Agent UDC Support

With Agent UDC Support you can evaluate PA user-defined controls using cloud agents. There is no need to create duplicate controls - the controls you have already defined in your PA account for compliance scanning is evaluated by cloud agents with no action from you.

We have added new agent scan options in certain controls:

Directory Search Check and Directory Integrity Check - the Use agent scans only option lets you specify that the control is only evaluated using agent scans.

File Integrity Check and Directory Integrity Check - the Auto update expected value option lets you update a control's expected values with the actual values collected from agent scans.

Prerequisites

To create user-defined controls using cloud agents, the following prerequisites must be met:

  • Agent UDC Support must be available on the Qualys Cloud Platform for your subscription
  • Qualys Policy Audit must be enabled for your subscription
  • Qualys Cloud Agent must be enabled for your subscription
  • Cloud Agents must be activated for the PA module
  • Windows Cloud Agent 2.1.x or later
  • Linux and AIX Cloud Agent 2.3.x or later

Enabling UDC Support on Agents

New Agents

New agents automatically support UDCs as long as they meet the minimum version requirement. No user action is required.

Existing Agents

To activate UDC support for an existing agent, go to Cloud Agent, identify the agent in your Agents list and choose Assign UDC Manifest from the Quick Actions menu.

Assign UDC Manifest option in Cloud Agent app.

For bulk activation, select multiple agents in your list and choose Assign UDC Manifest from the Actions menu above the list.

Assign UDC Manifest bulk option in Cloud Agent app.

Only Evaluate Controls Using Agent Scans

You can see the option Use agent scans only in these Windows and Unix control types: Directory Search Check and Directory Integrity Check. When you select this option, the control will only be evaluated using agent scan data. You can also notice that you can enter wildcards in the Base Directory when defining the control's scan parameters since this is supported by agents.

Use agent scans only option in UDC.

Auto Update Expected Values from Agent Scans

The option Auto Update expected value lets you update a control's expected values with the actual values collected from each cloud agent scan. Enable this option in Directory Integrity Checks and File Integrity Checks. You must also enable Use scan data as expected value in the same control (under Control Technologies).

Directory Integrity Checks

(1) The Disable case-sensitive search check-box in Unix agent Directory Search Check and Directory Integrity Check lets you search based on case-sensitivity. Once you select this check-box, the search result lists all possible combinations in the upper and/or lowercase file name. By default, this option is unchecked which returns search result with case-sensitive file name.

 The case-sensitive search functionality is applicable to both file/directory and not applicable to base directory.

(2) The Auto Update expected value check-box lets you update the control's expected value with the actual value collected from each agent scan. Enable Use scan data as expected value to create reports reflecting results for each scan.

File Integrity Checks

Auto update expected value in File Integrity UDC.

© Qualys, Inc. All rights reserved. Privacy Policy.