Functions of Qualys SOC servers that scanner appliance contacts

Document created by kb-author-1 Employee on May 19, 2010Last modified by eschamp on Oct 28, 2011
Version 3Show Document
  • View in full screen mode

Issue:

What are the functions of the servers that the scanner appliance contacts?

 

Solution:

The scanner appliance connects to these servers with the functions described below.

 

Note: Qualys has multiple QualysGuard Security Operations Centers (SOCs), so the DNS server names vary slightly for each.

 

qualysguard*:443 - This is the main QualysGuard web interface, also referred to as QWeb. The scanner appliance connects to this server for authentication after bootup and after login credentials are entered. It also downloads various initial parameters needed for operation.

 

orchestrator*:443 - Map and scan jobs are queued here and pulled by the appliance on a regular interval, which is customizable in the scanner appliance settings. Once the map or scan job is completed, the resulting data is uploaded to this server as well.

 

dist*:443 - Distribution server for software updates. The scanner appliance checks for updates every 4 hours and pulls them if available. It also checks after a reboot, or when forced by the administrator from within the scanner appliance settings in the Installed Versions section. The size of the updates varies greatly, depends on what module needs to be updated. It can range from a few hundred KB for one minor module to 50+ MB for a major scan engine update. As a result, the time to complete an update varies as well.

 

nochost*:443 - The scanner appliance reports performance data once per hour and polls for configuration changes every 5 minutes to this server. This allows Qualys to be proactive about maintaining and replacing scanner appliances with potential problems.

 

Customers using the QualysGuard @Customer solution will have custom URLs to connect to for their dedicated platform.

Attachments

    Outcomes