1. home icon for breadcrumbs >
  2. On Demand Scan

On Demand Scan

You can run an On Demand Scan to instruct the agent to immediately scan as long as the agent is not already scanning. The On Demand Scan runs independently of the interval scan that you configure in the Configuration Profile and will reset the scan interval on the local agent after a successful scan.

Prerequisite: The agent must be activated for the specific Qualys application for which you are running the On Demand Scan. When activated, the Agent downloads manifest for that application from the Qualys platform; if the manifest is not present, On Demand Scan will not execute.

Use the cloudagentctl.sh script to run the On Demand Scan. You can find this script at /usr/local/qualys/cloud-agent/bin/.

Run the following command on GCP Container Optimized OS:

kubectl -n qualys-agent  exec -it <qualys_cloud_platform_url> -- bash /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand type=pc cputhrottle={0-1000}

Where action and type are mandatory parameters.

action is “demand” meaning an On Demand Scan.

type is the application for which you want to run the scan (the agent must be activated for the respective application).

cputhrottle is 1-1000. The default value is 0, which means no throttling.

For example, use the following command to initiate an On Demand Scan for the Vulnerability Management application (VM) with no throttling:

kubectl -n qualys-agent  exec -it <qualys_cloud_platform_url> -- bash /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand type=vm cputhrottle=0

The script calls the agent to run asynchronously in the background and returns to the shell prompt. The script prints a Control ID that you can track in the log file. The Control ID is the times-tamp of the script initiation, for example, On-Demand-Request ControlId: 20240227165136.0

The On Demand Scan logs are saved to the same log file as for the interval scan at crictl exec -it <CONTAINER-id>/bin/bash. You can find the logging for the scan initiation and completion in the log file.

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemandRequest Params: ControlID=20200427151136.0, Action=OnDemand, Type=VM, CPUThrottle=0"

If the agent is currently performing an interval scan for the same application, the On Demand Scan waits for the ongoing scan to finish. The script will print a log line with this status.

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:Interval Event of same type is in progress with state INTERVAL_EVENT_SCAN

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemand request for Control ID : 20200427151136.0 will be delayed.

If the script encounters an error due to the manifest file not being present, check whether the Cloud Agent is activated for that particular application. If agent is activated but you still get manifest related errors while launching the On Demand Scan, the agent may not have downloaded the manifest for that application. You can manually force a manifest download by deactivating and then reactivating the agent for that application from the Cloud Agent UI. If that does not correct the issue, contact Qualys Support.

Once an On Demand Scan is completed, the results are logged in the log file located at:
crictl exec -it <CONTAINER-id>/bin/bash

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.