Qualys GitHub for Cloud Security

Document created by Hari Srinivasan on Apr 26, 2019Last modified by Mikesh Khanal on Feb 4, 2020
Version 2Show Document
  • View in full screen mode

Qualys has built public GitHub repositories comprising of scripts for your requirements related to automation of the common task around Cloud Security in Qualys. It contains the tools for mass/automated deployment of Cloud Agent and on-boarding of cloud connectors. Let us go through the scripts available for your use.


Qualys Cloud Agent

Use any of the following methods to automate the deployment of Cloud Agent.


Using AnsibleThis helps you to deploy Cloud Agent across your Linux instances (Virtual machines) in any cloud using Ansible.
Deploy Cloud Agent at launch using AWS User DataThis helps you to deploy Cloud Agent across your AWS instances using user data scripts.
Deploy Cloud Agent on running instances using AWS Systems manager (SSM)This helps you to deploy Cloud Agent across your already running instances using AWS System Manager.
Deploy Cloud Agent at launch using CloudWatch, Lambda & SSMThis helps you to deploy Cloud Agent in any new instances being launched in your environment. It utilizes AWS CloudWatch, Lambda & SSM for Bootstrapping of the cloud agent.
Deploy Cloud Agent on AWS Elastic BeanstalkThis helps you to deploy Cloud Agent across your Elastic Beanstalk instances for continuous vulnerability assessment. It utilizes YAML config file under ebextensions folder.
Using Powershell Runbook in AzureThis helps you to deploy Cloud Agent across your virtual machines. It utilizes Azure Automation account and Powershell workbook.
Deploy Cloud Agent in Azure VMs using ARM TemplateThis helps you to deploy Cloud Agent in Azure Virtual machines using Azure Resource Manager Template.

Qualys Scanner Appliance

AWS ScannerThis helps you to create virtual scanners in your AWS account using a CloudFormation Template.


Cloud Connectors

Use any of the following methods to automate the deployment of Cloud Connectors.


Create EC2 connector in AssetView using CloudFormation TemplateThis helps you to create cross-account trust role and assign Security Audit Policy to it in your AWS environment, and create corresponding AssetView connector using a CloudFormation Template. 
Create Bulk EC2 Connectors in AssetView using Python ScriptThis helps you to do a CSV import of AWS accounts to create AssetView connectors corresponding to the accounts.
Create AWS Connector in CloudView using CloudFormation TemplateThis helps you to create cross-account trust role and assign Security Audit Policy to it in your AWS environment, and create a corresponding CloudView connector using a CloudFormation Template.
Create Bulk AWS Connectors in CloudView using Python ScriptsThis helps you to do a CSV import of AWS accounts to create CloudView connectors corresponding to the accounts.
Create Bulk Azure Connectors in CloudView using ARM Template or PowershellThis helps you to create Azure Connectors in Cloudview for all subscriptions listed in a CSV or under an AD or a management group (Via Powershell). This (ARM Template) helps you to create an application with appropriate permission to onboard all Azure subscriptions that the application has access, as Azure connector in CloudView.
Create Bulk GCP Connectors in CloudView using Python ScriptsThis helps you onboard multiple projects or all projects within an organization and create corresponding GCP connectors in CloudView.


Cloud Security Assessment

Configuring Splunk to fetch Cloud Security Assessment evaluation resultsThis helps you to send Cloud Security Assessment evaluation results to the Splunk for data correlation.
Report control failures to a Slack ChannelThis helps you to send the report of control failures to a Slack Channel with list of resource IDs per failed control.


Assess Vulnerabilities & Mis-configurations in AWS Golden AMI Pipelines

To integrate Qualys solutions into DevSecOps for securing cloud infrastructures, you can use Golden AMI Pipeline considering the importance of assessing vulnerabilities and misconfigurations on AWS pipelines.



Golden AMI Pipeline

This helps you to create a Golden AMI Pipeline integrated with a virtual scanner for vulnerability assessments in the image creation pipeline, before they reach production environments and throughout the instance lifecycle.



4 people found this helpful