0

Cloud Agent Getting Started Guide February 3, 2016

Copyright 2015-2016 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. Qualys, Inc. 1600 Bridge Parkway Redwood Shores, CA 94065 1 (650) 801 6100

Contents About this Guide ............................................................................................. 4 About Qualys........................................................................................................................................... 4 Qualys Support........................................................................................................................................ 4 Get Started ...................................................................................................... 5 Overview .................................................................................................................................................. 5 What do I need to know? ....................................................................................................................... 5 It’s easy to install agents......................................................................................................................... 7 We’re syncing asset data to the cloud!............................................................................................... 10 Continuous scanning in the cloud...................................................................................................... 11 Manage Your Agents .................................................................................... 12 A quick look at your agents................................................................................................................. 12 Tell me about agent status ................................................................................................................... 13 Easily view current Asset Details ....................................................................................................... 14 Change configuration ........................................................................................................................... 15 Tagging agent hosts .............................................................................................................................. 16 Looking for agent files? ........................................................................................................................ 17 Using Qualys Cloud Suite............................................................................. 18 Vulnerability Management (VM) ....................................................................................................... 18 Policy Compliance (PC)........................................................................................................................ 21 Continuous Monitoring (CM) ............................................................................................................. 22 3

About this Guide Thank you for your interest in our revolutionary new Qualys Cloud Agent Platform. This new platform extends the Qualys Cloud Platform to continuously assess global IT infrastructure and applications using lightweight agents. All you have to do is install agents on your IT assets. We’ll help you get started quickly! About Qualys Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud security and compliance solutions with over 7,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100.The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, Accuvant, BT, Cognizant Technology Solutions, Dell SecureWorks, Fujitsu, HCL Comnet, InfoSys, NTT, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA) For more information, please visit www.qualys.com Qualys Support Qualys is committed to providing you with the most thorough support. Through online documentation, telephone help, and direct email support, Qualys ensures that your questions will be answered in the fastest time possible. We support you 7 days a week, 24 hours a day. Access support information at www.qualys.com/support/ 4

Get Started With Qualys Cloud Agent you’ll get continuous network security updates through the cloud. As soon as changes are discovered on your hosts they’ll be assessed and you’ll know about new security threats right away. All you have to do is install lightweight agents on your hosts - we’ll help you do this quickly! Overview Install lightweight agents in minutes on your IT assets. These can be installed on your onpremise systems, dynamic cloud environments and mobile endpoints. Agents are centrally managed by the cloud agent platform and are self-updating (no reboot needed). Scanning in the Cloud We’ll start syncing asset data to the cloud agent platform once agents are installed. Agents continuously collect metadata, beam it to the cloud agent platform where full assessments occur right away. Since the heavy lifting is done in the cloud the agent needs minimal footprint and processing on target systems. Stay updated with network security Scanning in the cloud uses the same signatures (vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. You’ll get informed right away about new security threats using your Qualys Cloud Suite applications - Vulnerability Management (VM), Policy Compliance (PC), Continuous Monitoring (CM) and Asset Management (AM). What do I need to know? Here’s a few things to know before you install agents on hosts within your network. Watch the overview for an introduction. Video Tutorials Cloud Agent Platform Introduction (2m 10 s) Getting Started Tutorial (4m 58s) Get informed quickly about the revolutionary new Qualys Cloud Agent Platform. From the Community CA Platform Announcement Webcast - An Introduction to CA (58m) 5

What do I need to know? Cloud Agent requirements - We support Windows (.exe) Linux (.rpm) Windows XP SP3 and above Window Server Editions Red Hat Linux 5 and above CentOS 5.11 and above Fedora openSUSE 11, 12 SUSE 11, 12 Linux (.deb) Debian 7, 8 Ubuntu 12, 14, 15 - Your hosts must be able to reach your Qualys Cloud Platform (or the Qualys Private Cloud Platform) over HTTPS port 443. Go to Help > About to see the URL your hosts need to access. - To install Windows agent you must have local administrator privileges on your hosts. Do you have a proxy? No problem, you can configure proxy settings. - To install Linux agent you must have root privileges, non-root with Sudo root delegation, or non-root with sufficient privileges (VM scan only). Do you have a proxy? By default the Linux agent will operate in non-proxy mode and you can configure proxy settings. Steps to install agents - Create an activation key. This provides a way to group agents and bind them to your account. - Download the agent installer to your local machine. - Run the installer on each host from an elevated command prompt, or use group policy or a systems management tool. - Activate agents for modules in your subscription (VM and/or PC). A license will be consumed for each agent activated. Our Quick Start Guide will help you get started quickly Just go to your username menu and select Quick Start Guide. Click Cloud Agent Overview for helpful information on requirements, proxy support and more 6

It s easy to install agents It’s easy to install agents It just takes a couple minutes to install an agent. Our wizard will help you do it quickly! Help me with the steps Start the wizard Choose Agent Management and select Manage Activation Keys (or go to the Activation Keys tab). Select New Key to create a new activation key. An activation key is used to install agents. The activate key provides a way to group agents and bind them to your account. For example, you can create different keys for various business functions and users. Already have a key? Just select a key from the list, and select Install Agent from the Quick Actions menu. 7

It s easy to install agents Generate a new activation key Click the Generate button. By default, your key is unlimited - any number of agents at any time. Set limits if you want the key to expire after a number of agents, or on a certain date, or both. Auto activate agents for VM, PC or both. Skip this step to activate agents at a later time. Review installation requirements and press Continue. Give your key a meaningful name to easily identify it later. By adding tags you can easily find agents installed using this key. We’ll associate the tags to the agent hosts. 8

It s easy to install agents Choose operating system installation Don’t see all of the options? Just go to Help > Contact Support and we’ll help you with this quickly Install your agents You’ll download the agent installer and run on your hosts. To run the installer you just copy and paste the command shown - it’s that simple. Run installer on each host from an elevated command prompt, or use group policy or a systems management tool Take steps for proxy support and certificate support plus more. Windows Agent Deployment | Linus Agent Deployment 9

We re syncing asset data to the cloud! We’re syncing asset data to the cloud! The agent immediately connects to the cloud agent platform and registers itself. We would expect you to see your first asset discovery results within a few minutes. This is a light scan that collects asset inventory data: IP address, OS, DNS/NetBIOS names, MAC address. Status messages are continuously updated. Learn more Be sure to Activate Agents If agent modules (VM/PC) were not already activated for the agent host, you can select Activate Agent from the Quick Actions menu (or do it for multiple agents in bulk using the Actions menu). If you skip this step your agents will sync inventory information only (IP address, OS, DNS and NetBIOS names, MAC address) and the cloud agent platform will not perform host assessments and report security threats. No agent status? You should see the status of your agent (on the Agents tab) a few minutes after installation. If there’s no status this means your agent has not been installed - it did not successfully connect to the cloud platform and register itself. There are 2 common reasons for this: 1) The agent host cannot reach the Qualys Cloud Platform (or the Qualys Private Cloud Platform if this applies to you) over HTTPS port 443. Check network access and be sure to whitelist the platform URL listed in your account. Just go to Help > About for details. 2) You have a custom proxy. Our Quick Start Guide > Cloud Agent Overview will help you with this quickly. Still need help? Click here to troubleshoot. 10

Continuous scanning in the cloud Continuous scanning in the cloud The first assessment scan in the cloud takes some time, after that scans complete as soon as new host metadata is uploaded to the platform. How it works The agent sends up an upload of the baseline snapshot to the cloud agent platform for assessment. For the initial upload the agent collects comprehensive metadata about the target host (a few megabytes) and sends a baseline snapshot to the cloud for assessment. The status Scan Complete is reported upon success. This first scan typically takes 30 minutes to 2 hours using the default configuration - after that scans run instantly on the delta uploads (a few kilobytes each). The asset data the agent collects includes many things for the baseline snapshot like network posture, OS, open ports, installed software, registry info, what patches are installed, environment variables, and metadata associated with files. The agent stores a snapshot on the agent host to quickly determine deltas to host metadata it collects. What signatures are tested? Agent-based scanning uses the same signatures (vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. If you’ve activated your agents for VM, we’ll test for vulnerability signatures. If you’ve activated your agents for PC we’ll check for compliance datapoints. 11

Manage Your Agents A quick look at your agents 1 Search your registered agents. 2 Agent hostname - NetBIOS name for a Windows host, DNS name for a Linux host. 3 Agent hosts are assigned the Cloud Agent tag to help you manage and report on them. 4 You should see status messages within a few minutes after installation. Learn more 5 A configuration is assigned with settings that impact agent behavior. System Default is the configuration provided by our service. Want to customize it? Just go to Configuration Profiles and select New Profile. 12

Tell me about agent status Quick Actions menu lets you - view asset details - activate agent for assessment - uninstall agent Actions menu lets you update multiple agents at once Tell me about agent status The agent status is continuously updated to keep you informed about your agent. Not seeing any status? Read our troubleshooting tips (under Help > Online Help). Provisioned The agent successfully connected to the cloud platform and registered itself. Manifest Downloaded The cloud platform updated the manifest assigned to this agent. This tells the agent what metadata to collect from the host. The updated manifest was successfully downloaded and it is in effect for this agent. Configuration Downloaded A user updated the configuration profile assigned to this agent. This defines agent behavior, i.e. how the agent will collect data from the host. The updated profile was successfully downloaded and it is in effect for this agent. Agent Downloaded A new agent version was downloaded and the agent was upgraded as part of the auto-update process. Note the agent does not need to reboot to upgrade itself. Inventory Scan Complete The agent completed host discovery, collected some host information and sent it to the cloud platform. During host discovery the agent attempts to collect this information: IP address, OS, NetBIOS name, DNS name, MAC address. Scan Complete The agent uploaded new host metadata and an assessment was performed on the cloud platform. If there is new assessment data (e.g. new VM vulnerabilities, PC datapoints) the cloud platform processes this data to make it available in your account for viewing and reporting. 13

Easily view current Asset Details Easily view current Asset Details Select View Asset Details from the menu Asset Summary and sections that follow show you current asset data returned from the latest inventory scan and the latest full scan (assessment). Drill down to the various sections to view comprehensive details returned from vulnerability assessments. You can view control datapoints when your account has Policy Compliance (PC) enabled, and alert notifications when Continuous Monitoring (CM) is enabled. 14

Change configuration Change configuration Agents have a default configuration and this controls how agents behave. You can change agent configuration by creating configuration profiles. The Configuration Profiles tab is where you can view the default configuration settings and customize them as needed. Tip - View Initial Profile to see the default settings provided by Qualys Initial Profile is the default profile with configuration settings provided by Qualys. This is assigned to agents by default at installation time. You can easily view the profile settings. Profile settings impact many agent behaviors. How and when the agent collects metadata, when it should sync with the cloud platform, when to do self-updates, tuning of performance and bandwidth utilization, etc. You can create custom profiles with various settings and assign to hosts using tags. Best Practices You might want to assign different agent configurations for different parts of your network infrastructure, i.e. laptops, servers, desktops, datacenters. Just tag your hosts according to your groupings and assign these tags to different configuration profiles. 15

Tagging agent hosts Tagging agent hosts The dynamic asset tagging features help you manage your agent host assets just like other assets in your subscription. The Cloud Agent tag is assigned to every agent host. Select this tag and you’ll see the number of agent hosts (assets). The Find assets option lets you find agent assets. You might want to tag agent hosts to help you organize them and report on them. 16

Looking for agent files? Looking for agent files? The agent is centrally managed by the cloud platform. For this reason you should not edit or execute the agent files installed on your hosts - we list these here for your information. For help with troubleshooting you might want to review the log files. What’s included? Program files, the manifest (instructions for what data the agent collects), configuration (how the agent behaves), snapshot database and log files. Windows agent C:\Program Files (x86)\QualysAgent\Qualys\QualysCloudAgent.exe C:\Program Files (x86)\QualysAgent\Qualys\Uninstall.exe C:\Program Data\Qualys\QualysAgent\* Log files (Log.txt, Archive.txt) are located here: C:\Program Data\Qualys\QualysAgent On XP and Server 2003, log files are located here: C:\Documents and Settings\All Users\Application Data\Qualys\QualysAgent Have custom variables? No worries, we’ll install the agents following the environment settings defined for your hosts. Linux agent /etc/init.d/qualys-cloud-agent /etc/qualys/cloud-agent/qagent-log.conf /usr/local/qualys/cloud-agent/Default_Config.db /usr/local/qualys/cloud-agent/bin /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh /usr/local/qualys/cloud-agent/lib/* /usr/local/qualys/cloud-agent/manifests Log file: /var/log/qualys/qualys-cloud-agent.log Still need help? Click here to troubleshoot. 17

Using Qualys Cloud Suite As soon as agents discover issues on your hosts you’ll know about them right away! Our Qualys Cloud Suite applications - VM, PC, AM, CM - automatically integrate vulnerability management data and policy compliance data collected by agents. A change reported by an agent to the cloud platform is immediately assessed, and updated asset data is available in your account right away. Your Qualys Cloud Suite applications bring you: - Current security posture for your hosts - Details on up-to-the minute assessments and security threats - Reports on the latest asset data, and the ability to schedule them - Alerts as soon as certain host changes occur (using Continuous Monitoring) Jump in to your account anytime to get the latest security updates! Vulnerability Management (VM) The latest Vulnerability Management assessment data is available in your Qualys account at all times from scans performed by the cloud agent platform. You’ll see agent hosts listed on the Host Assets tab with the tracking method Agent. 18

Vulnerability Management (VM) Just click to see comprehensive host information. Once a light scan is complete, you’ll see basic information about the agent host. For this host we already added tags using the Asset Management application. VM assessment data appears in the Vulnerabilities section for an agent host, just like it does for traditional hosts tracked by another tracking method. Once a full scan is complete, you’ll see assessment data in the Vulnerabilities section. 19

Vulnerability Management (VM) You can create VM Reports on agent hosts with up to the minute asset data as needed, or schedule them to run at a convenient time. Tip - You can select the Cloud Agent tag to report on all your agent hosts. This sample High Severity Report shows detailed results for an agent host - the details appear just like any other host in your subscription. How do I run this report? Go to VM > Reports > Templates, select the High Severity Report and then Run from the Quick Actions menu. 20

Policy Compliance (PC) The same applies to Patch Reports. You can run a Patch Report to find the patches that are needed for agent hosts, just like you do for host tracked by IP address, NetBIOS or DNS. If you select the Cloud Agent tag for the report target, your report includes all host agents in your account. How do I run this report? Go to Reports > Report Templates, select Qualys Patch Report then Run from the Quick Actions menu. Policy Compliance (PC) The latest Policy Compliance data is available in your Qualys account at all times from scans performed by the cloud agent platform. You’ll see agent hosts listed on the Host Assets tab with the tracking method Agent. Once a full scan is complete, the Compliance section shows you a list of policies with controls that have been evaluated for this host. You can create PC reports on agent hosts with up to the minute asset data as needed, or schedule them to run at a convenient time. - Download the latest Individual Host Compliance Report (pdf) from the Host Information. - Create custom PC reports from the Reports tab using templates (Qualys provided and custom). - Select the Cloud Agent tag for the target to report on agent hosts in your account. 21

Continuous Monitoring (CM) Continuous Monitoring (CM) Using Continuous Monitoring you’ll be alerted within minutes of a change happening on an agent host, just like any other host in your subscription. Here’s a quick way to get started. Go to Configuration > Monitoring Profiles and select New Profile Choose agent hosts by selecting tags or IPs/Ranges. Tip - Select from IP network range tags in your account (like a custom asset group, a business unit, or a custom tag defined using the Asset Management application). We recommend the Initial Ruleset to get started. (You can customize this now, or do it later) Set up notification options - frequency and distribution group (be sure to include yourself). That’s all there is to it! You’ll start getting alerts on your agent hosts. At any time you can update the ruleset or profile to change what you’ll be alerted on and when. 22

1 Publizr

Index

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11
  12. 12
  13. 13
  14. 14
  15. 15
  16. 16
  17. 17
  18. 18
  19. 19
  20. 20
  21. 21
  22. 22
Home


You need flash player to view this online publication