1. home icon for breadcrumbs >
  2. Introduction to CAPS

Introduction

With the Cloud Agent as Passive Sensor (CAPS) feature, the Qualys Cloud Agent can detect the asset in the respective agent subnet passively without any active probing.

The Cloud Agent listens to broadcasts and multicast traffic to build the asset inventory and collect the fingerprints of the operating systems and device information of the assets. CAPS currently supports analysis of the following protocols: DHCP, ARP, NetBIOS, SSDP, mDNS, WSD, UPNP, CDP, and LLDP.

The asset metadata is sent to the Qualys Cloud Platform for analysis, with which you can classify the unmanaged assets by operating system and hardware. CAPS considers split tunneled assets as off-premises and, therefore, will be in an inactive state.

This provides real-time visibility to all managed and unmanaged across your global, hybrid IT environment.

The CAPS module applies only to the Windows platform and is available as part of the CSAM application. The assets discovered by CAPS are displayed in CSAM. For details, see Assets Discovered by CAPS in CyberSecurity Asset Management.

You must perform CAPS configuration before activating the CAPS module for an agent host.

 When multiple Cloud Agents within the same subnet are configured to act as passive sensors, one of them is elected as leader. The assets discovered by the CAPS leader are displayed in CSAM in inventory.

The CAPS Leader tag is added to the leader cloud agent. The standby ensures continuity in case the Leader leaves the network.

The leader CAPS-enabled agent:

  • Passively monitors network traffic
  • Sends the asset metadata to Qualys Platform

The Standby CAPS-enabled agent:

  • Passively monitors network traffic
  • Does not send data to Qualys Platform

 This feature will be available only when the Windows agent binary with CAPS support is available. For supported agent versions, refer to the Features by Agent Version section in the Cloud Agent Platform Availability Matrix.

Prerequisites

For the CAPS feature, the Cloud Agent must connect to the corresponding Qualys Content Delivery Network (CDN) URLs directly or using the proxy.

For the list of Cloud Agent Server and CDN URLs, refer to https://www.qualys.com/platform-identification/.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.