Qualys Cloud Agent provides continuous monitoring capabilities to Qualys Vulnerability Management tools. This eliminates the need to know where a particular asset resides. You can install cloud agents in minutes, on your hosts, and start to control your network. Qualys Cloud Agents work where it is not possible to do network scanning.
Qualys Agent is better than traditional network scanning for several reasons:
- It can be installed anywhere and anytime.
- Required CPU resource is minimum >2%.
- It allows continuous monitoring.
- It provides real-time vulnerability management.
Since customers may integrate the agent into the master images of their cloud servers, the Qualys Cloud Agent architecture significantly simplifies asset discovery and tracking, as well as security and compliance control, in a highly complex cloud environment like Amazon EC2 and Microsoft Azure.
Qualys Cloud Agent Introduction video will provide you with more information.
Qualys Cloud Agent provides continuous monitoring capabilities to Qualys Vulnerability Management tools, simplifying asset discovery and tracking, as well as security and compliance control, in a highly complex cloud environment like Amazon EC2 and Microsoft Azure.
Qualys Cloud Agent has the following benefits:
- More visibility as opposed to scanning with an appliance
- Simple credential management for secure scanning
The Cloud Agent is ideal for:
- IT assets with a lot of IP adjustments (like via DHCP)
- IT assets that are off-network, roaming, or remote
- Workplaces or locations where deploying a scanner is not feasible
- Assets that aren't always on and may be unavailable during a scheduled scan window
- Highly dynamic assets in cloud environments (such as AWS, Azure, and GCP).
The Cloud Agent can only be installed on endpoints, such as servers, workstations, and tablets, and is not designed to take place of a scanner appliance. You'll also need a scanner appliance to scan other IT properties like network computers, printers, scanners, and IP cameras. Cloud agents should be used in conjunction with scanner appliances to ensure complete coverage.
Qualys Cloud Agent Getting Started Guide will help you get started.
You can manually install and setup the Qualys agent on your devices. In this blog post, we are going to explain how to do it manually, step by step. After that, we will explain how to easily install with a script for Windows and Linux.
The Agent uploads the baseline snapshot to the cloud agent platform for assessment. For the first upload, the agent collects inclusive metadata about the target device and sends a baseline snapshot to the cloud for assessment. The Scan Complete status is reported upon success. This first scan might take from 30 minutes to 2 hours with the default configuration.
The Agent collects many things for the baseline snapshot, such as network posture, OS, open ports, installed software, installed patches, environment variables, and metadata associated with files. The Agent stores a snapshot on the agent host to rapidly determine deltas to host metadata it collects.
- Login Qualys with your account and go to the Cloud Agent module:
- Click on Manage Activation Keys (or go to the Activation Keys tab):
- Select New Key to create a new activation key:
- Click the Generate button:
- After generating a new key, click on “Install Agent” from the Quick Actions section:
- Find the suitable option and click on “Install Instructions” for the target device:
- The installation command is ready for you with your unique IDs. Copy the command for installation and download the .exe file:
- After downloading, open the command prompt as administrator. Go to the file where the QualysAgent.exe file exists. Paste your command which you copied on the previous step.
- Once you press the enter button, the command runs, and the prompt window gets closed:
- You are done. The Agent connects to the cloud agent platform and registers itself. You could see your first asset discovery results within a few minutes on Qualys:
As you see above, installing an agent manually is not that complicated. All you need to do is copy the command, download the .exe file and run the command. It takes just a few minutes but when you need to install agents for a large number of IT assets, it takes a significant amount of time. As a time-saving solution, we decided to create a single script for all steps. This is also a user-friendly method.
- We searched and found a piece of code that would allow the code to run only as an admin. This was mandatory for the script to run appropriately.
- We check to see if there is a Qualys Cloud Agent already installed on the current device. If a Qualys Cloud Agent is already installed on the device, we remove the existing agent to install the new agent.
Note: Before writing this script, we manually downloaded the QualysAgent.exe file from Qualys and uploaded it to our Google Storage (you can use other ways to download it too.).
- After the uninstallation process, we are downloading the new agent from Google Storage.
- TLS 1.2 must be enabled on client devices to communicate with Qualys Cloud Platform. We do not check it on this script, but we are giving a warning about this.
- When the download process is complete, we run the setup command with the IDs we got from our Qualys account. The installation will then be completed.
- If our first “IF” check about the installed old agent was negative, we will follow the same steps except for the uninstallation process.
- After the installation process, your terminal screen will look like this:
- Finally, you need to restart your device and you will see the running Qualys Agent services in the task manager or Qualys interface.
For more information, please check the Cloud Agent for Windows Installation Guide.
- We have to use console as a root user. After that, we will copy the command which is suitable for our operating system.
For Debian, Ubuntu:
dpkg --purge qualys-cloud-agent ; wget https://storage.googleapis.com/xxxx/xxxx-Servers-UNIXL-DEB-QualysAgent.deb ; dpkg --install xxxx-Servers-UNIXL-DEB-QualysAgent.deb ; /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=xxxx-xxxx-xxxx-xxxx-xxxx CustomerId=xxxx-xxxx-xxxx-xxxx-xxxx
For Red Hat Enterprise Linux, CentOS, Fedora, OpenSUSE, SUSE Enterprise Linux, Amazon Linux, Oracle Enterprise Linux:
rpm -e qualys-cloud-agent ; wget https://storage.googleapis.com/xxxx/xxxx-Servers-UNIXL-RPM-QualysAgent.rpm ; rpm -ivh xxxx-Servers-UNIXL-RPM-QualysAgent.rpm ; /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=xxxx-xxxx-xxxx-xxxx-xxxx CustomerId= xxxx-xxxx-xxxx-xxxx-xxxx
Here, we actually used 4 different commands in one line:
a. The first command uninstalls old agent if exists.
b. The second command downloads the .deb file.
c. The third command adds a new agent to the package manager.
d. The last command installs the agent with the necessary IDs.
Kali Linux (.deb)
- If Qualys Agent is not installed before on this device, the system ignores the “uninstall” command and proceeds to “download” and “install” commands.
Kali Linux (.deb)
- If Qualys Agent is already installed on this device, the system uninstalls the old version and proceeds to “download” and “install” processes.
Kali Linux (.deb)
For more information, please check the Cloud Agent for Linux Installation Guide.
In this post, we talked about the benefits of using Qualys Cloud Agent and how to install it easily by using a script. In our next blog posts, we will be covering Qualys Container Security topic.