I want to automate the deployment of this TA on a heavy forwarder which means not pushing any credentials through the web interface. I don't have access to the web interface, this is locked down in via security groups to only allow communication on specific ports. The documentation doesn't cover how this can be done. How can I perform this configuration via CLI?
As far as I know any TA can be deploy via CLI using following command
Run the splunk install CLI command:
cd \opt\splunk\bin
.\splunk install app \splunk-add-on-for-qualys.tar.gz
App 'qualys' is installed.
After that you can do necessary configurations by going etc/apps/appname/
As far as I know any TA can be deploy via CLI using following command
Run the splunk install CLI command:
cd \opt\splunk\bin
.\splunk install app \splunk-add-on-for-qualys.tar.gz
App 'qualys' is installed.
After that you can do necessary configurations by going etc/apps/appname/
How can I add in my credentials for the Qualys site without using the GUI? This is the key part of deployment that seems to be missing from the CLI.
If it is a script then you can run it by searching a file from /etc/app/appname/andlookfilesshellscript
There might be a script which you need to trigger in order to process configuration. You have to search for that shell script