1. home icon for breadcrumbs >
  2. On Demand Scan

On Demand Scan

You can run an On Demand Scan to instruct the agent to immediately scan as long as the agent is not already scanning. The On Demand Scan runs independently of the interval scan that you configure in the Configuration Profile and will reset the scan interval on the local agent after a successful scan.

Prerequisite: The agent must be activated for that specific Qualys application for which you are running the On Demand Scan. When activated, the Agent downloads manifests for that application from the Qualys platform; if the manifest is not present for that type, On Demand Scan will not execute.

Use the cloudagentctl.sh script to run the OnDemand Scan. You’ll find this script at /usr/local/qualys/cloud-agent/bin/. Run following command on Master node:

># oc -n qualys-agent exec -it <container_id> -- bash /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand type=inv cputhrottle={0-1000}

Where action and type are mandatory parameters.

action is “demand”, meaning an On Demand Scan.

type is the application for which you want to run the scan (the agent must be activated for the respective application first).

cputhrottle is 1-1000. Default is 0, which is no throttling.

For example, to initiate an On Demand Scan for the Vulnerability Management application (VM) with no throttling:

># oc -n qualys-agent exec -it <container_id> -- bash /usr/local/qualys/cloud-agent/bin/cloudagentctl.sh action=demand action=demand type=vm

The script calls the agent to run asynchronously in the background and returns to the shell prompt. The script prints a ControlId that you can track in the log file. The ControlId is the timestamp of the script initiation, e.g. On-Demand-Request ControlId: 20200427151136.0

The On Demand Scan logs to the same log file as the agent at /var/log/qualys/qualys-cloud-agent.log. You can find the logging for the scan initiation and completion in the log file.

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemandRequest Params: ControlID=20200427151136.0, Action=OnDemand, Type=VM, CPUThrottle=0"

If the agent is currently performing an interval scan for the same type, the On Demand Scan will delay waiting for the currently running scan to finish. The script will print a log line with this status.

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:Interval Event of same type is in progress with state INTERVAL_EVENT_SCAN

2020-04-27 15:11:36.474 [qualys-cloud-agent][9710]:[Information]:[140048573286144]:OnDemand request for Control ID : 20200427151136.0 will be delayed.

If the script errors due to the manifest file not being present, check whether the Cloud Agent is activated for that particular application. If agent is activated but you still get manifest related errors while running the On Demand Scan command, the agent may not have downloaded the manifest for that application. You can manually force a manifest download by deactivating then reactivating the agent for that application from the Cloud Agent user interface module. If that doesn't correct the issue, contact Qualys Support.

Once an On Demand Scan is completed, the results are logged in the log file located at /var/log/qualys/qualys-cloud-agent.log.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.