I need facts on memory usage on the target host when running a vulnerabilty scan?
I understand VM is agent less and mostly all processing is performed remotely, however, I was wondering if I can find some online information on memory allocation.
The most effective way that I found for this was to run some of the sysinternals tools while an Authenticated scan is running. There are two tools that will be very helpful in determining the impact of the authenticated scan's on your devices:
1) tcpview.exe (http://live.sysinternals.com/tcpview.exe) - this will show you a list of all active TCP connections to your systems and the number of packets being transferred to and from the qualys appliance. It also summarizes that data and avoids the need for individual packet analysis tools such as Wireshark. This will also link the connection to the PID. This will also be beneficial for authenticated and unauthenticated scans.
2) procexp.exe (http://live.sysinternals.com/procexp.exe) - This will show you the processes that are created for the authenticated scan and how much memory they are using. It will require a careful eye as the dissolvable agent does not show up as "qualysagent.exe". However, the performance impact is very minimal when I did the test.
Some of the other sysinternal's tools may be helpful, but overkill for what you are testing.
Retrieving data ...