Once you have your connectors configured, you can run FlexScan to collect your cloud resource data, create an inventory and perform specialized vulnerability scans.
TotalCloud has launched FlexScan as a solution within Connectors application to cover a wide variety of vulnerability scanning solutions such as Cloud Perimeter Scan, Qualys Agent deployment, API Based (agentless) assessment, Snapshot Based (agentless) assessment, and all of those with a zero-touch experience.
Refer to Prerequisites for FlexScan before proceeding with the configuration.
Currently, TotalCloud offers among three FlexScan to choose from. Select from a combination of agentless and agent-based scans. More FlexScan are to be introduced in later releases.
API-Based AssessmentAPI-Based Assessment
TotalCloud FlexScan's API-Based Assesment uses the APIs of AWS to collect OS package inventory from the workloads for vulnerability analysis. This agentless scan is a quick way to catch vulnerabilities that may pop-up in between the intervals where the agents wait to perform the next automated scan. When combined with agent scans, API-based scans offer a complete security solution by ensuring your newly introduced assets are secure without waitng for the Qualys agent scan.
Once you've selected API-based assesment as one of your FlexScan, the TotalCloud module runs scans automatically with AWS APIs to fetch results. The API-based scans run automatically on Assets discovered as part of connector run or EventBridge alerts.
API-based assessment is quick and best suited for short-lived workloads and the initial assessment of new workloads. You can configure API-based scans on connectors for TotalCloud or AssetView.
Refer to Configure Zero-touch API-based Assessment to get started.
Cloud Perimeter ScanCloud Perimeter Scan
TotalCloud FlexScan launches scans through Qualys External Scanners (Internet Remote Scanners), located at the Qualys Cloud Platform. The scanners assess workloads over the network.
When a new workload is created, FlexScan automatically instantiates the network scanner in the appropriate network to conduct the scan of the workload. Network scanners provide similar assessment capabilities as an agent. However, unlike agents, they cannot do any remediation actions.
Networks should be used to assess workloads facing the internet and for workloads on which agents cannot be installed. Only network scanners can detect vulnerabilities related to network protocols. They can give you an outside-in view that the other scanners cannot.
Refer to Configure Cloud Perimeter Scan to get started.
Qualys Agent ScanQualys Agent Scan
Qualys Cloud Agent-based scan on AWS is carried out using the AWS Systems Manager (SSM) document and Run Command. Qualys will provide public SSM documents that can be used directly by the customer, or the customer can provision the SSM document using Qualys Flow.
Qualys Flow will be used for the Run Command of the SSM document, and you can also use AWS approach of the SSM State Manager.
Refer to Configure Qualys Agent Scan to get started.
Snapshot-Based AssessmentSnapshot-Based Assessment
TotalCloud FlexScan's Snapshot-Based Assesment runs scan on snapshot images of your workloads for high-volume vulnerability analysis, This agentless scanning technique helps customers detect risk, vulnerabilties, and compliance posture for virtual machine/compute instance without affecting their current workload.
Once you have configured your service and target accounts in your AWS console with the help of the necessary CloudFormation templates (contact your TAMs to acquire them), you can target multiple accounts for vulnerability analyses,
Refer to Configure Zero-touch Snapshot-based Assessment to get started.
Now that you know of the available FlexScan, let's look at how to run a FlexScan on your existing connectors.
Navigate to Configure > Manage Connectors.
This will direct you to the Connectors application.
Follow the steps detailed on the Connectors online help to run your FlexScan.