Skip to main content
Skip table of contents

Initialize the Qualys FIM Beat

Prerequisites

  • The Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
  • An API Token is generated to provide the configuration keys.
  • The required keys API base URL, Username, and Password should be passed while configuring the Qualys FIM Beat.

  • The following port is open:

    Direction

    Port

    Protocol

    Source

    Outbound443HTTPSqualysfimbeat

Initialize the Beat

  1. Confirm the Open Collector is running:

    CODE 
    ./lrctl status

    You should see the open_collector and metrics as shown in the following graphic:

    If the Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

  2. In the Open Collector, run the following command to start the beat:

    CODE 
    ./lrctl qualysfimbeat start

  3. Enter the following details:

    1. A unique identifier for the Qualys FIM beat

    2. The API base URL for the Qualys FIM beat. 

      For more information on the API base URL, see Identify your Qualys Platform.

      The Qualys login link must be mapped with the API base URL. This will be used to make API calls to the Qualys FIM.

      For example, in the Identify your Qualys Platform topic, if the Platform URL under Your Platform is "https://qualysguard.qg2.apps.qualys.com", the Platform will be US2. The API base URL for the Qualys FIM beat will be the API Gateway URL mentioned under API URLs against the Platform. Therefore, the API base URL in this case will be "https://gateway.qg2.apps.qualys.com".


    3. The username for the Qualys FIM beat.

      This is the login username used to access the Qualys Portal.


    4. The password for the Qualys FIM beat.

      This is the login password used to access the Qualys Portal.


    The configuration has been saved and the service has been started successfully.

  4. (Optional) To check the status of the service, run the following command:

    CODE 
    ./lrctl qualysfimbeat status

Default Config Values for Qualys FIM Beat

S. No.Field NameDefault Value
1.period120s
2.HeartbeatInterval1m0s 
3.HeartbeatDisabledfalse
4.usernameUser Provided

5.

passwordUser Provided
6.url

User Provided

7.numberofbackdays  7


Troubleshooting tips

If you experience data loss while the beat is running, increase the period value in the configuration file. By default, the beat is configured to poll 2000 logs/request during a period of 120 seconds. The number of logs to pull during the period can also be increased in the configuration file.

Content Formatting Macros for Confluence cannot be exported to this format.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close