GCP Scan Checklist

We recommend these steps before scanning.

- Check Appliance Status

- Configure OS Authentication

Check Appliance Status

Qualys VMDR or Policy Compliance subscription, go to Scans > Appliances - Be sure the new Scanner Appliance is connected to the Qualys Enterprise TruRisk™ Platform. The icon means your appliance is connected and ready for scanning.

Tips and Best Practices

Configure OS Authentication

Using host OS authentication (trusted scanning) allows our service to log in to each target system during scanning. Running authenticated scans gives you the most accurate results with fewer false positives. In your Qualys VMDR subscription, go to Scans > Option Profiles. Edit the Initial Options profile, click Save As to save a copy with another name. In your new profile, on the Scan tab, enable the authentication types that you need.

authentication

In VMDR, go to Scans > Authentication. Add OS authentication records for the GCP instances that you'll be scanning - Unix and/or Windows. In the record, add credentials for the account to be used for authentication - this is an account for OS user (not the AIM user). We recommend you create a dedicated account for authentication on target systems.vmdr_overview

The following are the sample UNIX and Windows records for your reference:

Sample UNIX Record

  1. In the New Unix Record wizard, on the Record Title screen, give a name to your record and select the network.
  2. On the Login Credentials screen, provide the username, select Skip Password, and select the target type.
  3. On the Private Keys/ Certificates screen, click Add Private Key/Certificate and then in the Private Key / Certificate dialog box, select the key type (RSA, DSA, ECDSA, ED25519) and enter your private key content.

    private_key_cert.

  4. On the Assets screen, enter the Unix IP addresses or ranges of your GCP virtual machines for this record. Credentials in this record are used to scan these assets.

    asset_record

Sample Windows Record

  1. In the New Windows Record wizard, on the Record Title screen, give a name to your record and select the network.
  2. On the Login Credentials screen, enter the username and password.

    windows_record

  3. On the Assets screen, enter the Windows IP addresses or ranges of your GCP virtual machines for this record. Credentials in this record are used to scan these assets.

Learn more about OS Authentication

Online help within the authentication record workflows provides detailed instructions and guidance on all available options. These documents are good resources.

Qualys Windows Authentication Guide (pdf)

Qualys Unix Authentication Guide (pdf)

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.