Hi all,
my name is Laura and I'm working with Qualys integration with Splunk with my company.
I had found some issues and I hope that you can help me.
In the Splunk Infrastructure it´s installed and configured the Splunk add-on for Qualys as well as reported in the official documentation. I see in Splunk the Qualys data about VM and WAS correctly, but the problems are:
I couldn't find any field related to the single Qualys scan: so, I see a scanned IP address with all its vulnerabilities, but I don't know in which scan its vulnerabilities have been discovered (information that, obviously , I have in Qualys)
The Splunk add-on had collected the Qualys Knowledge Base, but I only have the standard information (QID, TITLE, SEVERITY, CVE, etc.) and nothing about the details, such as the "Solution" or the "Exploitability"
I’ve installed the Splunk Add-on for Qualys version 1.3.3; maybe the problems could be in the obsolete version?
Thank you in advance.
... View more