Manage Assets using Qualys

Here are some best practices and tips for organizing assets to help you secure AWS EC2 infrastructure using Qualys.

Set Qualys Configurations

Asset Groups - Organize assets into meaningful groups and assign them to sub-users. Asset groups are required when you have multiple users, such as Scanner, Reader, and Unit Manager (if business units are defined). The same IP address can be included in multiple asset groups.

config-ag

Business Units - Organize users and assets into business units to match your organization. This allows Managers to grant users role-based permissions in the context of their assigned business unit. The same IP address can be included in multiple business units.

config-bu

Networks - Organize discrete private IP networks to keep overlapping IP blocks separate. When configured, Qualys tracks IPs by network and IP address.

An IP address must be unique to your subscription or a single network.

config-networks

Removing Terminated Instances - You can remove terminated instances from your Qualys account.

  1. Go to Vulnerability Management or Policy Compliance > Hosts > Asset Search and select the assets with the tracking method as EC2. You could also add more parameters to refine your, such as Last Scan Data not within x days and so on.

  2. Click Search, and then from the Actions menu, select Purge. This results in the removal of assets along with their associated data from the module.

    terminated2

    Consider a scenario where you have deployed cloud agents on your EC2 assets and want to uninstall agents not checked in for the last N days; you can use the API call.

Request:

curl -u "USERNAME:PASSWORD" -X "POST" -H "Content-Type: text/xml" -H
"Cache-Control: no-cache" --data-binary
@uninstall_agents_not_checkedin.xml
"https://qualysapi.qualys.com/qps/rest/2.0/uninstall/am/asset/"

Contents of uninstall_agents_not_checkedin.xml

<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
    <filters>
        <Criteria field="tagName" operator="EQUALS">Cloud Agent</Criteria>
        <Criteria field="updated" operator="LESSER">2016-08-
25T00:00:01Z</Criteria>
    </filters>
</ServiceRequest>

For more information, on Cloud Agent APIs, refer to our Cloud Agent API User Guide.

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.