Qualys Cloud Platform – VMDR: LAB

Qualys Cloud Platform - VMDR: LAB

In this project, I will demonstrate the process of setting up and managing assets in Qualys Cloud Platform using its Vulnerability Management, Detection, and Response (VMDR) module. The steps include adding scannable host assets by using the best practice of IP tracking, as well as other tracking options such as DNS and NetBIOS.

I will show how to add IP-tracked assets, configure and deploy the Cloud Agent on a Linux asset, and assign configuration profiles through asset tags. I’ll also outline the use of an Activation Key to configure the Cloud Agent, selecting relevant modules like Vulnerability Management, Secure Configuration Assessment, and Patch Management. Finally, I’ll verify the successful deployment of the Cloud Agent with the correct profile for the asset, emphasizing the importance of tracking methods based on the asset’s IP address acquisition strategy.

This project highlights the best practices in asset management for clean, reliable data in Qualys, ensuring seamless tracking and security scanning.

1. Overview of host assets as IP-tracked assets.

The tracking method impacts how the hosts will be listed in your scan reports. In the VMDR application, click on the Assets section.

2. We head to Address Management and select New IP Tracked Addresses.

3. Now we add a new IP address

4. Now I have successfully added IP tracked host assets

Other options are to track assets by DNS name, or by NetBIOS name, although using IP tracked is the best practice. I have also added the IP 172.16.1.1-172.16.1.5 a vulnerability scan can be launched immediately if required.

5. Deploy the Cloud Agent to a Linux asset

I will configure an Activation Key, deploy the agent software, and assign a Configuration Profile.

6. Asset Tags can be used to associate Cloud Agent assets with specific configurations.

7. Once added, we add provision keys; I've selected Vulnerability Management, Secure Config Assessment and Patch Management

8. Now I need to download the Cloud Agent installer appropriate for the operating system of the asset. In this case, I will install Linux x64 and download .rpm

9. Now I've copied and pasted the shell script into the terminal, which will configure the Cloud Agent software to use the Activation Key that I've created earlier.

10. Now I will need to wait until the Cloud Agent next checks in to the platform.

11. Finally I've Linux Cloud Agent asset has been assigned the High Performance - User Devices profile. I have successfully deployed Cloud Agent to a Linux asset and assigned a Configuration Profile.

Important note: if your assets are not relying on DHCP, then it is usually best to add the assets “IP Tracked” and rely on Merging, Agentless tracking, and good purging practices to keep your data in Qualys clean and up-to-date.

If your assets are relying on DHCP to acquire their IP addresses, then the DNS tracking method is recommended.

If your assets are ALL using a Windows operating system, then NetBIOS tracking method works well.

Thanks for your time.