Configure FlexScan

TotalCloud FlexScan's API-Based Assesment uses the APIs of AWS to collect OS package inventory from the workloads for vulnerability analysis. This agentless scan is a quick way to catch vulnerabilities that may pop-up in between the intervals where the agents wait to perform the next automated scan. When combined with agent scans, API-based scans offer a complete security solution by ensuring your newly introduced assets are secure without waitng for the Qualys agent scan.

Once you've selected API-based assesment as one of your FlexScan, the TotalCloud module runs scans automatically with AWS APIs to fetch results. The API-based scans run automatically on Assets discovered as part of connector run or EventBridge alerts.

API-based assessment is quick and best suited for short-lived workloads and the initial assessment of new workloads. You can configure API-based scans on connectors for CloudView or AssetView. 

Refer to Configure Zero-touch API-based Assessment to get started.

TotalCloud FlexScan's Snapshot-Based Assesment runs scan on snapshot images of your workloads for high-volume vulnerability analysis, This agentless scanning technique helps customers detect risk, vulnerabilties, and compliance posture for virtual machine/compute instance without affecting their current workload. 

Once you have configured your service and target accounts in your AWS console with the help of the necessary CloudFormation templates, you can target multiple accounts for vulnerability analyses,

Refer to either Configure Zero-touch Snapshot-based Assessment for AWS or Configure Zero-touch Snapshot based Assessment for Azure to get started.

TotalCloud FlexScan launches scans through Qualys External Scanners (Internet Remote Scanners), located at the Qualys Cloud Platform. The scanners assess workloads over the network.

When a new workload is created, FlexScan automatically instantiates the network scanner in the appropriate network to conduct the scan of the workload. Network scanners provide similar assessment capabilities as an agent. However, unlike agents, they cannot do any remediation actions.

Networks should be used to assess workloads facing the internet and for workloads on which agents cannot be installed. Only network scanners can detect vulnerabilities related to network protocols. They can give you an outside-in view that the other scanners cannot.

Refer to Configure Cloud Perimeter Scan to get started.

Qualys Cloud agent based scan on AWS is carried out using the Systems Manager (SSM) document and Run Command. Qualys will provide public SSM documents that can be used directly by the customer, or the customer can provision the SSM document using Qualys Flow. 
 

Qualys Flow will be used for the Run Command of the SSM document, and you can also use AWS approach of the SSM State Manager.

Refer to Configure Qualys Agent Scan to get started.