Skip to content

[qualys_gav] Fix rate limit headers missing error#16810

Merged
brijesh-elastic merged 5 commits intoelastic:mainfrom
brijesh-elastic:qualys_gav-0.7.1
Feb 4, 2026
Merged

[qualys_gav] Fix rate limit headers missing error#16810
brijesh-elastic merged 5 commits intoelastic:mainfrom
brijesh-elastic:qualys_gav-0.7.1

Conversation

@brijesh-elastic
Copy link
Collaborator

@brijesh-elastic brijesh-elastic commented Jan 6, 2026
edited
Loading

Proposed commit message

qualys_gav: fix rate limit headers missing error

This removes the rate limit calculations for the `/auth` API call, because we don't receive
the necessary headers from it. It is also mentioned in the [documentation](1) that
rate limits do not apply to the "auth" API (JWT Token Generation API).

This PR updates the Kibana constraint to ^8.19.11 || ^9.2.5 to resolve the rate calculation issue.

[1] https://docs.qualys.com/en/csam/api/get_started/api_rate_limits.htm

Note

After resolving the rate limit missing rate error, I was unable to collect all events from qualys_gav. It only ingested events for 2 intervals. After investigation, it appears that rate was set too low or more throttled than what the server's rate limit headers indicate. (See issue.) This is resolved in PR #119. The fix is included in ^8.19.11 || ^9.2.5.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/qualys_gav directory.
  • Run the following command to run tests.

elastic-package test

Related issues

@brijesh-elastic brijesh-elastic self-assigned this Jan 6, 2026
@brijesh-elastic brijesh-elastic requested a review from a team as a code owner January 6, 2026 05:59
@brijesh-elastic brijesh-elastic added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:qualys_gav Qualys Global AssetView Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Jan 6, 2026
@elasticmachine
Copy link

elasticmachine commented Jan 6, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Jan 6, 2026
edited
Loading

🚀 Benchmarks report

Package qualys_gav 👍(0) 💚(0) 💔(1)

Expand to view
Data stream Previous EPS New EPS Diff (%) Result
asset 642.67 441.31 -201.36 (-31.33%) 💔

To see the full report comment with /test benchmark fullreport

ShourieG
ShourieG reviewed Jan 8, 2026
View reviewed changes
ShourieG
ShourieG approved these changes Jan 8, 2026
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, nit.

@brijesh-elastic @ShourieG
Update changelog description
aa0c325 
Co-authored-by: Shourie Ganguly <shourie.ganguly@elastic.co>
@clement-fouque
Copy link
Contributor

clement-fouque commented Jan 8, 2026

I tested version ⁠0.7.1 but still couldn’t complete a full ingest. The process halted after just four iterations, with a delay of seven seconds between the first two and the last two.

I tested with a batch of 100.
image

@brijesh-elastic
Copy link
Collaborator Author

brijesh-elastic commented Jan 9, 2026

Hi @clement-fouque ,

This PR will fix the error you're getting about rate limit missing rate.

I tested version ⁠0.7.1 but still couldn’t complete a full ingest. The process halted after just four iterations, with a delay of seven seconds between the first two and the last two.

During testing, I also came across the issue that the full batch of ingestion never completes. There seems to be an issue with rate calculation. The current behavior of API calls is more throttled than what the server's rate limit headers seem to indicate. Simply put, it seems like due to wrong rate calculation, the qualys API calling rate is 60 times lower than what it should be. We're looking into it in this issue.

@clement-fouque
Copy link
Contributor

clement-fouque commented Jan 9, 2026

When can we expect a resolution? The current version has issues, so I’m considering whether reverting the entire rate-limiting functionality would be the best approach to allow us to address the problem.

@brijesh-elastic
Copy link
Collaborator Author

brijesh-elastic commented Jan 22, 2026

The mito PR fix has been merged. It will be included in the next stack release.

@brijesh-elastic
Copy link
Collaborator Author

brijesh-elastic commented Jan 22, 2026

@ShourieG, I'm putting the PR into draft for now. Once the next stack is released, I'll update the PR with that constraint and we can merge it afterwards.

@brijesh-elastic brijesh-elastic marked this pull request as draft January 22, 2026 06:35
@efd6
Copy link
Contributor

efd6 commented Jan 25, 2026

The mito fix has been merged, but it is not yet available in the input. This is done in elastic/beats#48500 for 8.19, elastic/beats#48526 for 9.2, and elastic/beats#48527 for 9.3 (elastic/beats#48499 for main) and will be available when the respective releases are made public.

@brijesh-elastic brijesh-elastic marked this pull request as ready for review February 4, 2026 07:00
@elasticmachine
Copy link

elasticmachine commented Feb 4, 2026

💚 Build Succeeded

History

cc @brijesh-elastic

ShourieG
ShourieG approved these changes Feb 4, 2026
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@brijesh-elastic brijesh-elastic merged commit 198ae07 into elastic:main Feb 4, 2026
9 checks passed
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Feb 4, 2026

Package qualys_gav - 0.7.1 containing this change is available at https://epr.elastic.co/package/qualys_gav/0.7.1/

jakubgalecki0 pushed a commit to jakubgalecki0/integrations that referenced this pull request Feb 19, 2026
@brijesh-elastic @jakubgalecki0
qualys_gav: fix rate limit headers missing error (elastic#16810)
756271c 
This removes the rate limit calculations for the `/auth` API call, because we don't receive
the necessary headers from it. It is also mentioned in the [documentation](1) that
rate limits do not apply to the "auth" API (JWT Token Generation API).

This PR updates the Kibana constraint to ^8.19.11 || ^9.2.5 to resolve the rate calculation issue.

[1] https://docs.qualys.com/en/csam/api/get_started/api_rate_limits.htm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ShourieG ShourieG ShourieG approved these changes

Assignees

@brijesh-elastic brijesh-elastic

Labels

bugfix Pull request that fixes a bug issue documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. Integration:qualys_gav Qualys Global AssetView Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[qualys_gav]: rate limit missing rate

5 participants

@brijesh-elastic @elasticmachine @clement-fouque @efd6 @ShourieG

Comments