External Scanning using External Scanner Appliance

We provide the ability to scan public-facing virtual machines in your GCP cloud environment. You must use the standard scan workflow to scan your public-facing GCP VM instances. Create a tag for your GCP instances having a publicly assigned IP, specify IPs to be used in an standard scan workflow, select the external scanners in the scan setup and launch the scan. Also ensure that you those external IPs are activated in your Qualys subscription.

Qualys External Scanners (Internet Remote Scanners) located at the Qualys Enterprise TruRisk™ Platform are used for external scanning of GCP VM instances. For subscriptions on Private Cloud Platforms, your account may be configured to allow internal scanners to be used.

Get Started

You can run an external scan immediately or All cloud perimeter scans are scheduled for 'now' (a one-time scan job) or "recurring". After saving, you see the scan job on the Schedules list. When the scan job starts, it appears on your Scans list.

1. Based on your requirements, create a dynamic tag with Cloud Asset Search filters under 'AssetView' app.

   For example,

   • All running public VM instances in your Qualys Subscription:

     not gcp.compute.publicIpAddress is null and gcp.compute.state:"RUNNING" 

   • All running public VM instances in your GCP Project:

     not gcp.compute.publicIpAddress is null and gcp.compute.projectId: and gcp.compute.state:"RUNNING"

   • All running public VM instances in a zone:

     not gcp.compute.publicIpAddress is null and gcp.compute.state:"RUNNING" and gcp.compute.zone:westus

2. Extract IP addresses of machines returned by tags created in step 1. You can extract it by using Download or API Query to Host Assets.
3. Add these IP addresses grouped as Asset Groups or individually as host assets under the Assets tab in VM or VMDR.
4. Configure OS Authentication.
5. Now, let's start scanning. Go to VM or VMDR > Scans > Scans > New > Scan (or Schedule Scan).

   

6. In the Launch Vulnerability Scan window, provide the required details like scan title, option profile, and network. Select the External Scanner Appliance type from the dropdown list.

7. Identify your scan targets. You can either add the exported list of IPs to an asset group or directly list the IP addresses to scan.

8. Click Launch, and you are done!

When you choose Now, your scan may not start immediately. The Scanner Appliance checks for new scan requests every few minutes. If a Scanner Appliance is available and you have not reached your concurrent scan limit, it launches the scan. If scanners are unavailable or you have reached your limit, the scan is launched at the next opportunity.

For more details on vulnerability scans, see Scan for Vulnerabilities.