1. home icon for breadcrumbs >
  2. Introduction to CAPS

Introduction

With the Cloud Agent as Passive Sensor (CAPS) feature, the Qualys Cloud Agent can collect the data in the subnet passively without any active probing of the device that it is monitoring. The Cloud Agent can monitor all network traffic and flag any asset activity. You can add one or more domains to detect whether the asset is on or off-premises.

The Cloud Agent listens to broadcasts and multicasts traffic for building the asset inventory and fingerprinting the operating systems and the device information of the assets. CAPS currently supports analysis of the following protocols —DHCP, ARP, NetBIOS, SSDP, mDNS.

The asset metadata is sent to the Qualys Cloud Platform for analysis, with which you can classify the unmanaged assets by operating system and hardware. CAPS considers split tunneled assets as off-premises and, therefore, will be in an inactive state.

This provides real-time visibility to all managed and unmanaged across your global, hybrid IT environment.

The CAPS module applies only to the Windows platform and is available as part of the CSAM application. The assets discovered by CAPS are displayed in CSAM. For details, see Assets Discovered by CAPS in CyberSecurity Asset Management.

You must perform CAPS configuration before activating the CAPS module for an agent host.

 When multiple Cloud Agents within the same subnet are configured to act as passive sensors, one of them is elected as leader. The assets discovered by the CAPS leader are displayed in CSAM in inventory.

The CAPS Leader tag is added to the leader cloud agent. The standby ensures continuity in case the Leader leaves the network.

The leader CAPS-enabled agent:

  • Passively senses network traffic
  • Sends the asset metadata to Qualys Platform

The Standby CAPS-enabled agent:

  • Does not sense network traffic passively
  • Does not send data to Qualys Platform

 This feature will be available only when the Windows agent binary with CAPS support is available. For supported agent versions, refer to the Features by Agent Version section in the Cloud Agent Platform Availability Matrix.

Prerequisites

For the CAPS feature, the Cloud Agent must connect to the corresponding Qualys Content Delivery Network (CDN) URLs directly or using the proxy.

For the list of Cloud Agent Server and CDN URLs, refer to https://www.qualys.com/platform-identification/.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.