Cloud Agent Deployment using Google Cloud Console

We provide seamless integration of Qualys Cloud Agent with Google Cloud Platform (GCP) Marketplace. Using this integration, you can install Windows and Linux Cloud Agents on Google Cloud Platform (GCP) Virtual Machines (VM) instances. 

Qualys Cloud Agent — GCP Marketplace is a Bring Your Own License (BYOL) type integration, that needs Qualys Customer ID and Activation ID. Hence, only Qualys subscribers can use this integration.

Benefits of Qualys Cloud Agent — GCP Marketplace Integration

Qualys Cloud Agent — GCP Marketplace integration provides you with the following benefits:

  1. GCP Marketplace Configuration: You can configure GCP Marketplace to deploy Qualys Cloud Agents on specified GCP VM instances.
  2. Application Configuration: You can activate various Qualys applications for your subscriptions such as Vulnerability Management (VM), Policy Compliance (PC), File Integrity Monitoring (FIM), Endpoint Detection and Response (EDR), and so on.
  3. Integrate Security Findings in GCP: You can integrate Qualys security findings (for example, vulnerabilities) directly into the GCP by leveraging Qualys Integration with Google Cloud Security Command Center. This helps you push these findings into the Google Security Command Center.

Prerequisites

You must meet the following conditions before deploying Qualys Cloud Agent on GCP VM instances.

  1. You must have active Qualys Subscription. If you do not have Qualys subscription, you can Sign up to Qualys Website or you can contact Qualys Support.
  2. You must have Cloud Agent module available and enabled. The Customer ID and Activation ID are required for installation configuration. Also, other required modules must be available and enabled. For example, VM, PC, GAV, CSAM, and so on.
  3. The following APIs must be accesible from your VMs: OS Configuration Management API, and Compute API. To learn more, refer to Enabling an API. You can also enable these APIs using gcloud commands in Google Cloud SDK shell.
  4. The OS Configuration Agent must be installed on your VMs. To learn more, refer to Deploying Security Software Agents from Google Cloud Marketplace.
  5. OSConifg Agent must be enabled in project metadata. You can enable this from Google Cloud Console or using gcloud commands. The following are the sample gcloud commands.

    "gcloud compute project-info add-metadata --metadata=enable-osconfig=true"   OR

    "gcloud compute project-info add-metadata --metadata=enable-osconfig=true,enable-os-inventory=true,enable-guest-attributes=true,os-package-enabled=true,enable-os-config-debug=true,os-debug-enabled=true"
  6. Configuring metadata values enables OS Inventory Management, OS Patch Management, and OS Configuration Management which are required as this integration works with OS Configuration Management feature.
  7. You must have the following IAM Permissions:

    osconfig.guestPolicies.create
    osconfig.guestPolicies.delete
    osconfig.guestPolicies.get
    osconfig.guestPolicies.list
    storage.buckets.create
    storage.buckets.get
    storage.objects.create
    storage.objects.delete
  8. If you do not have these permissions, you can create a custom role. To learn more, refer to Creating Custom Roles.

Next Step: Get Started with Cloud Agent Deployment on GCP Marketplace