Skip to content

[qualys_gav]: Add excludeFields and includeFields in the configuration #15159

New issue
New issue
Open
Enhancement
#15980
Open
[qualys_gav]: Add excludeFields and includeFields in the configuration#15159
Enhancement
#15980
Assignees
ShourieG
Labels
Integration:qualys_gavQualys Global AssetViewTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]needs:triage
@clement-fouque

Description

@clement-fouque
clement-fouque
opened on Sep 4, 2025

Integration Name

Qualys Global AssetView [qualys_gav]

Dataset Name

qualys_gav.asset

Integration Version

0.1.0

Agent Version

9.1.0

OS Version and Architecture

elastic-package

User Goal

The API allows to include and exclude fields. I would like to have those configurable in the integration.
API doc: https://docs.qualys.com/en/csam/api/asset_host_data/get_host_details_of_all_assets.htm
Fields values: https://docs.qualys.com/en/csam/api/get_started/introduction_to_gav_csam_api_paradigm.htm#limit_your_results
Image

Some fields are very verbose. Without any filtering, one asset has 25K lines. I believe it slows down the Qualys API request and the ingestion in elastic.

Image

Existing Features

No possibility to directly filter. We can do it through a custom ingest pipeline as a workaround.

What did you see?

All fields are successfully ingested

Anything else?

No response

Metadata

Metadata

Assignees

Labels

Integration:qualys_gavQualys Global AssetViewTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]needs:triage

Type

Enhancement

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions