On Demand Scan

You can run an On-Demand Scan to instruct the agent to immediately launch the scan if it's not already scanning. The On Demand Scan runs independently of the interval scan that you may have configured in the Configuration Profile. After successful completion it reset the scan interval for the associated Cloud Agent.

Prerequisite

The agent must be activated for that specific Qualys application for which you want to run the On Demand Scan. If the manifest is not available for the application you want to launch the scan, Cloud Agent downloads it from the Qualys Cloud Platform to launch the On Demand Scan.

Use the cloudagentctl.sh script to run the On Demand Scan. This script is available at /usr/local/qualys/cloud-agent/bin/. Run the following command in command prompt to launch the On Demand Scan.

># ./cloudagentctl.sh action={demand} type={vm|pc|inv|udc|sca|vmpc} cputhrottle={0-1000}

Where action and type are mandatory parameters.

Set the action parameter value to demand to specify scan type as On-Demand Scan.

Set type parameter value to specify the application for which you want to run the On Demand Scan. The agent must be activated for the respective application for which you want to run the On Demand Scan.

"vmpc" is a legacy application manifest and most likely may not be present.

The cputhrottle range is 1-1000. The default is 0, which means no throttling.

Example: Sample command to run an On Demand Scan for the Vulnerability Management application (VM) with no throttling:

># ./cloudagentctl.sh action=demand type=vm

The script calls the agent to run asynchronously in the background and returns to the shell prompt. The script prints a ControlId that you can track in the log file. The ControlId is the time stamp of the script initiation. For example,  On-Demand-Request ControlId: 20200427151136.0

The On Demand Scan logs to the same file as the Cloud Agent log files available at /var/log/qualys/qualys-cloud-agent.log. You can find the logs for the scan initiation and completion in the log file.

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemandRequest Params: ControlID=20200427151136.0, Action=OnDemand, Type=VM, CPUThrottle=0"

If the agent is currently performing an interval scan for the same application, the On Demand Scan is delayed until the ongoing scan is complete. The script prints a log line with this status, as shown in the following log sample.

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:Interval Event of same type is in progress with state INTERVAL_EVENT_SCAN

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemand request for Control ID : 20200427151136.0 will be delayed.

If the script encounters an error due to the manifest file not being present, check if the Cloud Agent is activated for that application. When the Cloud Agent is activated for that application, and you still get this error,  the manifest file may not be downloaded. You can manually download the manifest file by first deactivating and then reactivating the Cloud Agent for that application. If it does not resolve the issue, contact Qualys Support.

Once an On Demand Scan is complete, the results are logged in the log file located at /var/log/qualys/qualys-cloud-agent.log.