Qualys Agent Scan Steps and Generate Agent Scanning Report – Continuous scanning in the cloud

cc 好物分享
The agent sends up an upload of the baseline snapshot to the cloud agent platform for assessment. For the initial upload the agent collects comprehensive metadata about the target host (a few megabytes) and sends a baseline snapshot to the cloud for assessment. The status Scan Complete is reported upon success. This first scan typically takes 30 minutes to 2 hours using the default configuration - after that scans run instantly on the delta uploads (a few kilobytes each).

The asset data the agent collects includes many things for the baseline snapshot like network posture, OS, open ports, installed software, registry info, what patches are installed, environment variables, and metadata associated with files. The agent stores a snapshot on the agent host to quickly determine deltas to host metadata it collects.
What signatures are tested? Agent-based scanning uses the same signatures (vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. 
 

Install Agent

1. Create new key

2. Install Agents
Steps to Install the Linux Agent

Download the agent installer
File will be saved to your downloads area, as defined by your local system.

Copy QualysCloudAgent.rpm to the host you want to monitor and run commands. Click here to troubleshoot.

Copy and paste this command for installation (sudo access required):

sudo rpm -ivh QualysCloudAgent.rpm 

sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=16beb165-1a29-4d238-80b9-5579d7810849 CustomerId=36ca3719-7f25-e45e-8243e-b1f1cc6b09e9 ServerUri=https://qagpublic.qg1.apps.qualys.ca/CloudAgent/

3. Verify Agents Installed Successful

Activate  Agent

On Demand Scan

Uninstall Cloud Agent to recycle licenses

 

Report for Single Agent

1. add tags

2. New Template Based Scan Report

3. Select Technical Report as template

4. Add tag into asset tags for filtering

4. Run report immediately or scheduling it for later

Reports for Cloud Agent Findings:

https://success.qualys.com/support/s/article/000003222

  1. Log in to Qualys.
  2. Select Vulnerability Management from the drop-down list.
  3. Click Reports > Templates> New> Scan Template. 
  4. On the Report Title tab, give a title to your template.
  5. Choose Host Targets. Please note that you'll need to run the report on asset tags to get AGENT tracked hosts that are not in VM license, or add IP tracked entries in VM modules (as required) to generate reports on IP/All asset group. Check reporting on agent hosts and cloud agent hosts in asset search report for details.
  6. On the Findings tab, select the Asset Group, IP, or tags then scroll down to select Agent Data.
  7. On the Display tab, select the following:
    • Host Data
    • Text Summary
    • Vulnerability Details
    • Results
    • Appendix
 8. On the Filter tab under Vulnerability Filters, select the following under Status
  • New
  • Active
  • Reopened
9. Under State, select the following:
  • Confirmed Vulnerabilities: Active
  • Potential Vulnerabilities: Active
  • Information Gathered: Active
10. Select the Report Format as Portable Document Format (PDF).
11. Click Run.  

References

https://blog.51sec.org

版权声明:
作者:cc
链接:https://www.techfm.club/p/91628.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>