Configure Qualys Agent Scan
Qualys Cloud Agent enables instant, global visibility of IT assets —even occasionally-connected mobile and virtual devices, with latest asset configuration data for security and compliance.
Qualys Cloud Agent, a low-footprint agent installed on endpoints, brings the high-performance functionality of all Qualys Cloud Platform services to all IT assets in the global enterprise.
The below configurations are required from the customer to enable Qualys Agent Scan on TotalCloud. You can enable Agent scan to perform vulnerability assessments on your new assets with Qualys network sensors.
Pre-requisites
-
Qualys Cloud Platform subscription with Cloud Agent.
-
Fetch the activation key details from Qualys Agent-
-
ActivationId
-
CustomerId
-
-
WebServerUrl (<Cloud Agent Server URL>/CloudAgent/, Cloud Agent Server URL can be found at https://www.qualys.com/platform-identification/ e.g., for US POD2 - https://qagpublic.qg2.apps.qualys.com/CloudAgent).
-
Qualys API Username
-
Password
-
On the Qualys Admin Portal -
-
Create an API user in the Qualys portal with the below permission
-
-
SSM Agent on the EC2 instance should be installed and running.
-
EC2 IAM instance should have proper SSM role attached.
-
Endpoints need to be created from SSM to the subnet of the EC2 instances.
-
SSM Document Provisioning
Customers can use the Public SSM document provided by the Qualys.
Go to AWS System Manager > Documents > All Documents and search for the QualysCloudAgentSSMDocument document.
Customers can provision the SSM Document using QFlow templates.
NOTE: The document provisioned in one account can be shared across all the customer’s AWS accounts.
Go to AWS System Manager > Documents > Search for the Document and select Modify Permissions.
Next, add the AWS Account numbers for which you want to share this SSM Document.
SSM Run Command
Run using QFlowRun using QFlow
QFlow provides out-of-the-box templates to run the SSM Document on the EC2 instance.
Navigate to the QFlow application and go to edit. On the search field, pass the "Run" parameter.
Execute the “Run SSM Command” QFlow template.
Run using SSM State ManagerRun using SSM State Manager
SSM State Manager gives the option to run the SSM document on the EC2 instances based on tags or resource group or on all the EC2 instances based on schedule.
Go to AWS System Manager > State Manager and create association on the SSM Document of Qualys or self-provisioned.
Verification
Once all the pre requisite are cleared, by using QFlow of SSM State Manager, the SSM dcoument will run on the EC2 instances then the Qualys Cloud Agent deployed immediately and it will start showing on Qualys Cloud Platform.
And when Qualys Cloud Agent performs scan, the Vulnerabilities section starts reflecting vulnerabilities.
Additional Information
List of AWS SSM supported OS - https://docs.aws.amazon.com/systems-manager/latest/userguide/prereqs-operating-systems.html
Connector Permissions to be added –
-
cloudformation:CreateStack
-
ssm:SendCommand
-
ssm:ListTagsForResource
-
ssm:GetDocument
-
ssm:ListDocuments
-
ssm:DeleteDocument
-
ssm:CreateDocument
Related Topics
Configure Zero-touch API Based Scan