Below we list the required configurations and permissions necessary to run any of our available FlexScan. Refer to Configure FlexScan to get the detail steps on how to configure your preferred FlexScan.
Let's look at the Qualys and AWS configurations required to enable Zero-Touch API Scans.
Qualys Cloud Platform subscription with active TotalCloud subscription.
Enable Zero-touch API Based Scan to your subscription from Qualys Backoffice. Contact your technical account manager (TAM) for enabling it.
AWS EC2 instances that report the inventory to AWS SSM.
AWS EventBridge configurations.
The TotalCloud application Connectors provides an automated way to launch the cloud perimeter scans on the publicly-exposed cloud assets based on the configuration defined in the Connector.
You must define a global perimeter scan configuration that is used by connectors to run the perimeter scan.
Or, you can enable a cloud perimeter scan while creating a connector and define a custom scan configuration for scheduling the perimeter scan only for the connector that you are creating.
Similarly, you can enable a cloud perimeter scan for AWS organization connector and define a custom scan configuration for scheduling the perimeter scan. The custom scan configuration is applied to all the member connectors during the cloud perimeter scan.
If you do not define the custom scan configuration, the global scan configuration is used for launching the perimeter scans.
Qualys Cloud Platform subscription with Cloud Agent Module.
Fetch the activation key details from Qualys Agent -
ActivationId
CustomerId
Additional Qualys information required-
Qualys Agent Server URL
Qualys API Username
Password
SSM Agent on the EC2 instance should be installed and running
EC2 IAM instance should have proper SSM role attached
Endpoints need to be created from SSM to the subnet of the EC2 instances.