Initialize the Qualys FIM Beat
Prerequisites
- The Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
- An API Token is generated to provide the configuration keys.
- The required keys API base URL, Username, and Password should be passed while configuring the Qualys FIM Beat.
The following port is open:
Direction
Port
Protocol
Source
Outbound 443 HTTPS qualysfimbeat
Initialize the Beat
Confirm the Open Collector is running:
CODE./lrctl status
You should see the open_collector and metrics as shown in the following graphic:
If the Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.In the Open Collector, run the following command to start the beat:
CODE./lrctl qualysfimbeat start
Enter the following details:
- A unique identifier for the Qualys FIM beat
The API base URL for the Qualys FIM beat.
For more information on the API base URL, see Identify your Qualys Platform.
The Qualys login link must be mapped with the API base URL. This will be used to make API calls to the Qualys FIM.
For example, in the Identify your Qualys Platform topic, if the Platform URL under Your Platform is "https://qualysguard.qg2.apps.qualys.com", the Platform will be US2. The API base URL for the Qualys FIM beat will be the API Gateway URL mentioned under API URLs against the Platform. Therefore, the API base URL in this case will be "https://gateway.qg2.apps.qualys.com".
The username for the Qualys FIM beat.
This is the login username used to access the Qualys Portal.
The password for the Qualys FIM beat.
This is the login password used to access the Qualys Portal.
- A unique identifier for the Qualys FIM beat
(Optional) To check the status of the service, run the following command:
CODE./lrctl qualysfimbeat status
Default Config Values for Qualys FIM Beat
S. No. | Field Name | Default Value |
---|---|---|
1. | period | 120s |
2. | HeartbeatInterval | 1m0s |
3. | HeartbeatDisabled | false |
4. | username | User Provided |
5. | password | User Provided |
6. | url | User Provided |
7. | numberofbackdays | 7 |
Troubleshooting tips
If you experience data loss while the beat is running, increase the period value in the configuration file. By default, the beat is configured to poll 2000 logs/request during a period of 120 seconds. The number of logs to pull during the period can also be increased in the configuration file.