The agent sends up an upload of the baseline snapshot to the cloud agent platform for assessment. For the initial upload the agent collects comprehensive metadata about the target host (a few megabytes) and sends a baseline snapshot to the cloud for assessment. The status Scan Complete is reported upon success. This first scan typically takes 30 minutes to 2 hours using the default configuration – after that scans run instantly on the delta uploads (a few kilobytes each).

The asset data the agent collects includes many things for the baseline snapshot like network posture, OS, open ports, installed software, registry info, what patches are installed, environment variables, and metadata associated with files. The agent stores a snapshot on the agent host to quickly determine deltas to host metadata it collects.
What signatures are tested? Agent-based scanning uses the same signatures (vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. 
 

Install Agent

1. Create new key

2. Install Agents
Steps to Install the Linux Agent

Download the agent installer
File will be saved to your downloads area, as defined by your local system.

Copy QualysCloudAgent.rpm to the host you want to monitor and run commands. Click here to troubleshoot.

Copy and paste this command for installation (sudo access required):

sudo rpm -ivh QualysCloudAgent.rpm 

sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=16beb165-1a29-4d238-80b9-5579d7810849 CustomerId=36ca3719-7f25-e45e-8243e-b1f1cc6b09e9 ServerUri=https://qagpublic.qg1.apps.qualys.ca/CloudAgent/

3. Verify Agents Installed Successful

Activate  Agent

On Demand Scan

Uninstall Cloud Agent /Deactivate Agent to Recycle Licenses

 

1. Uninstall Agent

2. Deactivate Agent

3. Manual Uninstall from host 

Windows Agent

Use Uninstall.exe. Learn more

Linux/Unix Agent (RPM)

Use this command:

"sudo rpm -e qualys-cloud-agent"  

Linux Agent (Debian)

Use this command:

"sudo dpkg --purge qualys-cloud-agent"

Report for Single Agent Using Tag

1. add tags

In case you did no create the tag, you can go to Asset Management to create one:

2. New Template Based Scan Report

3. Select Technical Report as template

4. Add tag into asset tags for filtering

4. Run report immediately or scheduling it for later

Reports for Cloud Agent Findings:

https://success.qualys.com/support/s/article/000003222

  1. Log in to Qualys.
  2. Select Vulnerability Management from the drop-down list.
  3. Click Reports > Templates> New> Scan Template. 
  4. On the Report Title tab, give a title to your template.
  5. Choose Host Targets. Please note that you’ll need to run the report on asset tags to get AGENT tracked hosts that are not in VM license, or add IP tracked entries in VM modules (as required) to generate reports on IP/All asset group. Check reporting on agent hosts and cloud agent hosts in asset search report for details.
  6. On the Findings tab, select the Asset Group, IP, or tags then scroll down to select Agent Data.
  7. On the Display tab, select the following:
    • Host Data
    • Text Summary
    • Vulnerability Details
    • Results
    • Appendix
 8. On the Filter tab under Vulnerability Filters, select the following under Status
  • New
  • Active
  • Reopened
9. Under State, select the following:
  • Confirmed Vulnerabilities: Active
  • Potential Vulnerabilities: Active
  • Information Gathered: Active
10. Select the Report Format as Portable Document Format (PDF).
11. Click Run.  

References

By netsec

Leave a Reply