Get Started with Qualys Offline Scanner

Welcome to Qualys Enterprise TruRisk™ Platform! This guide helps you to configure and use Qualys Offline Scanner Appliance version 2.2.3-14.

Qualys Offline Scanner Appliance lets you scan for vulnerabilities in secure air gap networks without Internet access.

Currently, an Offline Scanner is provided as a virtual appliance for VMware Workstation, VMware Player, VMware ESXi, VMware Fusion, and Oracle VirtualBox.

Overview

First, use the Console Interface for the initial personalization workflow.

This workflow completes the registration of the appliance within your account. Later, you can use this interface for low-level administration (which means reboot and shutdown).

console.png

How does Offline Scanner work?

This is similar to connecting a keyboard, mouse, or monitor to a hardware device that cannot be accessed directly over a network. It can only be viewed through the console access provided by the virtualization software.

Then use the Web User Interface for scanning.

scan_finished_host_vulns.png

This is where you launch scans and manage your account data (option profiles, scan results). The web user interface can be accessed using any standard web browser (for example, Internet Explorer, Chrome, Firefox) running on the host OS. The virtual NIC for the web interface should be deployed on a host-only network between the host (for example, Windows) and the appliance virtual machine.

Prerequisites

To configure the Offline Scanner, the following prerequisites must be met:

  • You must have VMware Workstation, VMware Workstation Player, VMware Fusion, VMware ESXi, or Oracle VirtualBox. 

    While this guide focuses on VMware Workstation and Oracle VirtualBox, the configuration steps also apply to VMware Workstation Player and VMware Fusion with minimal interface differences. See VMware Configuration.

  • Ensure that your scanner has network access to the Qualys Enterprise TruRisk™ Platform, which is required for successful activation. 

  • Your Offline Virtual Scanner Appliance works in two modes: CLOUD SYNC and OFFLINE SCANNING. By default, the scanner starts in CLOUD SYNC mode, but when you are ready to begin scanning, you must switch to OFFLINE SCANNING mode.

    Before switching modes, make sure to review your network settings in VMware Workstation, VMware ESXi, or Oracle VirtualBox. For scanning, we recommend using Bridged networking in all the above-mentioned hypervisors.

About Managing Instances

While managing the instance, you are not allowed to perform the following actions:

Instance Snapshots/Cloning Not Allowed

Using a snapshot or clone of a scanner instance to create a new instance is strictly prohibited. The new instance does not function as a scanner, and all configuration settings and platform registration information can be lost. This could also lead to scan failures and errors for the original scanner.

Moving/Exporting Instance Not Allowed

Exporting or moving a registered scanner instance from a virtualization platform (such as HyperV, VMware, or XenServer) to a cloud platform (like AWS, Azure, GCE, or OpenStack) in any file format is strictly prohibited. Doing so disrupts the scanner's functionality and results in the permanent loss of all its settings.

Quick Start Steps

  1. Add Offline Scanner
  2. Configure Offline Scanner