AnsweredAssumed Answered

Issues with Cloud agent in AWS

Question asked by Michael Fennell on Feb 28, 2019
Latest reply on Mar 4, 2019 by Michael Fennell

Hi Forum

Hoping someone on here has been down this track already and can assist me in relation to cloud agent within AWS.

So the story so far:

- Setup a connector to VPC and got cloud engineers to sort out iAM role etc and also created a custom tag to capture all assets for this specific VPC.

- Setup a virtual scanner within the VPC to capture the list of QID's not covered currently by agent.

- Setup an authentication record with agentless tracking on for this scanner to work with the assets within this VPC.

- Cloud engineers rolled out Agent to assets (unix/linux) within the VPC that can use agent (this would be most of them outside of the scanner itself).

- Connector picking up assets and scheduled scan setup with specific option profile set on scan to pick up QID's not covered.


Now in a normal world i am pretty sure we have captured everything based on Qualys documentation that we need to but.... am seeing the following.


- Connector is reporting on instances that are no longer valid, some don't even exist anymore but still showing up within the system as running ?

- When i run reports on the tag it brings me back lots of vulnerabilities for assets no longer present or that exist , i have got our cloud guys to verify this.


Am i going crazy or is qualy's agent not smart enough to recognize that an agent is no longer valid and should be marked as terminated ?

Also for our vulnerability reporting i see this as being a big issue as we will now be reporting on stuff that should no longer be captured , it will greatly throw off our vulnerability counts and trending.


Just wondering if anyone out there is experiencing this and if you guys have any suggestions on if there is something i should be doing to capture this, seems to me agent as a dynamic type of service is not as dynamic as it should be or perhaps i am missing a vital step. 

Would appreciate any advice or help anyone can give me.


Regards, Mike.