Set up Policies and Dynamic Groups for VSS – Qualys BYOL

Create a dynamic group of instances that you want to scan.

For example:

The dynamic group includes instances that meet the criteria defined by any of the following rules. (Select - Match any rules defined)

Any {instance.compartment.id = '<compartment-ocid-of-your-instances-or-This-could-even-be-the-whole-tenancy>’}

Graphical user interface, text, application, email Description automatically generated

Policy for granting permission for the instances to access secrets

This allows the Qualys agents to get the Qualys license data and send it in communications to the Qualys data center.

  • Allow dynamic-group <your-qualys-instances-group> to read vaults in the tenancy
  • Allow dynamic-group <your-qualys-instances-group> to read keys in the tenancy.
  • Allow dynamic-group <your-qualys-instances-group> to read secret-family in the tenancy

Need to get access to the data sent back from Qualys

  • Define tenancy ocivssprod as ocid1.tenancy.oc1..aaaaaaaa6zt5ejxod5pgthsq4apr5z2uzde7dmbpduc5ua3mic4zv3g5ttma
  • Endorse dynamic-group <your-qualys-instances-group> to read objects in tenancy ocivssprod

The following image shows policies set up for a dynamic group of instances:

Picture 16

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.