Configure Qualys Agent Scan

• Qualys Cloud Platform subscription with Cloud Agent.

• Fetch the activation key details from Qualys Agent-

  • ActivationId

  • CustomerId

• WebServerUrl (<Cloud Agent Server URL>/CloudAgent/, Cloud Agent Server URL can be found at https://www.qualys.com/platform-identification/ e.g., for US POD2 - https://qagpublic.qg2.apps.qualys.com/CloudAgent).

• Qualys API Username

• Password

• On the Qualys Admin Portal - 

  • Create an API user in the Qualys portal with the below permission

• SSM Agent on the EC2 instance should be installed and running.

  • EC2 IAM instance should have proper SSM role attached.

  • Endpoints need to be created from SSM to the subnet of the EC2 instances.

Customers can use the Public SSM document provided by the Qualys.
Go to AWS System Manager > Documents > All Documents and search for the QualysCloudAgentSSMDocument document.

Customers can provision the SSM Document using QFlow templates.

NOTE: The document provisioned in one account can be shared across all the customer’s AWS accounts.

Go to AWS System Manager > Documents > Search for the Document and select Modify Permissions.

Next, add the AWS Account numbers for which you want to share this SSM Document.

QFlow provides out-of-the-box templates to run the SSM Document on the EC2 instance.

Navigate to the QFlow application and go to edit. On the search field, pass the "Run" parameter.

Execute the “Run SSM Command” QFlow template.

SSM State Manager allows running the SSM document on the EC2 instances based on tags or resource groups or on all the EC2 instances based on schedule.

Go to AWS System Manager > State Manager and create an association on the SSM Document of Qualys or self-provisioned.