Skip to content

[qualys_gav] Fix rate limit headers missing error #16810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
brijesh-elastic wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[qualys_gav] Fix rate limit headers missing error #16810

brijesh-elastic wants to merge 3 commits into from
+24 −59

Conversation

@brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Jan 6, 2026

Proposed commit message

qualys_gav: fix rate limit headers missing error

This removes the rate limit calculations for the `/auth` API call, because we don't receive
the necessary headers from it. It is also mentioned in the [documentation](1) that
rate limits do not apply to the "auth" API (JWT Token Generation API).

[1] https://docs.qualys.com/en/csam/api/get_started/api_rate_limits.htm

Note

After resolving the rate limit missing rate error, I was unable to collect all events from qualys_gav. It only ingested events for 2 intervals. After investigation, it appears that rate was set too low or more throttled than what the server's rate limit headers indicate. (See issue.)

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/qualys_gav directory.
  • Run the following command to run tests.

elastic-package test

Related issues

@brijesh-elastic brijesh-elastic self-assigned this Jan 6, 2026
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner January 6, 2026 05:59
@brijesh-elastic brijesh-elastic added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:qualys_gav Qualys Global AssetView Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jan 6, 2026
@elasticmachine
Copy link

elasticmachine commented Jan 6, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jan 6, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

ShourieG
ShourieG reviewed Jan 8, 2026
View reviewed changes
ShourieG
ShourieG approved these changes Jan 8, 2026
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nit.

@brijesh-elastic @ShourieG
Update changelog description
aa0c325 
Co-authored-by: Shourie Ganguly <[email protected]>
@elasticmachine
Copy link

elasticmachine commented Jan 8, 2026

💚 Build Succeeded

History

cc @brijesh-elastic

@clement-fouque
Copy link
Contributor

clement-fouque commented Jan 8, 2026

I tested version ⁠0.7.1 but still couldn’t complete a full ingest. The process halted after just four iterations, with a delay of seven seconds between the first two and the last two.

I tested with a batch of 100.
image

@brijesh-elastic
Copy link
Collaborator Author

brijesh-elastic commented Jan 9, 2026

Hi @clement-fouque ,

This PR will fix the error you're getting about rate limit missing rate.

I tested version ⁠0.7.1 but still couldn’t complete a full ingest. The process halted after just four iterations, with a delay of seven seconds between the first two and the last two.

During testing, I also came across the issue that the full batch of ingestion never completes. There seems to be an issue with rate calculation. The current behavior of API calls is more throttled than what the server's rate limit headers seem to indicate. Simply put, it seems like due to wrong rate calculation, the qualys API calling rate is 60 times lower than what it should be. We're looking into it in this issue.

@clement-fouque
Copy link
Contributor

clement-fouque commented Jan 9, 2026

When can we expect a resolution? The current version has issues, so I’m considering whether reverting the entire rate-limiting functionality would be the best approach to allow us to address the problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShourieG ShourieG ShourieG approved these changes

Assignees

@brijesh-elastic brijesh-elastic

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:qualys_gav Qualys Global AssetView Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@brijesh-elastic @elasticmachine @clement-fouque @ShourieG