Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
typeflat

Overview

-Qualys File Integrity Monitoring (FIM) is a highly scalable cloud app that enables a simple way to monitor critical files, directories, and registry paths for.

Devo collector features

Feature

Details

Allow parallel downloading (multipod)

not allowed

Running environments

  • collector server

  • on-premise

Populated Devo events

table

Flattening preprocessing

no

Data sources

Data source

Description

API endpoint

Collector service name

Devo table

Available from release

Events

Get all the events

/v2/events/search

fim_alerts

monitor.qualys.fim.event

v1.0.1

Incidents

Get all the Incident

v3/incidents/search

fim_incidents

monitor.qualys.fim.incident

v1.0.1

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Data source

Collector service

Optional

Flattening details

Events

events

yes

not required

Incidents

incidents

yes

not required

Minimum configuration required for basic pulling

...

Info

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting

Details

username

The username for Qualys FIM API.

password

The password for Qualys FIM API.

base_url

The token endpoint for to get the access token. (Ex:-https://<qualys_base_url>)

auth_url

The auth url for Qualys FIM API
(Ex:-https://<qualys_base_url>/auth)

Info

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

...

Expand
titleCheck memory usage

To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.

  • The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.

  • The global pressure of the available memory is displayed in the global value.

  • All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory

Code Block
2024-05-30T17:18:27.087    INFO OutputProcess::MainThread -> [GC] global: 32.7% -> 32.7%, process: RSS(44.05MiB -> 44.05MiB), VMS(928.46MiB -> 928.46MiB)
2024-05-30T17:23:27.140    INFO InputProcess::MainThread -> [GC] global: 32.1% -> 32.1%, process: RSS(46.57MiB -> 46.57MiB), VMS(784.46MiB -> 784.46MiB)
Info

Differences between RSS and VMS memory usage:

  • RSS is the Resident Set Size, which is the actual physical memory the process is using

  • VMS is the Virtual Memory Size which is the virtual memory that process is using

Change log

Release

Released on

Release type

Details

Recommendations

v1.0.

0

1

28

Status
colour

PurpleReleased the first version of the Qualys FIM collector.

Red
title

FIRST RELEASE

BUG FIX

Token expiration issue

Recommended version

 

 

v1.0.

1

0

30

Status
colour

Red

Purple
title

BUG FIXToken expiration issue

FIRST RELEASE

Released the first version of the Qualys FIM collector.

Initial version