Qualys TA in distributed deployment questions

Hi Guys, I've got a few questions regarding issues I'm having with this TA. 1) I've set this TA up in my clustered environment and have host_detection working fine on our heavy forwarder, however, knowledge_base is not working on our search heads. It downloaded it the first time I set the TA up and has never updated it since even though it's set for every day (86400 seconds). My inputs.conf looks like this *[qualys://knowledge_base] duration = 86400 index = aam_prod_app_qualys start_date = 1999-01-01T00:00:00Z disabled = 0* When I try manually running the knowledge base with /opt/splunk/bin/splunk cmd python run.py -k my output is as follows: > QG Username: ********> QG Password:> TA-QualysCloudPlatform: 2017-09-21T09:20:44Z PID=38953> [MainThread] INFO:> TA-QualysCloudPlatform - Using proxy>_internal proxy> handler]]>> TA-QualysCloudPlatform: 2017-09-21T09:20:44Z PID=38953> [MainThread] INFO:> TA-QualysCloudPlatform - Making> request:> https://qualysapi.qualys.com/msp/about.php> with params={}>_internal making> https://qualysapi.qualys.com/msp/about.php> request with> params={}]]>>_internal Error, but we're using stored creds,> so we will sleep for 300 seconds and> try again, as this is a temporary> condition. Retry Count:> 1]]>> TA-QualysCloudPlatform: 2017-09-21T09:20:45Z PID=38953> [MainThread] ERROR:> TA-QualysCloudPlatform -> Authentication Error, but we're using> stored creds, so we will sleep for 300> seconds and try again, as this is a> temporary condition. Retry Count: 1> Traceback (most recent call last):> File "/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualysModule/lib/api/Client.py",> line 246, in get> request = urllib2.urlopen(req, timeout=300) # timeout set to bail in> case of timeouts> File "/opt/splunk/lib/python2.7/urllib2.py",> line 154, in urlopen> return opener.open(url, data, timeout)> File "/opt/splunk/lib/python2.7/urllib2.py",> line 435, in open> response = meth(req, response)> File "/opt/splunk/lib/python2.7/urllib2.py",> line 548, in http_response> 'http', request, response, code, msg, hdrs)> File "/opt/splunk/lib/python2.7/urllib2.py",> line 473, in error> return self._call_chain(*args)> File "/opt/splunk/lib/python2.7/urllib2.py",> line 407, in _call_chain> result = func(*args)> File "/opt/splunk/lib/python2.7/urllib2.py",> line 556, in http_error_default> raise HTTPError(req.get_full_url(), code,> msg, hdrs, fp)> HTTPError: HTTP Error 401: Unauthorized> ^CTraceback (most recent call last):> File "run.py", line 150, in > qapi.client.validate()> File "/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualysModule/lib/api/Client.py",> line 199, in validate> response = self.get("/msp/about.php", {},> SimpleAPIResponse())> File "/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualysModule/lib/api/Client.py",> line 268, in get> time.sleep(300) # Sleep for 5 minutes> KeyboardInterrupt Any idea's on how to sort this? :'( 2) This problem is not as big or urgent - does anyone know what parameters to change to extract the full knowledgebase information? I've read that there is a parameter called "details" that is set by default to "basic", does anyone know which script this parameter is in to change to "all"? Is it as simple as just changing it in the code or do I need to do something else? Our aim is to bring down a list of solutions with the QID's in the knowledge base because as far as I'm aware this is something Qualys also stores but doesn't give with the knowledge base by default. Sorry for such a huge question but any advice would be appreciated. Cheers!