Quickstart Deployment Guide for Qualys Virtual Scanner Appliance in Oracle Cloud Infrastructure

Document created by Alex Mandernack Employee on Feb 6, 2019Last modified by Alex Mandernack Employee on Apr 27, 2019
Version 3Show Document
  • View in full screen mode

Summary

This document describes briefly how to quickly deploy the Qualys Virtual Scanner Appliance in Oracle Cloud Infrastructure from the Oracle Cloud Marketplace. This scanner, once deployed, will function as a standard Virtual Scanner and can scan based on IP address or CIDR block.

 

Prerequisites

Customers will have an active Qualys subscription.

Scanner personalization code (14 digits) obtained from your Qualys account. (Documentation)
Qualys Virtual Scanner Appliance VM must be able to reach the Qualys Cloud Platform over HTTPS port 443

 

What do I need to get started?

The Virtual Scanner option must be turned on for your account. Contact Qualys Support or your Technical Account Manager if you would like us to turn on this option for you.

You must be a Manager or a sub-user with the “Manage virtual scanner appliances” permission. This permission may be granted to Unit Managers. Your subscription may be configured to allow this permission to be granted to Scanners.

 

Configuration in Qualys

You'll add a new virtual scanner appliance and get your personalization code.

Go to Scans > Appliances and select New > Virtual Scanner Appliance. Choose "I have my image" and click Continue.

Give your scanner a name. If you’re a sub-user then you’ll need to pick an asset group that has been assigned to your business unit by a Manager user. Not seeing any asset groups? Please ask a Manager to assign an asset group (other than the All group) to your business unit.

Follow the on screen instructions to configure your virtual scanner and get your personalization code. You'll need this to launch your instance.

pers code

Configuration in OCI

To launch an instance from the Oracle Cloud Marketplace:

1) Go to Qualys Virtual Scanner Appliance page in the Oracle Cloud Marketplace, and login to your OCI Compute Classic account.

The Oracle Cloud Marketplace lists two virtual scanner appliances. One for OCI (select this one for this guide), the other for OCI Classic Compute.

https://cloudmarketplace.oracle.com/marketplace/app/qualys-oci_scanner

 

2) Launch the virtual scanner by selecting “Get App”.

oracle cloud marketplace


3) Use the wizard to enter the instance settings.

  • Name your instance - Choose a distinctive name and label of your scanner
  • Choose instance shape - Select shape that doesn’t exceed 16GB of RAM and 16 CPU Cores
  • Add SSH key - The Qualys Scanner appliance is a locked appliance, login into it is disabled. Leave the SSH key section empty

  • User data - field set your Personalization code and Proxy, if any, in the following format:

Example:

PERSCODE=12345678910

PROXY_URL=username:password@proxyhost.com

 

Proxy formatting:
If you have a domain user, the format is: domain\username:password@proxyhost:port
If authentication is not used, the format is: proxyhost:port
Where “proxyhost” is the IPv4 address or the FQDN of the proxy server.

 

advanced options

Note:

  • User data settings cannot be updated after deployment. If you need to alter the PERSCODE and/or PROXY_URL, you will have to redeploy the scanner
  • You can keep the default storage size or you can increase it based on your requirements.

Once launched, the Virtual Appliance connects to the Qualys Cloud Platform

This step registers the Virtual Scanner Appliance with your Qualys account. Also your appliance will download all the latest software updates right away, so it’s ready for scanning.

Configuring Security Lists for your Virtual Scanner Appliance

  • If you are using proxy server then ensure you have outbound rule allowing access on port 443 and the port used to communicate with proxy server.
  • If scanner appliance has direct internet connectivity, then ensure that there is an outbound rule that allows access on port 443 to Qualys Security Operations Center (SOC) IP address. You can get the SOC IP address range by logging in to Qualys Portal and navigating to Help > About option.
  • Scanner should be able to reach out to all the target instances for running the scan. It is recommended to configure outbound rule that allows access to all ports and subnets of the instances that the scanner is going to scan.

 

How do I know my scanner is ready to use?
Check your virtual scanner status in Qualys. Go to Scans > Appliances, and find your scanner in the list.
Tip - It can take several minutes for the Qualys user interface to get updated after you add a new appliance. Please refresh your browser periodically to ensure that you are seeing the most up to date details.

scanner status

 

 

 

Attachments

    Outcomes