Prerequisites for FlexScan

Below we list the required configurations and permissions necessary to run any of our available FlexScan. Refer to Configure FlexScan to get the detail steps on how to configure your preferred FlexScan.

Zero-Touch API Scanning

Let's look at the Qualys and AWS configurations required to enable Zero-Touch API Scans.

Qualys Console Pre-requisites

  • Qualys Cloud Platform subscription with active TotalCloud subscription. 

  • Enable Zero-touch API Based Scan to your subscription from Qualys Backoffice. Contact your technical account manager (TAM) for enabling it. 

AWS Console Pre-requisites

  • AWS EC2 instances that report the inventory to AWS SSM. 

  • AWS EventBridge configurations. 

Zero-touch Snapshot-based Scan

Let's look at the pre-requisites to enable zero-touch snapshot-based scan.

Prerequisites

  • Qualys Cloud Platform subscription with active TotalCloud subscription. 

  • Enable Zero-touch Snapshot-based Scan to your subscription from Qualys Backoffice. Contact your technical account manager (TAM) for enabling it.  

  • Request support to provide the required CloudFormation Templates for Service and Target account.

Cloud Perimeter Scanning

The TotalCloud application Connectors provides an automated way to launch the cloud perimeter scans on the publicly-exposed cloud assets based on the configuration defined in the Connector.

Prerequisites

  • You must define a global perimeter scan configuration that is used by connectors to run the perimeter scan.

  • Or, you can enable a cloud perimeter scan while creating a connector and define a custom scan configuration for scheduling the perimeter scan only for the connector that you are creating. 

Similarly, you can enable a cloud perimeter scan for AWS organization connector and define a custom scan configuration for scheduling the perimeter scan. The custom scan configuration is applied to all the member connectors during the cloud perimeter scan.

If you do not define the custom scan configuration, the global scan configuration is used for launching the perimeter scans. 

Cloud Agent Scanning 

Qualys Console Pre-requisites

  • Qualys Cloud Platform subscription with Cloud Agent Module.

  • Fetch the activation key details from Qualys Agent -

    • ActivationId

    • CustomerId

  • Additional Qualys information required-

    • Qualys Agent Server URL

    • Qualys API Username

    • Password

AWS Console Pre-requisites

  • SSM Agent on the EC2 instance should be installed and running

  • EC2 IAM instance should have proper SSM role attached

  • Endpoints need to be created from SSM to the subnet of the EC2 instances.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.