New Qualys App for Splunk Enterprise Adds Real-time Dashboard and Analytics for Web Application Scanning
Last updated on: September 6, 2020
The newly released Qualys Web Application Scanning (WAS) App for Splunk Enterprise delivers information about affected web applications and prevalent vulnerabilities into the Splunk dashboard, and enables preconfigured searches and reports, for customers using both Qualys and Splunk. Just like with Qualys WAS, this new app also helps you analyze consistent WAS data across application lifecycles, detect unauthorized apps and rapidly harden your web apps with Qualys Web Application Firewall (WAF).
Based on Qualys’ real-time integration with Splunk’s powerful data analytics dashboard, the Qualys WAS App for Splunk Enterprise leverages our existing Technical Add-on (TA) for Splunk, which allows Qualys WAS data to be injected along with Qualys Vulnerability Management (VM) and KnowledgeBase data into a Splunk Indexer. We built this integration to handle data across time – the first value of Splunk – and deliver you even greater security posture awareness across Qualys VM and now also Qualys WAS. In doing so, Qualys provides you with Splunk’s great reporting capabilities, as well as advanced features unique to leveraging Qualys within Splunk.
Broader Splunk Integration
Since launching the Qualys VM App for Splunk Enterprise earlier this year, we’ve seen tremendous support from customers leveraging the extensible nature of the Qualys Cloud Platform to pull their Qualys data into their Splunk deployment using the Qualys TA for Splunk. This broader integration with Splunk marks a significant milestone for empowering Qualys customers to use their Qualys data within their own native environments, such as Splunk.
The Qualys TA works with Splunk Enterprise by pulling data from your enterprise’s Qualys account in the cloud, then presenting that data in any of the Qualys Splunk apps. That data then can be searched using the Splunk Search app, Splunk Enterprise Security or either/both of the Qualys Apps for Splunk Enterprise. The apps provide you access to summary charts on various data points, including the prevalence of vulnerabilities, top hosts affected and remediation prioritization. This results in new ways to visualize and report on Qualys data as well as correlate it with your enterprise’s other security data sources.
Getting started is easy if you’re presently a joint Qualys-Splunk customer.
- Download the App – You can download the Qualys WAS App for Splunk Enterprise from Splunkbase. But before you try to install the WAS App, first download and install the Qualys TA for Splunk. In previous versions we had the TA and the VM App bundled together, but now they are separate.
- Ensure You Have Qualys API Access and the Qualys KnowledgeBase Enabled – In order to use the new Qualys WAS for Splunk App, you will need a Qualys account that includes WAS and API access. If your account does not have API access, please contact your Qualys Technical Account Manager to add it and also check that the Qualys KnowledgeBase is enabled for your account.
- Sign up for a Splunk Enterprise Account – Since the app only works with Splunk Enterprise, you will also need a Splunk Enterprise account. Please contact your Splunk sales representative if you need to upgrade to Splunk Enterprise.
It will only take you a few minutes to install the app in Splunk. Enter your Qualys credentials and the URL for your Qualys API server platform and voila! You’re ready to set the default schedule for syncing data. The first time the app connects with the Qualys API, it pulls all data, but after that it pulls changes only.
Once you start using this new app, you’ll see that its biggest benefit is the ability to transform Qualys WAS data into user-customizable, dynamic reports and dashboards to help you quickly identify and respond to the most critical web application threats within your enterprise.
With a simple and secure setup, the new Qualys WAS App for Splunk Enterprise offers Qualys users the ability to remove the barriers to getting their WAS data into their Splunk environment so they can do with it what they want. If you are using Splunk for security, you must take a look at this app.
Are there any plans to allow the full set of fields available for the API. We have the info pulling in to Splunk, but actually the solution field is really useful ie you need to patch Microsoft patch KB123456 we can pull that info in as well. Because the windows app would tell us if its been patched etc