Solved: Qualys Technology Add-on (TA) for Splunk: How can ...

drutstein · ‎11-09-2017

I want to automate the deployment of this TA on a heavy forwarder which means not pushing any credentials through the web interface. I don't have access to the web interface, this is locked down in via security groups to only allow communication on specific ports. The documentation doesn't cover how this can be done. How can I perform this configuration via CLI?

mayurr98 · ‎11-09-2017

As far as I know any TA can be deploy via CLI using following command
Run the splunk install CLI command:

cd \opt\splunk\bin
.\splunk install app \splunk-add-on-for-qualys.tar.gz
App 'qualys' is installed.
After that you can do necessary configurations by going etc/apps/appname/

View solution in original post

mayurr98 · ‎11-09-2017

As far as I know any TA can be deploy via CLI using following command
Run the splunk install CLI command:

cd \opt\splunk\bin
.\splunk install app \splunk-add-on-for-qualys.tar.gz
App 'qualys' is installed.
After that you can do necessary configurations by going etc/apps/appname/

drutstein · ‎11-10-2017

How can I add in my credentials for the Qualys site without using the GUI? This is the key part of deployment that seems to be missing from the CLI.

mayurr98 · ‎11-10-2017

If it is a script then you can run it by searching a file from /etc/app/appname/andlookfilesshellscript
There might be a script which you need to trigger in order to process configuration. You have to search for that shell script

Qualys Technology Add-on (TA) for Splunk: How can I deploy this TA via CLI?

BSides Splunk 2022 - The Call for Papers is now Open!

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

What's New in Splunk Cloud Platform 9.0.2208?!