Cloud Agent QID (IG) 370098 Amazon AWS Amazon Linux Instance Metadata

Document created by Jeff Leggett Employee on Jul 21, 2017Last modified by Jeff Leggett Employee on Jul 21, 2017
Version 2Show Document
  • View in full screen mode

Cloud Agent engineering teams are working hard to add AWS, Azure, and other cloud provider instance identity and metadata into the platform as first class data objects to union cloud assets across Cloud Agent, Scanner, and Connectors sensors.  We expect to support AWS and Azure via Cloud Agent in a few months later this year.

 

In the meantime, there is an IG QID 370098 (Amazon AWS Amazon Linux Instance Metadata) for Cloud Agent Linux when running in AWS.

 

Customers are already using this to pull the instance identity and metadata from the QID Results tag using the host detection API.  The results do require post-processing on the customer side to pull out individual attributes (most importantly “instance-id”) for their own uses.  The instance metadata is collected by Cloud Agent Linux and Mac, no Windows support at present.  The processing of this QID is available on all shared platforms and contact Support to enable it for PCPs, if not already enabled.

 

This is an example from one of the hosts on the TAM Demo Account on US Shared platform 1.

 

curl -u "username:password" -H "X-Requested-With: curl" https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/?action=list&qids=370098&show_igs=1

  

<?xml version="1.0" encoding="UTF-8" ?>

<!DOCTYPE HOST_LIST_VM_DETECTION_OUTPUT SYSTEM "https://qualysapi.qualys.com/api/2.0/fo/asset/host/vm/detection/host_list_vm_detection_output.dtd">

<HOST_LIST_VM_DETECTION_OUTPUT>

    <RESPONSE>

        <DATETIME>2017-07-21T16:07:07Z</DATETIME>

        <!-- keep-alive for HOST_LIST_VM_DETECTION_OUTPUT  -->

        <HOST_LIST>

            <HOST>

                <ID>177668739</ID>

                <IP>172.30.1.113</IP>

                <TRACKING_METHOD>AGENT</TRACKING_METHOD>

                <NETWORK_ID>0</NETWORK_ID>

                <OS>

                    <![CDATA[Amazon Linux AMI 2017.03]]>

                </OS>

                <DNS>

                    <![CDATA[ip-172-30-1-113]]>

                </DNS>

                <QG_HOSTID>

                    <![CDATA[37c2fcf2-3938-4cf0-b806-a4745559a7be]]>

                </QG_HOSTID>

                <LAST_SCAN_DATETIME>2017-07-12T07:34:21Z</LAST_SCAN_DATETIME>

                <LAST_VM_SCANNED_DATE>2017-07-12T07:32:51Z</LAST_VM_SCANNED_DATE>

                <LAST_VM_AUTH_SCANNED_DATE>2017-07-12T07:32:51Z</LAST_VM_AUTH_SCANNED_DATE>

                <LAST_PC_SCANNED_DATE>2017-07-12T07:32:51Z</LAST_PC_SCANNED_DATE>

                <DETECTION_LIST>

                    <DETECTION>

                        <QID>370098</QID>

                        <TYPE>Info</TYPE>

                        <RESULTS>

                            <![CDATA[latest/meta-data/ami-id:SUCCESS:ami-4836a428

latest/meta-data/ami-launch-index:SUCCESS:0

latest/meta-data/ami-manifest-path:SUCCESS:(unknown)

latest/meta-data/hostname:SUCCESS:ip-172-30-1-113.us-west-2.compute.internal

latest/meta-data/instance-action:SUCCESS:none

latest/meta-data/instance-id:SUCCESS:i-0d8c4bbc5884b366a

latest/meta-data/instance-type:SUCCESS:t2.medium

latest/meta-data/kernel-id:FAIL:404 - Not Found

latest/meta-data/local-hostname:SUCCESS:ip-172-30-1-113.us-west-2.compute.internal

latest/meta-data/local-ipv4:SUCCESS:172.30.1.113

latest/meta-data/mac:SUCCESS:02:03:7d:4a:44:dc

latest/meta-data/public-hostname:FAIL:

latest/meta-data/public-ipv4:SUCCESS:54.187.229.228

latest/meta-data/reservation-id:SUCCESS:r-08a936fa3a80004df

latest/meta-data/security-groups:SUCCESS:default

latest/meta-data/ancestor-ami-ids:FAIL:404 - Not Found

latest/meta-data/profile:SUCCESS:default-hvm

latest/dynamic/instance-identity/document/devpayProductCodes:SUCCESS:null

latest/dynamic/instance-identity/document/privateIp:SUCCESS:172.30.1.113

latest/dynamic/instance-identity/document/availabilityZone:SUCCESS:us-west-2b

latest/dynamic/instance-identity/document/version:SUCCESS:2010-08-31

latest/dynamic/instance-identity/document/instanceId:SUCCESS:i-0d8c4bbc5884b366a

latest/dynamic/instance-identity/document/billingProducts:SUCCESS:null

latest/dynamic/instance-identity/document/instanceType:SUCCESS:t2.medium

latest/dynamic/instance-identity/document/pendingTime:SUCCESS:2017-05-22T18:59:20Z

latest/dynamic/instance-identity/document/accountId:SUCCESS:205767712438

latest/dynamic/instance-identity/document/architecture:SUCCESS:x86_64

latest/dynamic/instance-identity/document/kernelId:SUCCESS:null

latest/dynamic/instance-identity/document/ramdiskId:SUCCESS:null

latest/dynamic/instance-identity/document/imageId:SUCCESS:ami-4836a428

latest/dynamic/instance-identity/document/region:SUCCESS:us-west-2]]>

                        </RESULTS>

                    </DETECTION>

                </DETECTION_LIST>

            </HOST>

        </HOST_LIST>

    </RESPONSE>

</HOST_LIST_VM_DETECTION_OUTPUT>

<!-- CONFIDENTIAL AND PROPRIETARY INFORMATION. Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is complete or error-free. Copyright 2017, Qualys, Inc. //-->

Attachments

    Outcomes