We've deployed cloud agents in a dev environment with the hope of removing the need for a competitor product. However, when reviewing the results of the technical reports provided by the agents we're missing DNS, ISC, ISC BIND and Zone Transfer categories, and really only getting patches or basic registry edits. In this dev environment, we have weak cipher suites enabled to try and trigger a positive result but they are not showing up. Any help would be appreciated.
A small number of vulnerabilities can only be detected by connecting on an open port. If this is the only detection logic for that vulnerability, Cloud Agent would not be able to detect it - because the agent is already resident on the asset.
ISC BIND vulnerabilities are one such example - The QID checks for vulnerable version of ISC BIND via TCP and UDP banners. Since the agent is on the host, it wouldn't be able to remotely fire a payload needed to detect this.
This is also highlighted by Qualys in the vulnerability information:
In this case, it is recommended to also scan the asset with a scanner appliance.
- Shyam