[Qualys GAV] - Added support for exclude & include fields in the query params

packages/qualys_gav/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "0.5.0"
+  changes:
+    - description: Added support for excluding and including fields in the asset object in the response.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/15980
 - version: "0.4.1"
   changes:
     - description: Refactor date processing for asset inventory list to use foreach processor.

packages/qualys_gav/data_stream/asset/_dev/test/system/test-exclude-include-fields-config.yml

@@ -0,0 +1,15 @@
+input: cel
+service: qualys_gav
+vars:
+  url: http://{{Hostname}}:{{Port}}
+  username: xxxx
+  password: xxxx
+data_stream:
+  vars:
+    preserve_original_event: true
+    preserve_duplicate_custom_fields: true
+    batch_size: 0
+    exclude_fields: field1,field2,field3
+    include_fields: field4,field5,field6
+assert:
+  hit_count: 2

packages/qualys_gav/data_stream/asset/agent/stream/cel.yml.hbs

@@ -23,6 +23,8 @@ state:
   username: {{username}}
   password: {{password}}
   asset_id: 0
+  exclude_fields: {{exclude_fields}}
+  include_fields: {{include_fields}}
 redact:
   fields:
     - password
@@ -67,7 +69,9 @@ program: |
           "POST",
           base_url + "/rest/2.0/search/am/asset?" + {
             "pageSize": [string(state.batch_size)],
-            "lastSeenAssetId": [string(int(state.asset_id))]
+            "lastSeenAssetId": [string(int(state.asset_id))],
+            ?"exclude_fields": (state.?exclude_fields.orValue("") != "") ? optional.of([string(state.exclude_fields)]) : optional.none(),
+            ?"include_fields": (state.?include_fields.orValue("") != "") ? optional.of([string(state.include_fields)]) : optional.none(),
           }.format_query()
         ).with({
           "Header":{

packages/qualys_gav/data_stream/asset/manifest.yml

@@ -23,6 +23,20 @@ streams:
         required: true
         show_user: false
         default: 100
+      - name: exclude_fields
+        type: text
+        title: Exclude Fields
+        description: Comma separated list of fields to exclude from the asset object in the response.
+        multi: false
+        required: false
+        show_user: false
+      - name: include_fields
+        type: text
+        title: Include Fields
+        description: Comma separated list of fields to be included in the asset object in the response.
+        multi: false
+        required: false
+        show_user: false
       - name: max_executions
         type: integer
         title: Maximum Pages Per Interval

packages/qualys_gav/manifest.yml

@@ -1,7 +1,7 @@
 format_version: 3.3.2
 name: qualys_gav
 title: Qualys Global AssetView
-version: 0.4.1
+version: 0.5.0
 description: Collect logs from Qualys Global AssetView with Elastic Agent.
 type: integration
 categories: