Cloud Agent as a Passive Sensor

You can configure the Qualys Cloud Agent to work as a passive sensor to identify traffic in the subnet agent. When configured, the Agent monitors your network activity without actively probing of devices to detect active assets in your network.

Note: This feature will be available only when the Windows agent binary with agent as passive sensor support will be available. For supported agent versions, refer to the Features by Agent Version section in the Cloud Agent Platform Availability Matrix.

To define settings for cloud agent as a passive sensor:

1) In the Cloud Agent application, navigate to Configuration > CAPS Configuration.

caps configuration.

2) In the CAPS Configuration page, define the following settings

Data Upload Interval

Define the time interval, in minutes, at which the agent uploads CAPS data to Qualys Cloud Platform. The valid range is 15 to 1440 minutes. The default value is 30.

Scan Scope

In the Domain or Include Asset section, you can define the scope of scanning by defining a domain name. You can also add specific IP addresses or range of IP address in the domain to be added to the scan scope.

- Domain Name - Add a domain name. All the assets that are part of the specified domain name are included in the scan scope. This is a mandatory field.

Note: The Domain Name must be an exact match with the connection-specific DNS Suffix found on the endpoint. For example,

- IP/IP Range - Add one or more IP addresses, separated by comma or IP address range for the specified domain name.

- Click Add.

Assets to be Excluded

You can define some assets to be excluded from the scan by specifying the IP or Mac address or range. The assets are excluded from the Inventory.

To exclude the assets with the specified IP addresses or IP range, select the IP/IP Range check box, enter the IP addresses or IP range, and click Add.

To exclude Mac assets, select Mac Address check box, enter the Mac addresses or IP range, and click Add.

Note: Once you configure the IP or Mac addresses to be excluded, the assets with the specified IP and Mac addresses, if available in the CSAM/GAV inventory, will be deleted. 

3) Click Save. The configuration is saved.

To revert the changes made in the CAPS configuration, click Cancel.