Once you have your connectors configured, you can run FlexScan to collect your cloud resource data, create an inventory and perform specialized vulnerability scans.
TotalCloud has launched FlexScan as a solution within its capacity to cover a wide variety of vulnerability scanning solutions such as Cloud Perimeter Scan, Qualys Agent deployment, API Based (agentless) assessment, Snapshot Based (agentless) assessment, and all of those with a zero-touch experience.
Refer to Pre-requisites for FlexScan before proceeding with the configuration.
Currently, TotalCloud offers among three FlexScan to choose from. Select from a combination of agentless and agent-based scans. More FlexScan are to be introduced in later releases.
API-Based AssessmentAPI-Based Assessment
TotalCloud FlexScan's API-Based Assesment uses the APIs of AWS to collect OS package inventory from the workloads for vulnerability analysis. This agentless scan is a quick way to catch vulnerabilities that may pop-up in between the intervals where the agents wait to perform the next automated scan. When combined with agent scans, API-based scans offer a complete security solution by ensuring your newly introduced assets are secure without waitng for the Qualys agent scan.
Once you've selected API-based assesment as one of your FlexScan, the TotalCloud module runs scans automatically with AWS APIs to fetch results. The API-based scans run automatically on Assets discovered as part of connector run or EventBridge alerts.
API-based assessment is quick and best suited for short-lived workloads and the initial assessment of new workloads. You can configure API-based scans on connectors for CloudView or AssetView.
Refer to Configure Zero-touch API Based Scan to get started.
Cloud Perimeter ScanCloud Perimeter Scan
TotalCloud FlexScan launches scans through Qualys External Scanners (Internet Remote Scanners), located at the Qualys Cloud Platform. The scanners assess workloads over the network.
When a new workload is created, FlexScan automatically instantiates the network scanner in the appropriate network to conduct the scan of the workload. Network scanners provide similar assessment capabilities as an agent. However, unlike agents, they cannot do any remediation actions.
Networks should be used to assess workloads facing the internet and for workloads on which agents cannot be installed. Only network scanners can detect vulnerabilities related to network protocols. They can give you an outside-in view that the other scanners cannot.
Refer to Configure Cloud Perimeter Scan to get started.
Qualys Agent ScanQualys Agent Scan
Qualys Cloud agent based scan on AWS is carried out using the Systems Manager (SSM) document and Run Command. Qualys will provide public SSM documents that can be used directly by the customer, or the customer can provision the SSM document using Qualys Flow.
Qualys Flow will be used for the Run Command of the SSM document, and you can also use AWS approach of the SSM State Manager.
Refer to Configure Qualys Agent Scan to get started.
Now that you know of the available FlexScan, let's look at how you can run a FlexScan on your existing connectors.
1) Navigate to the TotalCloud Application.
2) Click Configure FlexScan from the Discover and Inventory Tab.
You get to see a list of connectors that you have either configured from the TotalCloud application or from the Connector application. Both connectors are eligible for FlexScan.
3) Select connector(s) where you want to configure FlexScan.
4) Click Configure FlexScan.
5) Select the required FlexScan- API-based or Cloud Perimeter.
Note: If you've already configured FlexScan settings for the selected connector. Clicking 'Configure' will overwrite the previous FlexScan settings. Select the "Modifying the settings now..." checkbox to enable the Configure button.
6) Click Configure.
To view connectors with FlexScan configured, you can use the token 'isFlexScanConfigured' and pass true or false. This will fetch the list of connectors with or without FlexScan configured already.