We've deployed cloud agents in a dev environment with the hope of removing the need for a competitor product. However, when reviewing the results of the technical reports provided by the agents we're missing DNS, ISC, ISC BIND and Zone Transfer categories, and really only getting patches or basic registry edits. In this dev environment, we have weak cipher suites enabled to try and trigger a positive result but they are not showing up. Any help would be appreciated.
Joseph,
Keep in mind the Cloud Agent will not perform any type of port scan of anything it would have to go out and come back in to do. It only checks internally to the asset itself. There is a document out there that shows the differences, however, you can create a dynamic search list where the CA-Windows Agent Supported Module is checked as well as create the same for CA-Linux Agent. Review the lists and see what you are missing.
The agent will not pick TLS, SSL or anything that would require a port scan.
A small number of vulnerabilities can only be detected by connecting on an open port. If this is the only detection logic for that vulnerability, Cloud Agent would not be able to detect it - because the agent is already resident on the asset.
ISC BIND vulnerabilities are one such example - The QID checks for vulnerable version of ISC BIND via TCP and UDP banners. Since the agent is on the host, it wouldn't be able to remotely fire a payload needed to detect this.
This is also highlighted by Qualys in the vulnerability information:
In this case, it is recommended to also scan the asset with a scanner appliance.
- Shyam
A small number of vulnerabilities can only be detected by connecting on an open port. If this is the only detection logic for that vulnerability, Cloud Agent would not be able to detect it - because the agent is already resident on the asset.
ISC BIND vulnerabilities are one such example - The QID checks for vulnerable version of ISC BIND via TCP and UDP banners. Since the agent is on the host, it wouldn't be able to remotely fire a payload needed to detect this.
This is also highlighted by Qualys in the vulnerability information:
In this case, it is recommended to also scan the asset with a scanner appliance.
- Shyam