Continuous Scanning in Cloud Agent

The first assessment scan takes some time to complete, but the subsequent scans are completed as soon as new host metadata is uploaded to Qualys Cloud Platform.

How it works The agent sends up an upload of the baseline snapshot to the cloud agent platform for assessment. For the initial upload the agent collects comprehensive metadata about the target host (a few megabytes) and sends a baseline snapshot to the cloud for assessment. The status Scan Complete is reported upon success. This first scan typically takes 30 minutes to 2 hours using the default configuration - after that scans run instantly on the delta uploads (a few kilobytes each).

The asset data the agent collects includes many things for the baseline snapshot like network posture, OS, open ports, installed software, registry info, what patches are installed, environment variables, and metadata associated with files. The agent stores a snapshot on the agent host to quickly determine deltas to host metadata it collects.

What signatures are tested? Agent-based scanning uses the same signatures (vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. If you’ve activated your agents for VM, it tests for vulnerability signatures. If you’ve activated your agents for PC it checks for compliance datapoints.