How I can monitoring multiple AWS account with single Qualys account? is possible ?
This can be done by setting up multiple EC2 connectors. Each connector can point to a different AWS account.
You'll need to have EC2 scanning option enabled on your account, your TAM can help to get this enabled.
Read more: https://www.qualys.com/docs/qualys-securing-amazon-web-services.pdf
I am looking for steps to setup aws muti account scan with a single pre-authorized scanner.
I have two AWS account say Account1 and Account2. Account1 have Qualys EC2 instance, it scanning all the assets in this account successfully. I have created a VPC peering two account , updated route table and security group.
I am looking a step process, to validate my activity.
This document will help you: Scanning Peered VPC's
I have already created a VPC peering between two AWS account VPC. but scanner unable to scan assets. How the EC2 scanner of one account( without Qualys pre-authorized scanner), call the Qualys scanner of other account?
ajsinghr, when you perform a scan in your AWS accounts, you'll need to select "EC2 Scan" from the "New" drop-down inside the Scan tab of the VM module. From there, you'll need to select which connector you want to scan followed by the VPC Zone. From there, you'll need to select the asset tag associated with the assets you're wanting to target.
Does this help?
You'll need to use the pre-authorized EC2 scanner to accomplish this.
When you've got 2 VPC's, first make sure they've peered. Next launch an EC2 scanner in one of the VPC.
Now you may launch a new EC2 scan and select the EC2 scanner you launched earlier.
Thanks for your support. Now we able to scan other AWS account using VPC peering and IAM Role.
Thanks for updating this thread, and well done!
One query, Say I have 3 AWs account A, B and C . A <--> B <-->C. Account A have Qualys Appliance EC2 instance. NOw I have two EC2 connector point to Account A and B. I execute the "EC2 Scan" against account B. How the Connector know that the Qualys appliance is install in account A not C? Is EC2 connector check account C if appliance not found, then connect account A. I like to know how connector work in this scenario?
Retrieving data ...