Configure Zero-Touch Snapshot-based Scan

Qualys Zero-touch Snapshot-based scanning is an agentless scanning technique that helps customers detect risk, vulnerabilities, and compliance posture for virtual machine/compute instances without affecting their current workload. 

Snapshot-based assessment offers greater security by using a service account for running scans. The service account will be independent of the target AWS account, where most of your workload operates. The service account can perform scans on multiple target accounts, allowing for bulk scans. This ensures no disruptions and more cost-effective, faster, and reliable scans. 

The below Qualys and AWS console configurations are required from the customer to enable Snapshot-based assessment on TotalCloud. With agentless scans, you can enable zero-touch Snapshot-based scan to perform vulnerability assessments on your new assets. 

Prerequisites for Snapshot-based Scan

OS Compatibility

The following section lists the OS versions and supported platforms for Qualys Zero Touch Snapshot-based scan.  Refer to Snapshot-based Scan OS Compatibility.

Configuration at AWS Cloud 

You will need one CSPM connector registered as a service account to activate the Snapshot scan functionality. 

Generate a Subscription Token

Configure a Service Account

Configure a Target Account

Configuration at Qualys Console

New Connector

Existing Connector

Note: The Zero-touch Snapshot-based Scan checkbox remains greyed until a CSPM Connector is registered as a Service Account.

Frequently Asked Questions

Related Topics

Configure Zero-touch API-based Assessment

 

 


 

 

Was this topic helpful?

success Thank you! We're glad to hear that this topic was useful.
success We appreciate your feedback. We'll work to make this topic better for you in the future.