Home

Download and Configure Cloud Agents for EDR

You need to install a Cloud Agent (CA) activated for EDR on each asset you want to monitor for suspicious activity.

 You must upgrade to following Cloud Agent versions to utilize all the EDR functionality:

- Windows: 4.1 and above
- Linux: 6.1.0 and above

In this section we have covered the following:

Download Cloud Agent

Perform the following steps if you are a new EDR customer:

  1. From the EDR welcome page, click Download Cloud Agent.
  2. Click on Windows.exe from the Download and Install Cloud Agent page. The following example screenshots represent Windows installation.

    Download Cloud Agent

  3. Download the agent installer from the Installation Instructions page, download the agent installer and copy it to the host machine.

    > QualysCloudAgent.exe CustomerId={xxxxxxxx-xxxx-xxxxxxxxxxxxxxxxxxxx}
    ActivationId={xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx}
    WebServiceUri=<platform_url>/CloudAgent/ 

    Run the command from an elevated command prompt, or use a system management tool to install the agent as per your organization's standard process to install a software.
  4. After you successfully download and install the Default installation key and want to install more activation keys, see Install and Activate Cloud Agent.

Configure Cloud Agents

Perform the following steps if you are an existing EDR customer:

  1. From EDR welcome page, click Configure Agents for EDR.

    Configure Agents for QES button.

  2. On the Configure Agents for EDR window, you can:

Upgrade Existing Agents

  1. From the EDR homepage, click the Configure Agents for EDR and select one or multiple Activation Keys from the Configure Agents for EDR window.
  2. Click Upgrade.

    Upgrade existing agent

  3. On the confirmation window, click Upgrade to initiate the process. All the agents associated with the activation key will be upgraded and enabled for EDR.Upgrade Confirmation

Install and Activate Cloud Agent

Our cloud platform gives you continuous security updates through the cloud using lightweight cloud agents. Go to the Cloud Agent (CA) application to install agents and activate them for EDR. It's possible to activate existing agents for EDR with other capabilities like VM and PC.

1. From the EDR homepage, click Configure Agents for EDR. Click Manage Cloud Agent Keys. You are redirected to the Cloud Agent application.

Manage Cloud Agent

 

2. Click Agent Management > Activation Keys > New Key. Give a title and provision for the EDR application and click Generate.

You can provide the same key for any other applications in your account.

New Key button.

New Activation Key setup page - Download binaries link.

 

3. Click on Install Instructions against Windows (.exe).

Want to do this step later?Want to do this step later?

No problem, just exit the wizard. When you’re ready, return to your activation keys list, select the key you want to use, then Install Agent from the Quick Actions menu.

New Activation Key setup page - Download binaries link.

4. Review the installation requirements and click Download.

Run the installer on each host from an elevated command prompt, or use a systems management tool or Windows group policy.

Your agents should start connecting to our cloud platform.

New Activation Key setup page - Download.exe button.

5. Activate your agents for EDR. Go to the Agents tab, choose an agent and Activate for FIM or EDR or PM or SA from the Quick Actions menu. (Bulk activation is supported using the Actions menu).

In the Activate Agents window, enable the EDR agent and click Activate

New Activation Key setup page - Download binaries link.

 

Before creating a profile, assign Malware Protection tags. For more information, see Create and Assign Tags

Create a New Profile to enable EDR

As part of cloud agent installation and setup, you should enable EDR from the Configuration Profile of the Cloud Agent application. This is required for EDR data collection. You can enable EDR only when the agents are activated with EDR. Perform the following steps in the Cloud Agent application to enable EDR in a New Profile:

  1. From the Agent Management, click Configuration Profiles.

    The Initial Profile is a system-generated profile that is listed in the Configuration Profiles by default. This profile can not be edited or deleted. 

  2. Click New Profile.
  3. The Configuration Profile Creation window lists 12 steps that you can configure as per your organization infrastructure. Fields. In Step 1- General Info, the profile name is the mandatory field. Click Continue if your network infrastructure does not require the configuration settings. 
  4. At Step 10- EDR, toggle Enable EDR module for this profile. In the Configuration section of Step 10, the default value of the EDR artifacts are provided. However, as per your network infrastructure requirement you can change the Max event log size, Payload threshold time, and Maximum disk usage for EDR data.
    The following screenshot is an example of EDR enabled in a new profile:

    Enable EDR toggle from the Configuration Profiles.

  5. At Step-12, click Finish.

    Once the profile is created and EDR is enabled, you receive a notification at the top-center of the page and the newly create profile is listed in the Configuration Profiles section. The following screenshot is an example of newly created profile with EDR enabled:

    Profile created successfully.

Assign a Profile to an Agent

Once the profile is created and listed in the Configuration Profiles, you should assign a profile to an agent. Perform the following steps in Cloud Agent application to assign a profile to an agent:

  1. In the Agent Management, click Agents.
  2. Hover the mouse on any of the assets to view the Quick Actions menu.
  3. Click Assign Config Profile.

    Assign Config Profile option from the Quick Actions menu.

  4. In the Configuration Profile window, select the profile name from the list and click Save

    Select the Configuration Profile.