Qualys API integration into Elasticsearch

I am a current customer of Qualys and would like to create a reoccuring API call to Qualys from my Elasticsearch instance.

I am unclear on where I create and schedule cURL command to access this data. When I try and use them in the Dev tools console they do not appear to work?

Using 7.6 on Elasticsearch, APM, Kibana.



maybe you can expand a little bit, what you try to do, as something that sounds simple usually has some drawbacks attached. Do you want to query some API endpoint and index that data into elasticsearch? Is this a single page of data or something you paginate through? What happens in case of a failure?

If you want to alert on data from the API endpoint, you could take a look at Alerting

hope this helps as a start.

Good Morning and thank you for your reply. I am trying to take the vulnerability assessment data out of Qualys using their rest API and get that into Elasticsearch. I can envision two ways to do this...1. I think the best method is to find some internal process within Elasticsearch to make a periodic call to Qualys using its API to get that vulnerability data OR 2. I could envision a JSON or XML file being created by Qualys that I could pick up with Filebeat to send to Elasticsearch.

Thanks again, looking forward to your thoughts....

that's tricky to tell without knowing the qualys API. If that API requires some work (several requests) in order to gather all the data, then probably a small custom script might be a better idea, as you have full control over the execution. If it spits out a big XML/JSON blurb filebeat sounds like a good idea, as the data is easier to modify than within alerting.

From what I read, I think I would go with a script to have the full power of transformation, but that is just an outside hunch here as I don't understand the API well enough.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.