This post describes the behavior, differences, and use cases for the Cloud Agent UI enhancement of the Last Checked In and Last Activity fields as introduced in Cloud Platform 2.35 released on the shared platforms between Jan 8 - 10, 2019.
As announced in the Cloud Platform 2.35 release blog announcement, a new enhancement separates a single column with multiple data elements into two separate columns (Last Activity and Last Checked In) and adds the timestamp of the last scan uploads to the Last Checked In field. Customer feedback asked to separate when agents last performed vulnerability management and policy compliance scans from other agent functions, hence this enhancement.
During the Cloud Platform 2.35 release process, the Last Checked In data was not being updated causing some agents to have old timestamps. This has been resolved.
The following describes differences between these two fields:
- Last Activity - the timestamp of agent activity for manifest download, configuration profile download, agent upgrade installer download (if enabled), and inventory scan upload
- Last Checked In - the timestamp of all activity from Last Activity plus vulnerability management and policy compliance scan uploads
Most of the time, the Last Checked In timestamp will be more recent compared to Last Activity as vulnerability management and policy compliance scans occur more frequently than other agent management activity. Last Activity and Last Checked In will have the same timestamps if the last agent activity is not vulnerability management or policy compliance scans, e.g. a recent manifest download.
Qualys recommends that the Last Checked In field continue to be used (as it always has been) for search queries and AssetView widgets/dashboards as it reflects the most recent timestamp of agent activity connecting to the Qualys Platform.
Related Post: Understanding "Last Scanned" date and "Vulnerabilities" Fields | Container Security New Dec 24,2019