloudPlatform screen, enter new credentials under Qualys Credentials. but before saving the credentials again after deleting the password.conf file please clear cache and do a hard reload TA setup page, then enter the credentials again, save and restart the Splunk
10. Click Save.
11. Enabled Data input 

 

 

0 Karma

TheBravoSierra
Path Finder

@TheBravoSierra wrote:

Hello,

I'm trying to utilize the TA-QualysCloudPlatform app but running into a couple of issues.

 

1) When I go to open the splunk GUI, click on Data Inputs, Qualys Cloud Platform, Add New, >> Where does that data input get stored? I don't see it in either the default or the local inputs.conf of the app, so it must be storing it elsewhere.

2) When I get the app setup and attempt an API call, the internal Qualys log shows No Credentials Found, Cannot Continue. This is after setting up the app, entering the credentials in the GUI, Saving, and Restarting Splunk. Any ideas?

 

Thanks for your help.


1) It stores it in the search/local directory.

2) I found this was due to a bug in their app when upgrading from a previous version. You have to either re-enter the credentials and delete the old, or reinstall the app. I did the latter and it worked fine. Now just having an IO Error on activity_log, if anyone gets that and finds a fix, you're the greatest. 

0 Karma

billathena
Observer

Same issue here. I've been using this TA for a while (though never a nice experience, there are quite a few bugs/issues with it), but only just upgraded from 1.8.5 to 1.8.9 in an attempt to make lief easier.

The previous version did not have this problem, so I assume this issue was introduced with 1.8.9. Since the TA is written and maintained by Qualys, hoping they can investigate and fix as, unless I'm missing something, it's not usable as is.

FWIW, we're on Splunk Cloud (Victoria) on the latest version. Is this just an issue on Splunk Cloud?

0 Karma

billathena
Observer

Glad the OP was able to get this working, but none of this works for me. Have removed the app and reinstalled, with restarts in between, and a bunch of other trial and error - nothing seems to work.

This is on Splunk Cloud - would not recommend using this TA if you're on Cloud. Qualys need to fix their code first.

0 Karma

billathena
Observer

Just in case anyone stumbles across this, the TA is now working with Splunk Cloud (Victoria) experience from v1.8.11, after months of working with Qualys support to get the issue sorted. A newer version is now available, but considering the pain to get to this point, I'm loathe to update right now as it's finally working again.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...