I did not unfortunately @DaveBunn , I ended up having to use a SAML token. In retrospect, this is probably more secure than basic auth anyway. At the time of posting, my concern was with having a token that needed to be referenced in a bunch of places, so could be discovered and misused. We ended up implementing automated rotation of tokens to allay those concerns, which got us comfortable enough to move forward. This means the token is kept secret from our devs, is better protected, and we don't need to worry about refreshing it manually when it expires. If of interest, see the code at: https://github.com/Athena-Home-Loans/keydra/blob/fb862a4d9310e864c13e132c4c7d06ea24931914/src/keydra/clients/splunk.py#L286   ... View more

Just in case anyone stumbles across this, the TA is now working with Splunk Cloud (Victoria) experience from v1.8.11, after months of working with Qualys support to get the issue sorted. A newer version is now available, but considering the pain to get to this point, I'm loathe to update right now as it's finally working again. ... View more

Glad the OP was able to get this working, but none of this works for me. Have removed the app and reinstalled, with restarts in between, and a bunch of other trial and error - nothing seems to work. This is on Splunk Cloud - would not recommend using this TA if you're on Cloud. Qualys need to fix their code first. ... View more

Same issue here. I've been using this TA for a while (though never a nice experience, there are quite a few bugs/issues with it), but only just upgraded from 1.8.5 to 1.8.9 in an attempt to make lief easier. The previous version did not have this problem, so I assume this issue was introduced with 1.8.9. Since the TA is written and maintained by Qualys, hoping they can investigate and fix as, unless I'm missing something, it's not usable as is. FWIW, we're on Splunk Cloud (Victoria) on the latest version. Is this just an issue on Splunk Cloud? ... View more