Qualys has built public GitHub repositories comprising of scripts for your requirements related to automation of the common task around Cloud Security in Qualys. It contains the tools for mass/automated deployment of Cloud Agent and on-boarding of cloud connectors. Let us go through the scripts available for your use.
Qualys Cloud Agent
Use any of the following methods to automate the deployment of Cloud Agent.
|Using Ansible||This helps you to deploy Cloud Agent across your Linux instances (Virtual machines) in any cloud using Ansible.|
|Deploy Cloud Agent at launch using AWS User Data||This helps you to deploy Cloud Agent across your AWS instances using user data scripts.|
|Deploy Cloud Agent on running instances using AWS Systems manager (SSM)||This helps you to deploy Cloud Agent across your already running instances using AWS System Manager.|
|Deploy Cloud Agent at launch using CloudWatch, Lambda & SSM||This helps you to deploy Cloud Agent in any new instances being launched in your environment. It utilizes AWS CloudWatch, Lambda & SSM for Bootstrapping of the cloud agent.|
|Deploy Cloud Agent on AWS Elastic Beanstalk||This helps you to deploy Cloud Agent across your Elastic Beanstalk instances for continuous vulnerability assessment. It utilizes config file under folder.|
|Using Powershell Runbook in Azure||This helps you to deploy Cloud Agent across your virtual machines. It utilizes Azure Automation account and Powershell workbook.|
|Deploy Cloud Agent in Azure VMs using ARM Template||This helps you to deploy Cloud Agent in Azure Virtual machines using Azure Resource Manager Template.|
Qualys Scanner Appliance
|AWS Scanner||This helps you to create virtual scanners in your AWS account using a CloudFormation Template.|
Use any of the following methods to automate the deployment of Cloud Connectors.
|Create EC2 connector in AssetView using CloudFormation Template||This helps you to create cross-account trust role and assign Security Audit Policy to it in your AWS environment, and create a corresponding AssetView connector using a CloudFormation Template.|
|Create Bulk EC2 Connectors in AssetView using Python Script||This helps you to do a CSV import of AWS accounts to create AssetView connectors corresponding to the accounts.|
|Create AWS Connector in CloudView using CloudFormation Template||This helps you to create a cross-account trust role and assign Security Audit Policy to it in your AWS environment, and create a corresponding connector using a CloudFormation Template.|
|Create Bulk AWS Connectors in CloudView using Python Scripts||This helps you to do a CSV import of AWS accounts to create CloudView connectors corresponding to the accounts.|
|Create Bulk Azure Connectors in CloudView using ARM Template or Powershell||This helps you to create Azure Connectors in Cloudview for all subscriptions listed in a CSV or under an AD or a management group (Via Powershell). This (ARM Template) helps you to create an application with appropriate permission to onboard all Azure subscriptions that the application has access, as Azure connector in CloudView.|
|Create Bulk GCP Connectors in CloudView using Python Scripts||This helps you onboard multiple projects or all projects within an organization and create corresponding GCP connectors in CloudView.|
Cloud Security Assessment
|Configuring Splunk to fetch Cloud Security Assessment evaluation results||This helps you to send Cloud Security Assessment evaluation results to the Splunk for data correlation.|
|Report control failures to a Slack Channel||This helps you to send the report of control failures to a Slack Channel with list of resource IDs per failed control.|
Assess Vulnerabilities & Mis-configurations in AWS Golden AMI Pipelines
To integrate Qualys solutions into DevSecOps for securing cloud infrastructures, you can use Golden AMI Pipeline considering the importance of assessing vulnerabilities and misconfigurations on AWS pipelines.
|This helps you to create a Golden AMI Pipeline integrated with a virtual scanner for vulnerability assessments in the image creation pipeline, before they reach production environments and throughout the instance lifecycle.|