Cloud Agent Installation Requirements

For the successful installation and optimal operation of Cloud Agent, your host asset must fulfill the following requirements.

• Your hosts must be able to reach Qualys Cloud Platform or the Qualys Private Cloud Platform over HTTPS port 443. Login to the Qualys Cloud Platform and go to Help > About to see the URL your hosts need to access.
• The Cloud Agent host must support proxy configuration. To learn more about proxy configuration, refer to the Cloud Agent Proxy Configuration.

Privileges Requirement 

Qualys Cloud Agents are installed as unprivileged containers in AWS Bottlerocket. However, Cloud Agent for AWS Bottlerocket needs special privileges to collect the scan data.

Qualys has provided these special privileges to all Cloud Agents using SELinux super_t label. The super_t label allows Cloud Agents to collect asset data by mounting critical resources from the asset into the Qualys Cloud Agent container. Also, SYS_PTRACE and NET_ADMIN system capabilities are added to collect process and network-specific information from the asset.