{"type":"doc","content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"minLevel":{"value":"2"},"maxLevel":{"value":"2"},"type":{"value":"flat"}},"macroMetadata":{"macroId":{"value":"812af86120b7d64463b747ac09afa7ed"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"72c9b4a1-f493-4b84-b268-16358df35c8b"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"Qualys File Integrity Monitoring (FIM) is a highly scalable cloud app that enables a simple way to monitor critical files, directories, and registry paths for.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Devo collector features","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"0ab3b2ef-2f2a-4b04-9967-e08c1200cb68"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[439.0]},"content":[{"type":"paragraph","content":[{"text":"Feature","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[318.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[439.0]},"content":[{"type":"paragraph","content":[{"text":"Allow parallel downloading (","type":"text"},{"text":"multipod","type":"text","marks":[{"type":"code"}]},{"text":")","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[318.0]},"content":[{"type":"paragraph","content":[{"text":"not allowed","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[439.0]},"content":[{"type":"paragraph","content":[{"text":"Running environments","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[318.0]},"content":[{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"collector server","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"on-premise","type":"text","marks":[{"type":"code"}]}]}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[439.0]},"content":[{"type":"paragraph","content":[{"text":"Populated Devo events","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[318.0]},"content":[{"type":"paragraph","content":[{"text":"table","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[439.0]},"content":[{"type":"paragraph","content":[{"text":"Flattening preprocessing","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[318.0]},"content":[{"type":"paragraph","content":[{"text":"no","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Data sources","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"9435c4ed-b468-41be-9313-494ec9731a76"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Data source","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"API endpoint","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Collector service name","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Devo table","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Available from release","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Events","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Get all the events","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"/v2/events/search","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"fim_alerts","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"monitor.qualys.fim.event","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.1","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Incidents","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Get all the Incident","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"v3/incidents/search","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"fim_incidents","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"monitor.qualys.fim.incident","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"v1.0.1","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"For more information on how the events are parsed, ","type":"text"},{"text":"visit our page","type":"text","marks":[{"type":"link","attrs":{"href":"https://devodocs.atlassian.net/wiki/spaces/latest/pages/635469830"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Flattening preprocessing","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"21ee59a7-1cce-4799-a831-abe7f7dc9012"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Data source","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[198.0]},"content":[{"type":"paragraph","content":[{"text":"Collector service","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[170.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[235.0]},"content":[{"type":"paragraph","content":[{"text":"Flattening details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Events","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[198.0]},"content":[{"type":"paragraph","content":[{"text":"events","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[170.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[235.0]},"content":[{"type":"paragraph","content":[{"text":"not required","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[154.0]},"content":[{"type":"paragraph","content":[{"text":"Incidents","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[198.0]},"content":[{"type":"paragraph","content":[{"text":"incidents","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[170.0]},"content":[{"type":"paragraph","content":[{"text":"yes","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[235.0]},"content":[{"type":"paragraph","content":[{"text":"not required","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Minimum configuration required for basic pulling","type":"text"}]},{"type":"paragraph","content":[{"text":"Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.","type":"text"}]}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"f0181bfb-e240-46d1-83bf-1c1c9164f60a"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"Setting","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[511.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"username","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[511.0]},"content":[{"type":"paragraph","content":[{"text":"The username for Qualys FIM API.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"password","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[511.0]},"content":[{"type":"paragraph","content":[{"text":"The password for Qualys FIM API.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"base_url","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[511.0]},"content":[{"type":"paragraph","content":[{"text":"The token endpoint for to get the access token. (Ex:-","type":"text"},{"text":"https://)","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[246.0]},"content":[{"type":"paragraph","content":[{"text":"auth_url","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[511.0]},"content":[{"type":"paragraph","content":[{"text":"The auth url for Qualys FIM API","type":"text"},{"type":"hardBreak"},{"text":"(Ex:-","type":"text"},{"text":"https:///auth)","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"See the ","type":"text"},{"text":"Accepted authentication methods","type":"text","marks":[{"type":"strong"}]},{"text":" section to verify what settings are required based on the desired authentication method.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Accepted authentication methods","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"62dad9ea-77c2-4fce-b046-28247985cdc1"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"Authentication method","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[212.0]},"content":[{"type":"paragraph","content":[{"text":"Username","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[223.0]},"content":[{"type":"paragraph","content":[{"text":"password","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[325.0]},"content":[{"type":"paragraph","content":[{"text":"credentials","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[212.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"green","style":"bold","text":"REQUIRED","localId":"17ca49ef-0c2d-40b2-87e2-7db7bbf99208"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[223.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"green","style":"bold","text":"REQUIRED","localId":"f445f51a-ea68-4164-99fc-bb51be7cad78"}}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Run the collector","type":"text"}]},{"type":"paragraph","content":[{"text":"Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (","type":"text"},{"text":"Cloud collector","type":"text","marks":[{"type":"underline"}]},{"text":"), or deploy and host the collector in your own machine using a Docker image (","type":"text"},{"text":"On-premise collector","type":"text","marks":[{"type":"underline"}]},{"text":").","type":"text"}]},{"type":"bodiedExtension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-ui-tabs-macro","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"6a805bc0-abf6-4d98-987c-6a9164c77642"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab-container.png"}}],"title":"Refined Tab Container"}},"localId":"51a38310-b288-4fb7-a20e-43dcd020e55a"},"content":[{"type":"paragraph"},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-tab","parameters":{"macroParams":{"title":{"value":"Cloud collector"}},"macroMetadata":{"macroId":{"value":"2825992cb366f7c43cdf1373692654dc"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab.png"}}],"title":"Refined Tab"}},"localId":"0f26672c-3765-45d9-a825-cd6014850d1a"}},{"type":"paragraph","content":[{"text":"We use a piece of software called Collector Server to host and manage all our available collectors. If you want us to host this collector for you, ","type":"text"},{"text":"get in touch with us","type":"text","marks":[{"type":"link","attrs":{"href":"https://devo.my.site.com/support/login?ec=302&startURL=%2Fsupport%2Fs%2F"}}]},{"text":" and we will guide you through the configuration.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"rw-tab","parameters":{"macroParams":{"title":{"value":"On-premise collector"}},"macroMetadata":{"macroId":{"value":"0e08d10a084320745cfcad174c481cfb"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://static.dg.refinedtheme.refinedwiki.com/refinedtheme-for-cloud/macro-icons/tab.png"}}],"title":"Refined Tab"}},"localId":"3392ad6b-e017-4587-96ac-e5e9d4459cb2"}},{"type":"paragraph","content":[{"text":"This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Structure","type":"text"}]},{"type":"paragraph","content":[{"text":"The following directory structure should be created for being used when running the collector:","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n└── devo-collectors/\n └── /\n ├── certs/\n │ ├── chain.crt\n │ ├── .key\n │ └── .crt\n ├── state/\n └── config/ \n └── config.yaml ","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper value.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Devo credentials","type":"text"}]},{"type":"paragraph","content":[{"text":"In Devo, go to ","type":"text"},{"text":"Administration → Credentials → X.509 Certificates","type":"text","marks":[{"type":"strong"}]},{"text":", download the ","type":"text"},{"text":"Certificate","type":"text","marks":[{"type":"strong"}]},{"text":", ","type":"text"},{"text":"Private key","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"Chain CA","type":"text","marks":[{"type":"strong"}]},{"text":" and save them in ","type":"text"},{"text":"/certs/","type":"text","marks":[{"type":"code"}]},{"text":". Learn more about security credentials in Devo ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"#"}}]},{"text":".","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"center","width":748,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":950,"alt":"image-20240604-093308.png","id":"ff908042-4b20-4308-b5ef-4b5606ccb08d","collection":"contentId-656965633","type":"file","height":448}}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper value.","type":"text"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Editing the config.yaml file","type":"text"}]},{"type":"codeBlock","content":[{"text":"globals:\n debug: false\n id: not_used\n name: qualys_fim_collector\n persistence:\n type: filesystem\n config:\n directory_name: state\n# type: redis\n# config:\n# host: host\n# port: port\n# password: password\n# db: db\n\noutputs:\n# devo_1:\n# type: devo_platform\n# config:\n# address: collector-us.devo.io\n# port: 443\n# type: SSL\n# chain: chain.crt\n# cert: .crt\n# key: .key\n# devo_2:\n# type: devo_platform\n# config:\n# address: collector-eu.devo.io\n# port: 443\n# type: SSL\n# chain: chain.crt\n# cert: .crt\n# key: .key\n# relay_1:\n# type: syslog\n# config:\n# address: 127.0.0.1\n# port: 13000\n\n console_1:\n type: console\n\ninputs:\n qualys_fim:\n id: \n enabled: \n credentials:\n username: \n password: \n base_url: \n auth_url: \n services:\n fim_incidents:\n start_time_in_utc: \n override_devo_tag: \n request_period_in_seconds: \n pageSize: \n override_sort: \n override_date_filter: \n attributes: \n fim_events:\n start_time_in_utc: \n override_devo_tag: \n request_period_in_seconds: \n pageSize: \n override_sort: \n override_date_filter: \n incidentContext: ","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"All defined service entities will be executed by the collector. If you do not want to run any of them, just remove the entity from the ","type":"text"},{"text":"services","type":"text","marks":[{"type":"code"}]},{"text":" object.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Replace the placeholders with your required values following the description table below:","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"25f956c8-908a-446b-8550-bca78db7afa5"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"Parameter","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"Data type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Value range / Format","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum Lenght 5","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Use this param to give a unique id to this input service.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"This parameter is used to build the persistence address, do not use the same value for multiple collectors. It could cause a collision.","type":"text"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"bool","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"false","type":"text","marks":[{"type":"code"}]},{"text":" / ","type":"text"},{"text":"true","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Use this param to enable or disable the given input logic when running the collector. If the value is ","type":"text"},{"text":"true","type":"text","marks":[{"type":"code"}]},{"text":", the input will be run. If the value is ","type":"text"},{"text":"false","type":"text","marks":[{"type":"code"}]},{"text":", it will be ignored.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum Length 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"background":"#ffffff","rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"UserName for Qualys FIM","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum Length 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"background":"#ffffff","rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"PassWord for Qualys FIM","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum Length 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Base URL for Qualys FIM","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Mandatory","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum Length 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"background":"#ffffff","rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Auth URL for Qualys FIM","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"int","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Minimum Length 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"Period in seconds used between each data pulling, this value will overwrite the default value 60 seconds","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"A devo tag","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows to define a custom devo tag.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"PageSize","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows to define a pageSize. Default pageSize is 1000.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Sort","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows to override sort value.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"Date filter","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows to override date filter value.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"attributes","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows to assign attributes. It is only for ","type":"text"},{"text":"fim_incidents","type":"text","marks":[{"type":"code"}]},{"text":" service","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[165.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"str","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[111.0]},"content":[{"type":"paragraph","content":[{"text":"Optional","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[173.0]},"content":[{"type":"paragraph","content":[{"text":"incidentContext","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[185.0]},"content":[{"type":"paragraph","content":[{"text":"This parameter allows to add incidentContext to filter the data. It is only for ","type":"text"},{"text":"fim_events ","type":"text","marks":[{"type":"code"}]},{"text":"service.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Download the Docker image","type":"text"}]},{"type":"paragraph","content":[{"text":"The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"94785be3-54fc-4266-9d73-deee265f1451"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[358.0]},"content":[{"type":"paragraph","content":[{"text":"Collector Docker image","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[368.0]},"content":[{"type":"paragraph","content":[{"text":"SHA-256 hash","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[358.0]},"content":[{"type":"paragraph","content":[{"text":"collector-qualys_fim_if-docker-image-1.0.1","type":"text","marks":[{"type":"link","attrs":{"href":"https://drive.google.com/file/d/1FgMRf2c4Qh2ErUZG11zdy-ICJ5xUa2yi/view?usp=drive_link"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[368.0]},"content":[{"type":"paragraph","content":[{"text":"e3cf70c239c6f496c80745d32b91f6677167633aef061466d690750bc346d7bb","type":"text","marks":[{"type":"code"}]}]}]}]}]},{"type":"paragraph","content":[{"text":"Use the following command to add the Docker image to the system:","type":"text"}]},{"type":"codeBlock","content":[{"text":"gunzip -c -.tgz | docker load","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Once the Docker image is imported, it will show the real name of the Docker image (including version info). Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with a proper value.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"The Docker image can be deployed on the following services:","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Docker","type":"text"}]},{"type":"paragraph","content":[{"text":"Execute the following command on the root directory ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]}]},{"type":"codeBlock","content":[{"text":"docker run \n--name collector- \n--volume $PWD/certs:/devo-collector/certs \n--volume $PWD/config:/devo-collector/config \n--volume $PWD/state:/devo-collector/state \n--env CONFIG_FILE=config.yaml \n--rm \n--interactive \n--tty \n:","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper values.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Docker Compose","type":"text"}]},{"type":"paragraph","content":[{"text":"The following Docker Compose file can be used to execute the Docker container. It must be created in the ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]},{"text":" directory.","type":"text"}]},{"type":"codeBlock","content":[{"text":"version: '3'\nservices:\n collector-:\n image: :${IMAGE_VERSION:-latest}\n container_name: collector-\n volumes:\n - ./certs:/devo-collector/certs\n - ./config:/devo-collector/config\n - ./credentials:/devo-collector/credentials\n - ./state:/devo-collector/state\n environment:\n - CONFIG_FILE=${CONFIG_FILE:-config.yaml}","type":"text"}]},{"type":"paragraph","content":[{"text":"To run the container using docker-compose, execute the following command from the ","type":"text"},{"text":"/devo-collectors//","type":"text","marks":[{"type":"code"}]},{"text":" directory:","type":"text"}]},{"type":"codeBlock","content":[{"text":"IMAGE_VERSION= docker-compose up -d","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Replace ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" with the proper values.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Collector services detail","type":"text"}]},{"type":"paragraph","content":[{"text":"This section is intended to explain how to proceed with specific actions for services.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"fim_incidents","type":"text"}]},{"type":"expand","attrs":{"title":"Verify data collection"},"content":[{"type":"paragraph","content":[{"text":"Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.","type":"text"}]},{"type":"paragraph","content":[{"text":"This service has the following components:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"0fc14022-ade5-4eae-ba9b-eaa9749ea4a9"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[221.0]},"content":[{"type":"paragraph","content":[{"text":"Component","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[509.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[221.0]},"content":[{"type":"paragraph","content":[{"text":"Setup","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[509.0]},"content":[{"type":"paragraph","content":[{"text":"The setup module is in charge of authenticating the service and managing the token expiration when needed.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[221.0]},"content":[{"type":"paragraph","content":[{"text":"Puller","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[509.0]},"content":[{"type":"paragraph","content":[{"text":"The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Setup output","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful run has the following output messages for the setup module:","type":"text"}]},{"type":"codeBlock","content":[{"text":"2024-05-30T17:12:26.992 INFO OutputProcess::MainThread -> Process started\n2024-05-30T17:12:26.994 INFO MainProcess::MainThread -> Started all object from \"MainProcess\" process\n2024-05-30T17:12:26.994 INFO InputProcess::MainThread -> Process Started\n2024-05-30T17:12:27.015 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) Starting the execution of init_variables()\n2024-05-30T17:12:27.015 INFO InputProcess::MainThread -> Validating service metadata\n2024-05-30T17:12:27.016 INFO InputProcess::MainThread -> Validating defined module definition\n2024-05-30T17:12:27.019 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread\n2024-05-30T17:12:27.019 INFO InputProcess::MainThread -> Validating common input config\n2024-05-30T17:12:27.019 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T17:12:27.019 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread\n2024-05-30T17:12:27.019 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread\n2024-05-30T17:12:27.020 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T17:12:27.020 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread\n2024-05-30T17:12:27.020 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T17:12:27.020 INFO InputProcess::MainThread -> Validating service input config\n2024-05-30T17:12:27.020 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread\n2024-05-30T17:12:27.020 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T17:12:27.021 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T17:12:27.021 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T17:12:27.021 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T17:12:27.021 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread\n2024-05-30T17:12:27.021 INFO InputProcess::MainThread -> Running overriding rules\n2024-05-30T17:12:27.021 INFO InputProcess::MainThread -> Validating the rate limiter config given by the user\n2024-05-30T17:12:27.021 INFO InputProcess::MainThread -> setting has not been defined. The generic settings will be used instead.\n2024-05-30T17:12:27.021 INFO InputProcess::MainThread -> Adding raw config to the collector store\n2024-05-30T17:12:27.021 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T17:12:27.021 INFO InputProcess::MainThread -> Running custom validation rules\n2024-05-30T17:12:27.021 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) Finalizing the execution of init_variables()\n2024-05-30T17:12:27.023 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) Starting the execution of init_variables()\n2024-05-30T17:12:27.023 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(internal_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T17:12:27.023 INFO InputProcess::MainThread -> Validating service metadata\n2024-05-30T17:12:27.024 INFO InputProcess::MainThread -> Validating defined module definition\n2024-05-30T17:12:27.026 INFO InputProcess::MainThread -> Validating common input config\n2024-05-30T17:12:27.027 INFO InputProcess::MainThread -> Validating service input config\n2024-05-30T17:12:27.028 INFO InputProcess::MainThread -> Running overriding rules\n2024-05-30T17:12:27.028 INFO InputProcess::MainThread -> Validating the rate limiter config given by the user\n2024-05-30T17:12:27.028 INFO InputProcess::MainThread -> setting has not been defined. The generic settings will be used instead.\n2024-05-30T17:12:27.028 INFO InputProcess::MainThread -> Adding raw config to the collector store\n2024-05-30T17:12:27.028 INFO InputProcess::MainThread -> Running custom validation rules\n2024-05-30T17:12:27.028 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) Finalizing the execution of init_variables()\n2024-05-30T17:12:27.029 INFO InputProcess::MainThread -> InputThread(qualys_fim,123123) - Starting thread (execution_period=60s)\n2024-05-30T17:12:27.029 INFO InputProcess::MainThread -> ServiceThread(qualys_fim,123123,fim_events,predefined) - Starting thread (execution_period=60s)\n2024-05-30T17:12:27.029 INFO InputProcess::MainThread -> QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Starting thread\n2024-05-30T17:12:27.030 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) - Starting thread\n2024-05-30T17:12:27.030 WARNING InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> Waiting until setup will be executed\n2024-05-30T17:12:27.030 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> First run of the collector. Generating new access token.\n2024-05-30T17:12:27.030 WARNING InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> The token/header/authentication has not been created yet\n2024-05-30T17:12:27.032 INFO InputProcess::MainThread -> ServiceThread(qualys_fim,123123,fim_incidents,predefined) - Starting thread (execution_period=60s)\n2024-05-30T17:12:27.032 INFO InputProcess::MainThread -> QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_incidents#predefined) -> Starting thread\n2024-05-30T17:12:27.032 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) - Starting thread\n2024-05-30T17:12:27.032 WARNING InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) -> Waiting until setup will be executed\n2024-05-30T17:12:27.032 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_incidents#predefined) -> First run of the collector. Generating new access token.\n2024-05-30T17:12:27.033 WARNING InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_incidents#predefined) -> The token/header/authentication has not been created yet\n2024-05-30T17:12:27.035 INFO OutputProcess::MainThread -> [GC] global: 32.3% -> 32.3%, process: RSS(41.68MiB -> 42.68MiB), VMS(928.46MiB -> 928.46MiB)\n2024-05-30T17:12:27.046 INFO InputProcess::MainThread -> [GC] global: 32.3% -> 32.4%, process: RSS(41.70MiB -> 41.70MiB), VMS(712.45MiB -> 712.45MiB)\n2024-05-30T17:12:28.308 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {\"name\": \"DevoSender(internal_senders,devo_sender_0)\", \"url\": \"collector-eu.devo.io:443\", \"chain_path\": \"/home/md_tausif/gitlab/devo-collector-qualys-fim/certs/chain.crt\", \"cert_path\": \"/home/md_tausif/gitlab/devo-collector-qualys-fim/certs/int-if-integrations-india.crt\", \"key_path\": \"/home/md_tausif/gitlab/devo-collector-qualys-fim/certs/int-if-integrations-india.key\", \"transport_layer_type\": \"SSL\", \"last_usage_timestamp\": null, \"socket_status\": null}, hostname: \"2023-apac-0046\", session_id: \"139771304509792\"\n2024-05-30T17:12:36.214 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Token is valid. Skipping the generation of new access token \n2024-05-30T17:12:36.215 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Token is valid. Skipping the generation of new access token \n2024-05-30T17:12:36.215 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Setup for module has been successfully executed","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Puller output","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful initial run has the following output messages for the puller module:","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Note that the ","type":"text"},{"text":"PrePull","type":"text","marks":[{"type":"code"}]},{"text":" action is executed only one time before the first run of the ","type":"text"},{"text":"Pull","type":"text","marks":[{"type":"code"}]},{"text":" action.","type":"text"}]}]},{"type":"codeBlock","content":[{"text":"2024-05-30T17:12:45.058 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) -> Pull Started\n2024-05-30T17:12:45.058 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) -> Fetching data From : 2024-01-03 10:00:00+00:00 To : 2024-01-05 10:00:00+00:00\n2024-05-30T17:12:47.053 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) -> Sent 2 fim_incidents events to Devo.\n2024-05-30T17:12:47.053 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1717069365052):Number of requests made: 1; Number of events received: 2; Number of duplicated events filtered out: 0; Number of events generated and sent: 2; Average of events per second: 1.002.","type":"text"}]},{"type":"paragraph","content":[{"text":"After a successful collector’s execution (that is, no error logs found), you will see the following log message:","type":"text"}]},{"type":"codeBlock","content":[{"text":"2024-05-30T17:12:47.053 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_incidents,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1717069365052):Number of requests made: 1; Number of events received: 2; Number of duplicated events filtered out: 0; Number of events generated and sent: 2; Average of events per second: 1.002.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The value ","type":"text"},{"text":"@devo_pulling_id","type":"text","marks":[{"type":"code"}]},{"text":" is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that ","type":"text"},{"text":"Pull","type":"text","marks":[{"type":"code"}]},{"text":" action in Devo’s search window.","type":"text"}]}]}]},{"type":"expand","attrs":{"title":"Restart the persistence"},"content":[{"type":"paragraph","content":[{"text":"This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Edit the configuration file.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Change the value of the ","type":"text"},{"text":"start_time_in_utc","type":"text","marks":[{"type":"code"}]},{"text":" parameter to a different one.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Save the changes.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Restart the collector.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.","type":"text"}]}]}]},{"type":"expand","attrs":{"title":"Troubleshooting"},"content":[{"type":"paragraph","content":[{"text":"This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"7f3d1b42-d93d-41e9-88e1-e15bdf876be4"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"Error type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"Error ID","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[250.0]},"content":[{"type":"paragraph","content":[{"text":"Error message","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"Cause","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Solution","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":4,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"SetupError","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"100","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[250.0]},"content":[{"type":"paragraph","content":[{"text":"Error occurred while requesting from the Qualys server. Error ","type":"text"},{"text":"message: {error_message}","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"Error pccurred on the qualys server","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"you’ll get error message. Kindly reach the developer with the message","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"101","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[250.0]},"content":[{"type":"paragraph","content":[{"text":"The tokens provided are incorrect. Please specify the correct credentials","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"tokens (username, password) is invalid or incorrect","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Please provide the correct tokens (username , password)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"102","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[250.0]},"content":[{"type":"paragraph","content":[{"text":"The provided tokens are valid but they do not have the permission to get data","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"No permission for provided credentials to get the data","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Please get the required permission to fetch the data from the vendor.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"103","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[250.0]},"content":[{"type":"paragraph","content":[{"text":"Unexpected HTTP error occurred at the Qualys server. status cod","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"Unexpected HTTP error","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Contact team in this case","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":"PullError","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"300","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[250.0]},"content":[{"type":"paragraph","content":[{"text":"HTTP Error occurred while retrieving events from Qualys ","type":"text"},{"text":"server{summery}","type":"text","marks":[{"type":"code"}]},{"text":" , ","type":"text"},{"text":"{details}","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"This error happens when the collector tries to fetch the data from API.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"In this error you will find the HTTP error code as well as the summary and details.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[135.0]},"content":[{"type":"paragraph","content":[{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[92.0]},"content":[{"type":"paragraph","content":[{"text":"301","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[250.0]},"content":[{"type":"paragraph","content":[{"text":"Some error occurred while retrieving events from Qualys server. ","type":"text"},{"text":"Error details: {details","type":"text","marks":[{"type":"code"}]},{"text":"}","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[110.0]},"content":[{"type":"paragraph","content":[{"text":"Some exceptions occurred while making the API request.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Reach out to the developer with the exact error message.","type":"text"}]}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"fim_alerts","type":"text"}]},{"type":"expand","attrs":{"title":"Verify data collection"},"content":[{"type":"paragraph","content":[{"text":"Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.","type":"text"}]},{"type":"paragraph","content":[{"text":"This service has the following components:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"a8c5a05b-a1bc-41fb-aa92-38a2ed669bcf"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[216.0]},"content":[{"type":"paragraph","content":[{"text":"Component","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[514.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[216.0]},"content":[{"type":"paragraph","content":[{"text":"Setup","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[514.0]},"content":[{"type":"paragraph","content":[{"text":"The setup module is in charge of authenticating the service and managing the token expiration when needed.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[216.0]},"content":[{"type":"paragraph","content":[{"text":"Puller","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[514.0]},"content":[{"type":"paragraph","content":[{"text":"The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Setup output","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful run has the following output messages for the setup module:","type":"text"}]},{"type":"codeBlock","content":[{"text":"2024-05-30T13:40:57.069 INFO InputProcess::MainThread -> Process Started\n2024-05-30T13:40:57.089 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) Starting the execution of init_variables()\n2024-05-30T13:40:57.089 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread\n2024-05-30T13:40:57.089 INFO InputProcess::MainThread -> Validating service metadata\n2024-05-30T13:40:57.089 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T13:40:57.089 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread\n2024-05-30T13:40:57.089 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T13:40:57.090 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread\n2024-05-30T13:40:57.090 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread\n2024-05-30T13:40:57.090 INFO InputProcess::MainThread -> Validating defined module definition\n2024-05-30T13:40:57.090 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.091 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(internal_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.092 INFO InputProcess::MainThread -> Validating common input config\n2024-05-30T13:40:57.093 INFO InputProcess::MainThread -> Validating service input config\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Running overriding rules\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Validating the rate limiter config given by the user\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> setting has not been defined. The generic settings will be used instead.\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Adding raw config to the collector store\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Running custom validation rules\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) Finalizing the execution of init_variables()\n2024-05-30T13:40:57.096 INFO InputProcess::MainThread -> InputThread(qualys_fim,123123) - Starting thread (execution_period=60s)\n2024-05-30T13:40:57.096 INFO InputProcess::MainThread -> ServiceThread(qualys_fim,123123,fim_events,predefined) - Starting thread (execution_period=60s)\n2024-05-30T13:40:57.097 INFO InputProcess::MainThread -> QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Starting thread\n2024-05-30T13:40:57.097 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) - Starting thread\n2024-05-30T13:40:57.097 WARNING InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> Waiting until setup will be executed\n2024-05-30T13:40:57.097 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> First run of the collector. Generating new access token.\n2024-05-30T13:40:57.097 WARNING InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> The token/header/authentication has not been created yet\n2024-05-30T13:40:57.103 INFO OutputProcess::MainThread -> [GC] global: 33.9% -> 34.0%, process: RSS(41.66MiB -> 42.91MiB), VMS(928.46MiB -> 928.46MiB)\n2024-05-30T13:40:57.111 INFO InputProcess::MainThread -> [GC] global: 34.0% -> 34.0%, process: RSS(41.69MiB -> 41.69MiB), VMS(496.19MiB -> 496.19MiB)\n2024-05-30T13:40:57.546 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Created a sender: {\"name\": \"DevoSender(internal_senders,devo_sender_0)\", \"url\": \"collector-eu.devo.io:443\", \"chain_path\": \"/home/md_tausif/gitlab/devo-collector-qualys-fim/certs/chain.crt\", \"cert_path\": \"/home/md_tausif/gitlab/devo-collector-qualys-fim/certs/int-if-integrations-india.crt\", \"key_path\": \"/home/md_tausif/gitlab/devo-collector-qualys-fim/certs/int-if-integrations-india.key\", \"transport_layer_type\": \"SSL\", \"last_usage_timestamp\": null, \"socket_status\": null}, hostname: \"2023-apac-0046\", session_id: \"136120709088016\"\n2024-05-30T13:41:11.112 WARNING InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> Waiting until setup will be executed\n2024-05-30T13:41:11.240 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Token is valid. Skipping the generation of new access token \n2024-05-30T13:41:11.241 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Token is valid. Skipping the generation of new access token \n2024-05-30T13:41:11.241 INFO InputProcess::QualysFimBasePullerSetup(qualys_fim_collector,qualys_fim#123123,fim_events#predefined) -> Setup for module has been successfully executed","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful initial run has the following output messages for the puller module:","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Note that the ","type":"text"},{"text":"PrePull","type":"text","marks":[{"type":"code"}]},{"text":" action is executed only one time before the first run of the ","type":"text"},{"text":"Pull","type":"text","marks":[{"type":"code"}]},{"text":" action.","type":"text"}]}]},{"type":"codeBlock","content":[{"text":"2024-05-30T13:41:12.120 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> Pull Started\n2024-05-30T13:41:12.121 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> Fetching data From : 2024-01-06 10:00:00+00:00 To : 2024-01-08 10:00:00+00:00\n2024-05-30T13:41:57.114 INFO InputProcess::InputStatsThread -> Input metrics sent: 3\n2024-05-30T13:41:57.115 INFO InputProcess::MainThread -> [GC] global: 33.9% -> 33.9%, process: RSS(44.69MiB -> 44.69MiB), VMS(496.44MiB -> 496.44MiB)\n2024-05-30T13:41:57.115 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> Consumed messages: 37, total_bytes: 25816 (60.024367 seconds)\n2024-05-30T13:41:57.921 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Consumed messages: 37 messages (60.831169 seconds) => 0 msg/sec\n2024-05-30T13:42:57.115 INFO InputProcess::InputStatsThread -> Input metrics sent: 3\n2024-05-30T13:42:57.116 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> Consumed messages: 4, total_bytes: 3122 (60.00149 seconds)\n2024-05-30T13:42:57.117 INFO OutputProcess::MainThread -> [GC] global: 33.9% -> 33.9%, process: RSS(44.16MiB -> 44.16MiB), VMS(928.46MiB -> 928.46MiB)\n2024-05-30T13:43:57.116 INFO InputProcess::InputStatsThread -> Input metrics sent: 3\n2024-05-30T13:43:57.118 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> Consumed messages: 3, total_bytes: 2482 (60.001445 seconds)\n2024-05-30T13:43:57.137 INFO InputProcess::MainThread -> [GC] global: 34.0% -> 34.0%, process: RSS(46.19MiB -> 46.19MiB), VMS(496.44MiB -> 496.44MiB)\n2024-05-30T13:43:58.003 INFO OutputProcess::DevoSender(internal_senders,devo_sender_0) -> Consumed messages: 7 messages (120.081674 seconds) => 0 msg/sec\n2024-05-30T13:44:13.694 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> Consumed messages: 1, total_bytes: 840 (196.604585 seconds)\n2024-05-30T13:44:13.696 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> Sent 1000 fim_events events to Devo.\n2024-05-30T13:44:13.696 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1717056672114):Number of requests made: 1; Number of events received: 1000; Number of duplicated events filtered out: 0; Number of events generated and sent: 1000; Average of events per second: 5.507.","type":"text"}]},{"type":"paragraph","content":[{"text":"After a successful collector’s execution (that is, no error logs found), you will see the following log message:","type":"text"}]},{"type":"codeBlock","content":[{"text":"2024-05-30T13:44:13.696 INFO InputProcess::QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1717056672114):Number of requests made: 1; Number of events received: 24168; Number of duplicated events filtered out: 0; Number of events generated and sent: 24168; Average of events per second: 1130.494.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The value ","type":"text"},{"text":"@devo_pulling_id","type":"text","marks":[{"type":"code"}]},{"text":" is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that ","type":"text"},{"text":"Pull","type":"text","marks":[{"type":"code"}]},{"text":" action in Devo’s search window.","type":"text"}]}]}]},{"type":"expand","attrs":{"title":"Restart the persistence"},"content":[{"type":"paragraph","content":[{"text":"This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Edit the configuration file.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Change the value of the ","type":"text"},{"text":"start_time_in_utc","type":"text","marks":[{"type":"code"}]},{"text":" parameter to a different one.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Save the changes.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Restart the collector.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"Note that this action clears the persistence and cannot be recovered in any way. Resetting persistence could result in duplicate or lost events.","type":"text"}]}]}]},{"type":"expand","attrs":{"title":"Troubleshooting"},"content":[{"type":"paragraph","content":[{"text":"This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"14ec4d7b-d4ae-4c42-bac3-8b38181ca628"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[122.0]},"content":[{"type":"paragraph","content":[{"text":"Error type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"Error ID","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[210.0]},"content":[{"type":"paragraph","content":[{"text":"Error message","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Cause","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-accent-gray-subtlest, #F4F5F7)","rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Solution","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":4,"colwidth":[122.0]},"content":[{"type":"paragraph","content":[{"text":"SetupError","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"100","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[210.0]},"content":[{"type":"paragraph","content":[{"text":"Error occurred while requesting from the Qualys server. Error message: ","type":"text"},{"text":"{error_message}","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Error occurred on the qualys server","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"you’ll get error message. Kindly reach the developer with the message","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"101","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[210.0]},"content":[{"type":"paragraph","content":[{"text":"The tokens provided are incorrect. Please specify the correct credentials","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Tokens (username, password) is invalid or incorrect","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Please provide the correct tokens (username , password)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"102","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[210.0]},"content":[{"type":"paragraph","content":[{"text":"The provided tokens are valid but they do not have the permission to get data","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"No permission for provided credentials to get the data","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Please get the required permission to fetch the data from the vendor.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"103","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[210.0]},"content":[{"type":"paragraph","content":[{"text":"Unexpected HTTP error occurred at the Qualys server. {status code}","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Unexpected HTTP error","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Contact team in this case","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2,"colwidth":[122.0]},"content":[{"type":"paragraph","content":[{"text":"PullError","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"300","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[210.0]},"content":[{"type":"paragraph","content":[{"text":"HTTP Error occurred while retrieving events from Qualys ","type":"text"},{"text":"server{summary}","type":"text","marks":[{"type":"code"}]},{"text":" , ","type":"text"},{"text":"{details}","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"This error happens when the collector tries to fetch the data from API.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"In this error you will find the HTTP error code as well as the summary and details.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[112.0]},"content":[{"type":"paragraph","content":[{"text":"301","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[210.0]},"content":[{"type":"paragraph","content":[{"text":"Some error occurred while retrieving events from Qualys server. Error details: ","type":"text"},{"text":"{details}","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Some exceptions occurred while making the API request.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[143.0]},"content":[{"type":"paragraph","content":[{"text":"Reach out to the developer with the exact error message.","type":"text"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Collector operations","type":"text"}]},{"type":"paragraph","content":[{"text":"This section is intended to explain how to proceed with specific operations of this collector.","type":"text"}]},{"type":"expand","attrs":{"title":"Verify collector operations"},"content":[{"type":"heading","attrs":{"level":3},"content":[{"text":"Initialization","type":"text"}]},{"type":"paragraph","content":[{"text":"The initialization module is in charge of setup and running the input (pulling logic) and output (delivering logic) services and validating the given configuration.","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful run has the following output messages for the initializer module:","type":"text"}]},{"type":"codeBlock","content":[{"text":"2024-05-30T13:40:57.065 INFO MainProcess::MainThread -> Initialized all object from \"MainProcess\" process\n2024-05-30T13:40:57.065 INFO MainProcess::MainThread -> OutputProcess - Starting thread (executing_period=120s)\n2024-05-30T13:40:57.067 INFO MainProcess::MainThread -> InputProcess - Starting thread (executing_period=120s)\n2024-05-30T13:40:57.067 INFO OutputProcess::MainThread -> Process started\n2024-05-30T13:40:57.069 INFO MainProcess::MainThread -> Started all object from \"MainProcess\" process\n2024-05-30T13:40:57.069 INFO InputProcess::MainThread -> Process Started\n2024-05-30T13:40:57.089 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) Starting the execution of init_variables()\n2024-05-30T13:40:57.089 INFO OutputProcess::MainThread -> DevoSender(standard_senders,devo_sender_0) -> Starting thread\n2024-05-30T13:40:57.089 INFO InputProcess::MainThread -> Validating service metadata\n2024-05-30T13:40:57.089 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(standard_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T13:40:57.089 INFO OutputProcess::MainThread -> DevoSenderManager(standard_senders,manager,devo_1) -> Starting thread\n2024-05-30T13:40:57.089 INFO OutputProcess::DevoSenderManager(standard_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(standard_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSender(lookup_senders,devo_sender_0) -> Starting thread\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(lookup_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T13:40:57.090 INFO OutputProcess::OutputStandardConsumer(standard_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputStandardConsumer(standard_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManager(lookup_senders,manager,devo_1) -> Starting thread\n2024-05-30T13:40:57.090 INFO OutputProcess::OutputLookupConsumer(lookup_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputLookupConsumer(lookup_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::DevoSenderManager(lookup_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(lookup_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSender(internal_senders,devo_sender_0) -> Starting thread\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManagerMonitor(internal_senders,devo_1) -> Starting thread (every 300 seconds)\n2024-05-30T13:40:57.090 INFO OutputProcess::MainThread -> DevoSenderManager(internal_senders,manager,devo_1) -> Starting thread\n2024-05-30T13:40:57.090 INFO InputProcess::MainThread -> Validating defined module definition\n2024-05-30T13:40:57.090 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> [EMERGENCY PERSISTENCE SYSTEM] OutputInternalConsumer(internal_senders_consumer_0) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.091 INFO OutputProcess::DevoSenderManager(internal_senders,manager,devo_1) -> [EMERGENCY PERSISTENCE SYSTEM] DevoSenderManager(internal_senders,manager,devo_1) -> Nothing retrieved from the persistence.\n2024-05-30T13:40:57.092 INFO InputProcess::MainThread -> Validating common input config\n2024-05-30T13:40:57.093 INFO InputProcess::MainThread -> Validating service input config\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Running overriding rules\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Validating the rate limiter config given by the user\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> setting has not been defined. The generic settings will be used instead.\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Adding raw config to the collector store\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> Running custom validation rules\n2024-05-30T13:40:57.095 INFO InputProcess::MainThread -> QualysFimBasePuller(qualys_fim,123123,fim_events,predefined) Finalizing the execution of init_variables()","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Events delivery and Devo ingestion","type":"text"}]},{"type":"paragraph","content":[{"text":"The event delivery module is in charge of receiving the events from the internal queues where all events are injected by the pullers and delivering them using the selected compatible delivery method.","type":"text"}]},{"type":"paragraph","content":[{"text":"A successful run has the following output messages for the initializer module:","type":"text"}]},{"type":"codeBlock","content":[{"text":"2024-02-16T12:30:03.484 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_us_1) -> Number of available senders: 1, sender manager internal queue size: 0\n2024-02-16T12:30:03.485 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_us_1) -> enqueued_elapsed_times_in_seconds_stats: {}\n2024-02-16T12:30:03.485 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_us_1) -> Sender: DevoSender(lookup_senders,devo_sender_0), status: {\"internal_queue_size\": 0, \"is_connection_open\": False}\n2024-02-16T12:30:03.485 INFO OutputProcess::DevoSenderManagerMonitor(lookup_senders,devo_us_1) -> Lookup - Total number of messages sent: 0, messages sent since \"2024-02-16 06:55:03.484110+00:00\": 0 (elapsed 0.000 seconds)\n2024-02-16T12:30:03.535 INFO InputProcess::InputStatsThread -> Input metrics sent: 3\n2024-02-16T12:30:03.536 INFO OutputProcess::OutputInternalConsumer(internal_senders_consumer_0) -> Consumed messages: 9, total_bytes: 6919 (60.001823 seconds)","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"By default, these information traces will be displayed every 10 minutes.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Sender services","type":"text"}]},{"type":"paragraph","content":[{"text":"The Integrations Factory Collector SDK has 3 different senders services depending on the event type to delivery (","type":"text"},{"text":"internal","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"standard","type":"text","marks":[{"type":"code"}]},{"text":", and ","type":"text"},{"text":"lookup","type":"text","marks":[{"type":"code"}]},{"text":"). This collector uses the following Sender Services:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"6bd704ef-0e1e-4407-992c-002264d15132"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[240.0]},"content":[{"type":"paragraph","content":[{"text":"Sender services","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[240.0]},"content":[{"type":"paragraph","content":[{"text":"internal_senders","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"In charge of delivering internal metrics to Devo such as logging traces or metrics.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[240.0]},"content":[{"type":"paragraph","content":[{"text":"standard_senders","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[490.0]},"content":[{"type":"paragraph","content":[{"text":"In charge of delivering pulled events to Devo.","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Sender statistics","type":"text"}]},{"type":"paragraph","content":[{"text":"Each service displays its own performance statistics that allow checking how many events have been delivered to Devo by type:","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"b4ce6589-85aa-4583-b31b-545216de40ff"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Logging trace","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Number of available senders: 1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Displays the number of concurrent senders available for the given Sender Service.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"sender manager internal queue size: 0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Displays the items available in the internal sender queue.","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"This value helps detect bottlenecks and needs to increase the performance of data delivery to Devo. This last can be made by increasing the concurrent senders.","type":"text"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Total number of messages sent: 44, messages sent since \"2024-05-28 06:55:03.484110+00:00\": 0 (elapsed 0.000 seconds)","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[365.0]},"content":[{"type":"paragraph","content":[{"text":"Displays the number of events from the last time and following the given example, the following conclusions can be obtained:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"44 events were sent to Devo since the collector started.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The last checkpoint timestamp was ","type":"text"},{"text":"2024-02-16 06:55:03.484110+00:00","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"21 events where sent to Devo between the last UTC checkpoint and now.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Those 21 events required ","type":"text"},{"text":"0.000 seconds","type":"text","marks":[{"type":"code"}]},{"text":" to be delivered.","type":"text"}]}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"By default these traces will be shown every 10 minutes.","type":"text"}]}]}]}]}]}]},{"type":"expand","attrs":{"title":"Check memory usage"},"content":[{"type":"paragraph","content":[{"text":"To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The global pressure of the available memory is displayed in the ","type":"text"},{"text":"global","type":"text","marks":[{"type":"code"}]},{"text":" value.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"All metrics (Global, RSS, VMS) include the value before freeing and after ","type":"text"},{"text":"previous -> after freeing memory","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"codeBlock","content":[{"text":"2024-05-30T17:18:27.087 INFO OutputProcess::MainThread -> [GC] global: 32.7% -> 32.7%, process: RSS(44.05MiB -> 44.05MiB), VMS(928.46MiB -> 928.46MiB)\n2024-05-30T17:23:27.140 INFO InputProcess::MainThread -> [GC] global: 32.1% -> 32.1%, process: RSS(46.57MiB -> 46.57MiB), VMS(784.46MiB -> 784.46MiB)","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Differences between ","type":"text"},{"text":"RSS","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"VMS","type":"text","marks":[{"type":"code"}]},{"text":" memory usage:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"RSS","type":"text","marks":[{"type":"code"}]},{"text":" is the Resident Set Size, which is the actual physical memory the process is using","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"VMS","type":"text","marks":[{"type":"code"}]},{"text":" is the Virtual Memory Size which is the virtual memory that process is using","type":"text"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Change log","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":760.0,"localId":"ffe42a46-4f35-4aec-b7a9-e5bb47d1fad6"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[96.0]},"content":[{"type":"paragraph","content":[{"text":"Release","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[129.0]},"content":[{"type":"paragraph","content":[{"text":"Released on","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[124.0]},"content":[{"type":"paragraph","content":[{"text":"Release type","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[190.0]},"content":[{"type":"paragraph","content":[{"text":"Details","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"background":"var(--ds-background-neutral, #F4F5F7)","rowspan":1,"colwidth":[136.0]},"content":[{"type":"paragraph","content":[{"text":"Recommendations","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[96.0]},"content":[{"type":"paragraph","content":[{"text":"v1.0.1","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[129.0]},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1717027200000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[124.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"red","style":"bold","text":"BUG FIX","localId":"30583729-3c62-4594-9172-7040c6cf57af"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[190.0]},"content":[{"type":"paragraph","content":[{"text":"Token expiration issue","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[136.0]},"content":[{"type":"paragraph","content":[{"text":"Recommended version","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[96.0]},"content":[{"type":"paragraph","content":[{"text":"v1.0.0","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[129.0]},"content":[{"type":"paragraph","content":[{"type":"date","attrs":{"timestamp":"1716854400000"}}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[124.0]},"content":[{"type":"paragraph","content":[{"type":"status","attrs":{"color":"purple","style":"bold","text":"FIRST RELEASE","localId":"8dc1fa44-f190-4110-895d-f8e3809bcc4c"}},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[190.0]},"content":[{"type":"paragraph","content":[{"text":"Released the first version of the Qualys FIM collector.","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[136.0]},"content":[{"type":"paragraph","content":[{"text":"Initial version","type":"text","marks":[{"type":"code"}]}]}]}]}]}],"version":1}

Browser not supported