Qualys GitHub for Cloud Security

Document created by Hari Srinivasan Employee on Apr 26, 2019
Version 1Show Document
  • View in full screen mode

Qualys has built public GitHub repositories comprising of scripts for your requirements related to automation of the common task around Cloud Security in Qualys. It contains the tools for mass/automated deployment of Cloud Agent and on-boarding of cloud connectors. Let us go through the scripts available for your use.

 

Qualys Cloud Agent

Use any of the following methods to automate the deployment of Cloud Agent.

 

ScriptsDescription
Using AnsibleThis helps you to deploy Cloud Agent across your Linux instances (Virtual machines) in any cloud using Ansible.
Deploy Cloud Agent at launch using AWS User DataThis helps you to deploy Cloud Agent across your AWS instances using user data scripts.
Deploy Cloud Agent on running instances using AWS Systems manager (SSM)This helps you to deploy Cloud Agent across your already running instances using AWS System Manager .
Deploy Cloud Agent at launch using CloudWatch, Lambda & SSMThis helps you to deploy Cloud Agent in any new instances being launched in your environment. It utilizes AWS CloudWatch, Lambda & SSM for Bootstrapping of the cloud agent.
Deploy Cloud Agent on AWS Elastic BeanstalkThis helps you to deploy Cloud Agent across your Elastic Beanstalk instances for continuous vulnerability assessment. It utilizes YAML config file under ebextensions folder.
Using Powershell Runbook in AzureThis helps you to deploy Cloud Agent across your virtual machines. It utilizes Azure Automation account and Powershell workbook.


Qualys Scanner Appliance

ScriptsDescription
AWS ScannerThis helps you to create virtual scanners in your AWS account using a CloudFormation Template.

 

Cloud Connectors

Use any of the following methods to automate the deployment of Cloud Connectors.

 

ScriptsDescription
Create EC2 connector in AssetView using CloudFormation TemplateThis helps you to create cross-account trust role and assign Security Audit Policy to it in your AWS environment, and create corresponding AssetView connector using a CloudFormation Template. 
Create Bulk EC2 Connectors in AssetView using Python ScriptThis helps you to do a CSV import of AWS accounts to create AssetView connectors corresponding to the accounts.
Create AWS Connector in CloudView using CloudFormation TemplateThis helps you to create cross-account trust role and assign Security Audit Policy to it in your AWS environment, and create a corresponding CloudView connector using a CloudFormation Template.
Create Bulk AWS Connectors in CloudView using Python ScriptsThis helps you to do a CSV import of AWS accounts to create CloudView connectors corresponding to the accounts.

 

Cloud Security Assessment

ScriptsDescription
Configuring Splunk to fetch Cloud Security Assessment evaluation resultsThis helps you to send Cloud Security Assessment evaluation results to the Splunk for data correlation.

 

Assess Vulnerabilities & Mis-configurations in AWS Golden AMI Pipelines

To integrate Qualys solutions into DevSecOps for securing cloud infrastructures, you can use Golden AMI Pipeline considering the importance of assessing vulnerabilities and mis-configurations on AWS pipelines.

 

ScriptsDescription

Golden AMI Pipeline

This helps you to create a Golden AMI Pipeline integrated with a virtual scanner for vulnerability assessments in the image creation pipeline, before they reach production environments and throughout the instance lifecycle.

 

 

Attachments

    Outcomes