Cloud Agent Lab Exercises V22

Cloud Agent
Training Labs
1
Table of Contents
LAB 1: SETUP & DEPLOYMENT (25 MIN.) ....................................................................................................... 3
LOGIN TO QUALYS ........................................................................................................................................................................ 3
UPDATE USER PROFILE ............................................................................................................................................................... 6
ACCOUNT SETTINGS ..................................................................................................................................................................... 9
CLOUD AGENT DEPLOYMENT ................................................................................................................................................... 10
CREATE CLOUD AGENT ACTIVATION KEY .............................................................................................................................. 10
WINDOWS AGENT INSTALLATION ........................................................................................................................................... 15
MAC OS AGENT INSTALLATION ............................................................................................................................................... 21
RPM-BASED AGENT INSTALLATION ...................................................................................................................................... 25
DEBIAN OR UBUNTU AGENT INSTALLATION ......................................................................................................................... 29
CLOUD AGENT INVENTORY ....................................................................................................................................................... 33
CA LOG ANALYSIS & TROUBLESHOOTING ............................................................................................................................. 33
CA APPLICATION SUPPORT ...................................................................................................................................................... 34
CA SEARCH .................................................................................................................................................................................. 34
VIEW ASSET DETAILS ................................................................................................................................................................ 36
LAB 2: CONFIGURATION AND TUNING (20 MIN.) ...................................................................................... 37
CLOUD AGENT CONFIGURATION PROFILE .............................................................................................................................. 37
General Info ............................................................................................................................................................................. 37
Blackout Windows ............................................................................................................................................................... 38
Performance ........................................................................................................................................................................... 39
Assign Hosts ............................................................................................................................................................................ 42
VM Scan Interval ................................................................................................................................................................... 43
PC Scan Interval .................................................................................................................................................................... 43
FIM, EDR, and PM ................................................................................................................................................................. 43
ACTIVATE/DEACTIVATE AGENT ............................................................................................................................................. 45
UNINSTALL AGENT .................................................................................................................................................................... 46
LAB 3: CLOUD AGENT & VM (5 MIN.) ............................................................................................................. 47
LAB 4: CLOUD AGENT & PC (10 MIN.) ........................................................................................................... 49
LAB 5: CLOUD AGENT & ASSETVIEW ............................................................................................................. 55
LAB 6: ** DEPRECATED ** ................................................................................................................................. 58
APPENDIX A: LAB HOST SETUP ....................................................................................................................... 59
GUEST HOST OS ......................................................................................................................................................................... 59
GUEST HOST BROWSER ............................................................................................................................................................. 59
2
LAB 1: Setup & Deployment (25 min.)
This lab will address the steps needed to setup your Qualys student lab account. Please
complete all the Lab 1 exercise steps, before advancing to subsequent labs.
Login to Qualys
Student account credentials for Self-Paced training classes are automatically generated and sent
to your email inbox, within 2 business days (public email accounts and domains are not
supported).
Student account credentials for Instructor-Led training classes are provided by the Qualys class
instructor.
Your student account is active for 30 days (from the date it was created). Please contact
training@qualys.com with account credential issues or questions.
1. Open your Qualys student lab account message/document.

2. Record the USERNAME from this document.
3
**The period at the end of the sentence is NOT a part of the USERNAME.
3. To obtain the password, click the link found in the registration document.
4. On the activation page, enter the OTP code found from the registration
document and click Submit (If it’s been over 30 minutes since you received the
registration document, the OTP code will not work; use the Resend button to
generate a new OTP code.
For security, the Login username on this page appears partially obfuscated with
******.
4
5. Please record your student trial account PASSWORD.
6. Use the link provided to login and activate your Qualys student lab account.
All student accounts are located on Qualys US Platform 3: USPOD 3 -
https://qualysguard.qg3.apps.qualys.com/
Please use this URL to login to your trial account, unless instructed otherwise, by
a Qualys Trainer.
7. After entering your title or “Student” in the “Title” field, scroll-down and select
the checkbox to accept the “Service Agreement” and click the “I Agree” button.
5
8. Enter your current password, and then chose a new password.
Now is a good time to record both your account username and new password.
9. Click the “Save” button, followed by the “Close” button.
10. Log back in to your student account using your new credentials.
Update User Profile

The steps that follow will help to personalize your student user account, and make other
adjustments that will provide a more effective training environment.
1. Click on your User ID (located between “Help” and “Logout”) and select the “User
Profile” option.
6
General Information
Please make any necessary adjustments to the “General Information” section of your
user profile.
2. Update the “E-mail Address” field with your current e-mail address (notifications
and password reset information will be sent to the address you provide).
User Role
Different Qualys user accounts, take on different user roles.
3. Click “User Role” in the navigation pane (left) and make note that your student
account “User Role” is: Manager, and you can access your account using the
Graphical User Interface (GUI) and the Application Program Interface (API).
7
Notification Options
All notifications will be sent to the e-mail address specified in the “General Information”
section.
4. Click “Options” in the navigation pane (left) and make the appropriate selections
for the type of notifications you would like to receive.
8
Account Settings
Changes made to account settings will affect all user accounts in your Qualys
subscription.
1. Click on your User ID (located between “Help” and “Logout”) and select the
“Account Settings” option.
2. Click the “Security” setup option.
3. Increase your Session Timeout value to the maximum (240 min.)

This adjustment will help you to maintain an ACTIVE session throughout the
entire training class.
4. Click the “Save” button, followed by the “Close” button.
9
Cloud Agent Deployment
Qualys Cloud Agent (CA) provides data collection and security services to host assets
running supported operating systems.
Because this is a training/learning activity, Qualys recommends performing the CA
installation on a “nonessential” lab host used for testing purposes. Appendix A of this
lab document provides some helpful information for setting-up a virtual host for this
purpose.
Your Qualys student lab account will remain active for 30 days. If you install CA on your
“everyday” laptop or desktop computer, be sure to uninstall the agent before your
student lab account expires.
You must have administrative or root access to your target host to successfully perform
the Cloud Agent installation. The target host must have Internet access, and a clear
path to the Qualys Cloud Platform.
Create Cloud Agent Activation Key

Before you can install an agent on a host, you must first generate an Activation Key.
Activation Keys allow you to manage and control the distribution of agents throughout
your organization.
1. Use the Application drop-down menu to open the Cloud Agent application.
The Cloud Agent application is your command and control center for deploying
and managing agents.
2. Click A) the “Agent Management” menu, followed by B) the “Activation Keys”

tab, and then click C) the “New Key” button.
10
Activation Key configuration options include: 1) Qualys application modules
supported by the agent, 2) Asset Tags assigned to each agent host, and 3) Key
limitations or restrictions.
3. Give this key the title of “CA Lab Key”.

4. For now, select the checkboxes for the VM and PC applications.
The Asset Inventory module is automatically selected, by default.
5. Do not set any limits on this activation key.
Potential limits include:
§ Maximum number of agents installed (using this key)
§ Key expiration date
If both limits are selected, the key will expire when the first limit is reached.
6. Click the “Create” link (just below the Title) to add an Asset Tag to this key.
11
The “Tag Creation” wizard will walk you through the steps to create an Asset
Tag. Adding an Asset Tag will make it easier to identify agents installed with this
key.
7. Type “CA Lab” in the “Name” field and click the “Continue” button.
8. Leave the Rule Engine set to the “No Dynamic Rule” option and click the
“Continue” button, followed by the “Finish” button.
The “No Dynamic Rule” is used here, because it allows you to control the
placement of this Asset Tag (i.e. no random or dynamic behavior).
12
The “CA Lab” tag will now be placed on all agent hosts created with this key. You
will use this same tag later, to assign agent hosts to their appropriate
Configuration Profile.
9. With the “CA Lab” tag added to this key, click the “Generate” button.
13
Once your activation key is successfully generated, it can be used with any of the
supported operating systems.
You can download the agent installation programs or acquire the installation
commands anytime; just click the “Install Instructions” button that matches your
targeted OS.
10. For now, click the “Close” button.
The exercise steps that follow, provide instructions for a Windows, Mac, or Linux
agent installation. A single installation will suffice for this lab (i.e., you do not
need to perform more than one installation).
14
Windows Agent Installation
The installation steps that follow support Windows XP SP3 or greater. Older versions of
Windows that do not support TLS 1.2 will need to connect to the Qualys Cloud Platform
through a proxy or the Qualys Gateway Service (QGS).
If your target host is running a Mac or Unix-based OS, you may skip these steps and
proceed to the next “OS Installation” section.
** IMPORTANT: You must have administrative access to the target Windows host, to
successfully perform the Cloud Agent installation steps that follow.
1. Open a Web browser (e.g., Edge, IE, Chrome, Firefox, etc...) on the target
Windows host and login to your student lab account.
Qualys student lab accounts typically begin with the characters: “trann3,”
followed by 2 to 4 random characters. The login URL for your lab account is:
If you are installing to a Windows Server, disable the “IE Enhanced Security
Configuration” option for the Local Server.
2. Open the Cloud Agent (CA) application, navigate to the “Agent Management”
section, and click the “Activation Keys” tab.
3. Use the “Quick Actions” menu of your activation key to select the “Install
Agent” option.
4. Click the “Install instructions” button for the “Windows (.exe)” option.
15
5. Copy and paste the installation command into a plain text document and save
the document as ‘agent_install.txt’ to the Desktop of your target Windows
host.
6. Click the “Download .exe file” button and save the Cloud Agent installation file
(.exe) to the Desktop of your target Windows host.
7. After the download is complete, click the “Close” button.
The Desktop of your target Windows host should now contain both files:
1) ‘agent_install.txt’ and 2) ‘QualysCloudAgent.exe’.
16
Command Line Installation
Although this lab uses a simple ‘command line’ technique to install Cloud Agent, other
techniques and/or third-party applications can be leveraged to automate your Cloud
Agent deployments.
1. Open a “Command Prompt” window on the target Windows host.
2. Navigate to the Desktop, or the directory that contains the Cloud Agent
installation program (QualysCloudAgent.exe).
3. Use the “dir” command to verify the existence of the installation program file.
If you do not see file “QualysCloudAgent.exe” navigate to its correct location
before executing the installation command.
4. Open the text file that contains your Cloud Agent installation command (i.e.,
agent_install.txt).
5. Copy and paste the Cloud Agent installation command into the “Command
Prompt” window and press the “Enter” key.
The agent installation program will execute with your Activation Key and
Customer ID.
17
Validate CA Installation
To verify the success of your installation, look for the Cloud Agent process within
Windows Task Manager.
1. Open the Windows Task Manager and verify Qualys Cloud Agent is running
(Ensure you are viewing processes from all users).
2. Close the Windows Task Manager.
18
Locate Host ID
All agent host assets are automatically assigned a Universally Unique ID (UUID) by
Qualys. For a Windows host, this Host ID can be found in the Windows Registry.
3. From a “Command Prompt” window, open the Windows Registry Editor (i.e.,
regedit.exe) and navigate to HKLM\SOFTWARE\Qualys.
The “HostID” registy value will be used to track the vulnerability findings history
for this host.
If the HostID is not displayed, your newly installed agent may still be
completing some preliminary tasks within its manifest.
4. Close the Windows Registry Editor.
19
View CA Log File (Log.txt)
You can use the Cloud Agent log file to monitor agent activity. You will find the log file
for a Windows host in the “ProgramData” (hidden) folder.
5. Use Windows Explorer or a Command Prompt window to navigate to the

following directory path:
C:\ProgramData\Qualys\QualysAgent
A Windows host may deny access to the QualysAgent folder. In this event,
simply copy the QualysAgent folder to your Desktop and use the copy to
complete the next step.
6. Use any text editor, such as Notepad, to open and view the ‘Log.txt’ file.
*Note: a Windows XP host uses a different directory path for its agent log file:
C:\Documents and Settings\All Users\Application Data\Qualys\QualysAgent
7. Once your Cloud Agent installation is complete and successfully validated,

return to your original host (and Web browser) to complete the remaining lab
exercises.
8. You may skip the Mac OS and Linux OS agent installation steps and proceed
directly to the “CA Install Programs and Scripts” section.
20
Mac OS Agent Installation
If you have already completed a Windows agent installation, or your target host is
running a Unix-based OS, you may skip these steps and proceed to the next section.
The installation steps that follow support Mac OS 10.12 or higher.
** IMPORTANT: You must have root or root-equivalent access to the target Mac host, to
1. Open a Web browser (e.g. Chrome, Firefox, or Safari) on the target Mac host
and login to your student lab account.
Agent” option.
4. Click the “Install instructions” button next to the “Mac (.pkg)” option.
21
5. Copy and paste the installation commands into a plain text document and save
the document as ‘agent_install.txt’ to the Desktop of the target Mac host.
There are two (2) commands. Each command begins with ‘sudo’.
6. Click the “Download .pkg” button and save the Cloud Agent installation file
(.pkg) to the Desktop of your target Mac host.
The Desktop of your target Mac host should now contain both files:
1) “agent_install.txt” and 2) “qualys-cloud-agent_x86_64.pkg”.
22
Agent deployment.
The Mac Agent installation file (.pkg) must be installed from a “Terminal” window. Do
NOT attempt to install this file using typical Mac GUI techniques.
1. Open a “Terminal” window on the target Mac host.
installation file (.pkg).
3. Use the “ls” command to verify the existence of the installation package.
If you do not see file “qualys-cloud-agent_x86_64.pkg” navigate to its correct
location before executing the installation command.
4. Open the text file that contains your Cloud Agent installation commands (i.e.,
agent_install.txt).
5. Copy and paste only the first “sudo” command of this file into the “Terminal”
window and press the “Enter” key.
This first command unpacks and installs the Cloud Agent package.
6. When the first command has completed, copy and paste the remainder of the
“agent_install.txt” file (i.e., the second “sudo” command) into the “Terminal”
window, and press the “Enter” key.
This second command runs a shell script that that restarts the Cloud Agent
service and activates your license key.
To verify the success of your “command line” installation, look for the Cloud Agent
process.
1. Use the “ps” command, to verify ‘qualys-cloud-agent’ is running.
ps -e | grep qualys
23
Locate Host ID
All agent host assets are automatically assigned a Qualys Host ID (UUID). For a Mac
host, this Host ID can be found at /etc/qualys/hostid.
2. From a Terminal window, execute the following command:
sudo cat /etc/qualys/hostid
If the HostID is not displayed, your newly installed
agent may still be completing some preliminary tasks
within its manifest.
Locate CA Log File (qualys-cloud-agent.log)

for a Mac host in the /var/log/qualys directory.
sudo cat /var/log/qualys/qualys-cloud-agent.log
4. Once your Cloud Agent installation is complete and successfully validated, return
to your original host (and Web browser) to complete the remaining lab
exercises.
5. You may skip the Linux OS agent installation steps and proceed directly to the
“CA Install Programs and Scripts” section.
24
RPM-Based Agent Installation
If you have already completed a Windows or Mac OS agent installation, or your target
host is running Debian or Ubuntu OS, you may skip these steps and proceed to the next
section.
RPM-based Linux operating systems include: Red Hat Enterprise Linux, CentOS, Fedora,
OpenSuSE, SuSE, Amazon Linux, and Oracle Enterprise Linux.
** IMPORTANT: You must have root or root-equivalent access to the target host, to
1. Open a Web browser (e.g. Chrome or Firefox) on the target UNIX host and
login to your student lab account.
Agent” option.
4. Click the “Install instructions” button next to the “Linux (.rpm)” option.
25
the document as ‘agent_install.txt’ to the Desktop of the target Unix host.
6. Click the “Download. rpm file” button and save the Cloud Agent installation file
(.rpm) to the Desktop of your target Unix host.
The Desktop of your target Unix host should now contain both files:
1) “agent_install.txt” and 2) “qualys-cloud-agent_x86_64.rpm”.
26
Agent deployment.
7. Open a “Terminal” window on the target Unix host.
installation file (.rpm).
9. Use the “ls” command to verify the existence of the installation file.
If you do not see file “qualys-cloud-agent_x86_64.rpm” navigate to its correct
“agent_install.txt”).
11. Copy and paste only the first command line of this file into the “Terminal”
agent_install.txt file (i.e., the second command) into the “Terminal” window,
and press the “Enter” key.
27
process.
6. Use the “ps” command, to verify ‘qualys-cloud-ag’ is running.

ps -e | grep qualys
Locate Host ID
Qualys. For a Unix host, this Host ID can be found at /etc/qualys/hostid.

for a Unix host in the /var/log/qualys directory.
exercises.
10. You may proceed directly to the “CA Install Programs and Scripts” section.
28
Debian or Ubuntu Agent Installation
If you have already completed a Windows, Mac OS, or RPM-Based Linux agent
installation, you do not need to perform these installation steps and may proceed to the
next section.
** IMPORTANT: You must have root or root-equivalent access to the target host, to
1. Open a Web browser (e.g. Chrome or Firefox) on the target UNIX host and
login to your student lab account.
Agent” option.
4. Click the “Install instructions” button next to the “Linux (.deb)” option.
29
the document as ‘agent_install.txt’ to the Desktop of the target Unix host.
6. Click the “Download. deb file” button and save the Cloud Agent installation file
(.deb) to the Desktop of your target Unix host.
The Desktop of your target Unix host should now contain both files:
1) “agent_install.txt” and 2) “qualys-cloud-agent_x86_64.deb”.
30
Agent deployment.
13. Open a “Terminal” window on the target Unix host.
installation file (.deb).
15. Use the “ls” command to verify the existence of the installation file.
If you do not see file “qualys-cloud-agent_x86_64.deb” navigate to its correct
“agent_install.txt”).
17. Copy and paste only the first command line of this file into the “Terminal”
agent_install.txt file (i.e., the second command) into the “Terminal” window,
and press the “Enter” key.
31
process.
11. Use the “ps” command, to verify ‘qualys-cloud-ag’ is running.

ps -e | grep qualys
Locate Host ID
Qualys. For a Unix host, this Host ID can be found at /etc/qualys/hostid.

for a Unix host in the /var/log/qualys directory.
exercises.
32
Cloud Agent Inventory
At this point, you may return to your original host (and Web browser), if you installed
Cloud agent on a separate host.
It typically takes a few minutes for a new Agent Host to appear under the “Agents” tab.
1. Navigate to the “Agents” tab and click the “Gear” icon in the upper-right corner
to refresh your view.
In addition to the “CA Lab” tag created by your Activation Key, a “Cloud Agent”
Asset Tag is automatically placed on your agent host.
Additional objects and indicators will be added, as your newly installed agent
continues to work through its initial manifest.
CA Log Analysis & Troubleshooting

Visit the Qualys Training Video Library for more information and details on agent log
analysis and troubleshooting:
§ Introduction to Troubleshooting & Log Analysis (https://vimeo.com/412764672)
§ Troubleshooting & Log Analysis – Common Errors (https://vimeo.com/412762742)
§ Troubleshooting & Log Analysis – Unix/Linux Distribution (https://vimeo.com/418215691)

§ Common Errors and Their Solutions – Unix/Linux Distribution (https://vimeo.com/418218290)
33
CA Application Support
Qualys Cloud Agent collects and provides data for multiple Qualys Platform applications,
including:
§ AssetView (AV) & Asset Inventory (AI) – enabled by default
§ Vulnerability Management (VM) – includes Threat Protection (TP) & Continuous
Monitoring (CM)
§ Policy Compliance (PC) & Security Configuration Assessment (SCA)
§ File Integrity Monitoring (FIM)
§ Endpoint Detection & Response (EDR)
§ Patch Management (PM).
NOTE: AssetView and Asset Inventory are enabled, by default. Threat Protection (TP)
and Continuous Monitoring (CM) are supported via activation of the VM module.
You’ll find complete details on agent OS and application support in the Getting Started
User Guide (https://www.qualys.com/docs/qualys-cloud-agent-getting-started-
guide.pdf)
CA Search
All agent hosts are listed under the “Agents” tab. As your agent hosts grow in number,
you can use the CA “Search” field to help you quickly find the agent host you are looking
for.
1. From the “Agents” tab, type “last” (omit quotes) into the “Search” field.
34
A list of search terms will be displayed that contain the characters you type.
Detail is provided in the right pane, for any search term highlighted in the left
pane.
2. Mouse-over “lastCheckedIn” in the left pane, to display its detailed description

in the right pane.
3. Click the “view more” link in the right pane, to display a brief tutorial for using
the Cloud Agent “Search” field.
This tutorial provides details and good examples for using proper syntax and
query structure.
4. Close the tutorial window.
5. Copy and paste a “LastCheckedIn” example (from the “Syntax Help” window)
into the “Search” field, as illustrated above.
The query in the illustration above returns a list of agent host assets that have
successfully checked-in within the last two weeks.
6. Click the “Search” button.
If your agent host has already checked-in, it will be displayed in the result set.
7. Adjust the existing query by inserting the “not” operator before the
“lastCheckedIn” parameter (as illustrated above).
The query now displays agent host asset that have NOT checked-in, within the
last two weeks.
Tip: Clear the “Search” field and enter any character(s) (e.g.,”a”, “e”, “i”, “o”, “u”,
ect..) to identify search parameters that contain the character(s) you type.
35
View Asset Details
The asset details provided by the Cloud Agent application are similar to those provided
by Qualys AssetView.
1. Clear the “Search” field of any queries, so that all agent assets are displayed.
2. Use the “Quick Actions” menu of your agent host to “View Asset Details.”
3. Navigate (click) through the “View Mode” options, to observe the information
provided.
As your newly installed agent continues to work through its “initial manifest”
more asset details will be revealed. Please check back later, if vulnerability or
compliance findings are not yet displayed.
4. Click the “Close” button.
36
LAB 2: Configuration and Tuning (20 min.)
The Cloud Agent application is your command and control center for deploying and
managing Cloud Agent.
You may return to your original host (and Web browser), if you installed Cloud agent on
a separate host.
Cloud Agent Configuration Profile

The Cloud Agent Configuration Profile provides options to control the performance and
behavior of each agent instance.
1. Open the Cloud Agent application.
2. Navigate to A) the “Configuration Profiles” tab and click B) the “New Profile”
button.
General Info
The General Information settings establish things like the profile name and description,
along with some default data collection and update options:
§ Only one profile can be designated as the default profile for your subscription. if
an agent host does not meet the host assignment criteria for any other
configuration profile, the default will be used.
§ The option to suspend data collection from agents will effectively stop the agent
from scanning its host. Although scanning has stopped, agents will continue to
receive manifest updates, configuration updates and agent version updates.
§ The “Prevent auto updating of the agent binaries” option, enables greater
control over agent version updates.
37
3. Type “CA Lab High Performance” in the “Profile Name” field.
4. Leave the other “General Info” options unselected for now and click the
“Continue” button.
Blackout Windows
You can add blackout windows to stop communication between the agent and the
Qualys Cloud platform, at specified times each day of the week.
This can be especially useful when coordinating the communication flows for different
groups of agents, or simply use this option to stop agent communications during
expected times of peak network traffic.
5. Do not configure blackout windows for this profile; click the “Continue”
button.
38
Performance
To control the amount of system or network resources used by each agent, you can use
the preset performance settings of (LOW, NORMAL, or HIGH) or enable the "Customize"
option for more granular control.
6. Under “Configure Agent Performance” click the “Customize” toggle switch to

the “ON” position.
7. Select the “High” option from the “Based On:” drop-down menu.
The performance parameters are now set to the default values for high
performance.
39
8. Change the “Agent Status Interval” setting to 900 seconds.
Network Performance
Moving down through the “Performance” options, the “Delta Upload Interval” and
“Chunk sizes for file fragment uploads” settings work together to control how VM and
PC data is transmitted to the Qualys Cloud Platform (FIM and IOC settings are specified
in a separate place).
Chunk sizes for file fragment uploads - Specifies the maximum payload size for data
transmissions. If the total amount of transmission data exceeds this value, it will be
broken up (or fragmented) into appropriate chunks; not to exceed this value.
Example: if “Chunk sizes for file fragment uploads” is set to 1024KB, a 3MB data
transmission will be broken up into three separate chunks, each 1024KB in size.
Delta Upload Interval - Specifies the amount of time (or delay) between separate
transmissions of “chunks” of data.
These two setting will have the greatest impact on network performance during times
of agent scan data transmissions (specified in the VM and PC Scan Interval settings).
9. For now, leave both of these settings at their default values.
40
CPU Performance
It’s the CPU performance settings that determine how long it will take an agent to
complete the task of collecting inventory and scan data from its agent host.
The more CPU resources you provide to an agent, the sooner it will complete its tasks.
Separate CPU performance settings are provided for Windows and Linux/MacOS agents.
CPU Limit (Windows) - The CPU configuration setting for a windows agent is called the
"CPU Limit" and is expressed as a percentage of CPU usage.
Higher percentages will provide greater CPU resources to a Windows agent, allowing it
to complete its data collection tasks in less time. Lower percentages will reduce agent
performance, and more time will be required for the agent to complete its tasks.
Note: The Windows agent is single-threaded, and only executes on one core of the CPU.
Because of this single-threaded behavior, a windows agent configured with a 100%
value, will use the equivalent of 25% overall CPU usage on a four-core system.
CPU Throttle (Linux/Mac) - The CPU configuration for a Linux or Mac host is called CPU
Throttle and is expressed in milliseconds; which represents the delay between metadata
collection commands executed by the agent.
Lower CPU Throttle settings improve agent performance, by minimizing the delay
between agent tasks. Higher values for CPU throttle, will slow agent performance.
10. Increase the “CPU Limit” setting to 100%.

11. Leave the “CPU Throttle” setting at 0 ms.
Both of these CPU setting will provide CA Lab hosts with maximum performance.
Please consider available resources, when configuring these CPU settings for your
production agent host assets.
12. Click the “Continue” button to advance to the “Assign Hosts” options.
41
Assign Hosts
In the previous lab exercise, the “CA Lab” tag was added to your Activation Key. This
will ensure that all agents created with your key, will receive the “CA Lab” tag. The “CA
Lab” tag can now be used to assign your agent host to the correct Configuration Profile.
13. From the “Assign Hosts” section, click the “Select” link, followed by the
“Browse tags” icon .
14. Click the “CA Lab” tag, to add it to this profile. This is the same tag added to the
Activation Key, in the previous lab. Hosts with this tag will be automatically
assigned to this Configuration Profile.
15. Click the “Continue” button.
42
VM Scan Interval
The “VM Scan Interval” setting determines how often Cloud Agent collects vulnerability
assessment data. Configured at its minimal value, vulnerability assessment data
collections will occur every four hours.
16. Leave the VM “Data Collection Interval” at its default setting and click the
PC Scan Interval
The “PC Scan Interval” setting determines how often Cloud Agent collect compliance
assessment data. Configured at its minimal value, compliance assessment data
collections will occur every four hours.
17. Leave the PC “Data Collection Interval” at its default setting and click the
FIM, EDR, and PM

18. For now, leave the FIM, EDR, and PM settings with their default values; click
the “Continue” button twice, followed by the “Finish” button.
43
19. Use your mouse to grab and drag (left margin) your new profile to the top of
the list.
If a deployed agent host is assigned to more than one profile, the matching
profile closest to the top of the list will take precedence.
Your agent host will switch from the “Initial Profile” to the “CA Lab High
Performance” profile, the next time its agent checks-in (i.e., Agent Status
Interval).
44
Activate/Deactivate Agent
Using the “Quick Actions” menu of any agent, you can activate or deactivate modules,
and uninstall agents according to the licenses within your Qualys subscription.
** Numbers have been intentionally removed from the deactivation steps. Please leave
all modules activated, until you have completed the CA labs and exam. **
To deactivate an Agent Module, select “Deactivate Agent” from the “Quick Actions”
menu.
Then turn-off the targeted module, before clicking the “Deactivate” button.
A deactivated module can also be re-activated by using the “Activate Agent” option from
the “Quick Actions” menu.
45
Uninstall Agent
** Numbers have been intentionally removed from the uninstall steps. Do NOT uninstall
your agent host, until you have completed the CA labs and exam.**
Selecting the “Uninstall Agent” option from the “Quick Actions” menu, is the
recommended procedure for removing or uninstalling Cloud Agent from a host.
If this option is selected, Cloud Agent will be removed from its host the very next time it
checks-in.
** Do NOT uninstall your agent host, until you have completed the CA labs and exam. **
46
LAB 3: Cloud Agent & VM (5 min.)
The Qualys Vulnerability Management (VM) application will help you manage and
mitigate vulnerabilities discovered on agent hosts with the VM module activated.
By default, VM data and findings collected from agents, are displayed separately from
the VM data and findings collected from a Qualys Scanner Appliance.
1. Use the application drop-down menu to open the Vulnerability Management

application.
View Host Assets

The “Host Assets” tab can be found in both the VM and PC applications. It provides a
comprehensive list of host assets supported by the VM or PC modules, respectively.
2. Click A) the “Assets” menu followed by B) the “Host Assets” tab to view your
agent host.
A Cloud Agent host is easily distinguished by its tracking method.

3. Click the “Info” icon associated with your agent host.
47
4. Locate the Qualys Host ID in the “General Information” section.
The Qualys Host ID found here, should match the one identified during the agent
installation, earlier.
5. Click “Vulnerabilities” in the navigation pane (left).

6. Scroll down and expand the Vulnerabilities, Potential Vulnerabilities, and
Information Gathered findings.
If vulnerabilities are not yet displayed, additional time may be needed for an
assessment to be completed. You may continue to the next step.
The confirmed vulnerabilities, potential vulnerabilities, and information gathered
data displayed here are referred to as AGENT data (i.e., Cloud Agent is the data
source).
48
LAB 4: Cloud Agent & PC (10 min.)
With the Policy Compliance (PC) module activated for an agent host, the PC application
can be used to assess host compliance with various regulations, frameworks, and
security policies.
Import Policy
Import a policy from the Qualys Policy Library and use it to evaluate/assess your agent
host.
1. Open the Policy Compliance application.
2. Click on A) the Policies menu followed by B) the “Policies” tab, then click the
“New” button, expand the “Policy” option and select C) the “Import from
Library” method.
49
3. Locate the OS technology of your agent host in the “Technologies” column and
select its checkbox.
4. Select a policy for your OS in the “Policies” column and click the “Next” button
(** If you’re not sure which policy to select, CIS Benchmark policies typically make
a good choice for this step).
5. Leave the Title and default settings as they are and click the “Create” button.
6. When the Policy Editor appears, click the Asset Groups and Asset Tags “Edit”
link to add your agent host asset to this policy.
50
7. Click the “Tags” radio button, and then click the “Add Tag” link.
8. Use the icon to select the “Cloud Agent” tag from the Asset Tag Tree.
9. Click the “Save” button.
51
**Note: alternatively, Asset Groups may also be used to define a policy’s scope.
However, by default, Asset Groups do not contain AGENT host assets. If you use
an Asset Group to define the scope of your policy, you must also select the
“Include all hosts with PC agents” checkbox.
10. From the bottom of the Policy Editor, select the “Evaluate now” checkbox, and
click the “Save” button.
The “Evaluate now” option will immediately force an evaluation of all controls in
the policy, against the most recent host data.
11. After the policy has been saved, close the Policy Editor.
52
View Agent Compliance Findings
Using the policy just imported, view the policy findings.
1. Navigate to the “Assets” section, followed by the “Host Assets” tab.

2. Click the “info” icon, of your agent host.
3. When the “Host Information” window appears, click “Compliance” in the

navigation pane.
If compliance data is available for your agent host, you’ll see a summary of
Passed and Failed control results for the policy you imported (as illustrated
above).
If compliance results are not yet displayed, additional time may be needed for an
assessment to be completed.
4. To create a report, click the policy’s “Run report” icon .
53
5. When the report appears, expand the report window (for better viewing) and
scroll down until the control results appear.
6. Click on any control (CID) in the upper-pane, to view its details in the lower-
pane.
7. When you are done examining the findings, close the report.
54
LAB 5: Cloud Agent & AssetView
The AssetView application provides one central location to view and manage data
collected throughout the Qualys Cloud Platform. It is the primary application for
creating and managing Asset Tags. By default, the AssetView application provides host
inventory, system, and network data collected from a “Cloud Agent” host.
1. Use the application drop-down menu to open the AssetView application.
2. Click A) the “Assets” menu followed by B) the “Assets” tab, then use the “Quick
Actions” menu to select C) the “View Asset Details” option.
3. Click “Asset Summary” in the navigation pane (left).
The agent’s IP address and network data provide location information, which can
be useful when tracking roaming host assets.
55
4. Click “Agent Summary” in the navigation pane (left).
The UUID or Qualys Host ID used to track vulnerabilities and findings is identified
here in the “Agent ID” field.
5. Click “Vulnerabilities” in the navigation pane (left).

6. Click the severity 2 and 1 buttons to display additional vulnerability data, and
then click the “View Vulnerabilities” button (upper-right corner).
56
Here you can view the details of any vulnerability detected. The “Detected Date”
column identifies the last time a vulnerability was detected.
7. Click “Compliance” in the navigation pane (left).

Here you will find a graphic summary of the policy created earlier in this lab.
8. Click a graphic component to display its detailed information.
57
LAB 6: ** DEPRECATED **
For details and information about detecting and responding to Indicators of
Compromise (IOC), please see the Qualys “Endpoint Detection & Response” training
course.
58
Appendix A: Lab Host Setup
To meet the objectives of the Cloud Agent (CA) Deployment training lab, Qualys
recommends performing your agent installation on a “nonessential” lab host; one that is
used for learning and testing purposes. If you elect to install an agent on your
“everyday” laptop computer, be sure to uninstall the agent before your student lab
account expires.
Guest Host OS
Your installation or target host must use an OS supported by Cloud Agent (i.e.,
Windows, Linux, Mac OS, AIX, or Free BSD). Recommended: for easy Web access to
installation resources, choose a host OS with a graphical user interface (GUI).
You can use one of the following links, to acquire a free OS installation image:
o Windows: https://www.microsoft.com/en-us/evalcenter/
o CentOS: https://www.centos.org/download/
o Ubuntu: https://www.ubuntu.com/#download
You must have administrative or root access to your target host to successfully perform
the Cloud Agent installation.
Hypervisors, such as VMware vSphere, Microsoft Hyper-V, Citrix Xen, or Oracle
VirtualBox, provide an effective way to build a host for your Cloud Agent installation.
** Please create or select your target host prior to the start of class. Extra lab time is not
allocated for this task. **
Guest Host Browser

The Cloud Agent installation steps in this lab, require a graphical Web browser to
download the Cloud Agent installation components. Please install a current version of
one of the following Web browsers, on your virtual guest host.
o Microsoft Edge (or IE)
o Chrome
o Firefox
o Safari
Please modify the settings of your Web browser to allow pop-ups from qualys.com.
59

Cloud Agent Lab Exercises V22

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloud Agent Lab Exercises V22

Uploaded by

Copyright:

Available Formats

Cloud Agent

1. Open your Qualys student lab account message/document.

Update User Profile

2. Click the “Security” setup option.

3. Increase your Session Timeout value to the maximum (240 min.)

Create Cloud Agent Activation Key

2. Click A) the “Agent Management” menu, followed by B) the “Activation Keys”

3. Give this key the title of “CA Lab Key”.

5. Use Windows Explorer or a Command Prompt window to navigate to the

7. Once your Cloud Agent installation is complete and successfully validated,

Locate CA Log File (qualys-cloud-agent.log)

6. Use the “ps” command, to verify ‘qualys-cloud-ag’ is running.

Locate CA Log File (qualys-cloud-agent.log)

11. Use the “ps” command, to verify ‘qualys-cloud-ag’ is running.

Locate CA Log File (qualys-cloud-agent.log)

CA Log Analysis & Troubleshooting

§ Troubleshooting & Log Analysis – Common Errors (https://vimeo.com/412762742)

§ Troubleshooting & Log Analysis – Unix/Linux Distribution (https://vimeo.com/418215691)

2. Mouse-over “lastCheckedIn” in the left pane, to display its detailed description

4. Close the tutorial window.

Cloud Agent Configuration Profile

1. Open the Cloud Agent application.

6. Under “Configure Agent Performance” click the “Customize” toggle switch to

9. For now, leave both of these settings at their default values.

10. Increase the “CPU Limit” setting to 100%.

FIM, EDR, and PM

1. Use the application drop-down menu to open the Vulnerability Management

View Host Assets

A Cloud Agent host is easily distinguished by its tracking method.

5. Click “Vulnerabilities” in the navigation pane (left).

1. Open the Policy Compliance application.

1. Navigate to the “Assets” section, followed by the “Host Assets” tab.

3. When the “Host Information” window appears, click “Compliance” in the

1. Use the application drop-down menu to open the AssetView application.

5. Click “Vulnerabilities” in the navigation pane (left).

7. Click “Compliance” in the navigation pane (left).

Guest Host Browser

You might also like