Qualys Cloud Agent Lab

Have you ever thought about how to detect vulnerabilities on your machine? With Qualys, I can show you how to identify and assess the weaknesses on your device in an efficient manner.

Qualys is a well known company in the security and compliance cloud solutions space. As a cloud based cybersecurity and vulnerability management platform, It offers many different solutions such as Vulnerability Management Detection & Response as well as Cloud Security.

For this project, I used Qualys Community Edition which was limited in scope to Qualy’s offerings. The Vulnerability Management module and Cloud Agent module were primarily used.

Before working using Qualys, I created a virtual machine using Ubuntu. I will provide a more detailed writeup on how this was set using a M1 Mac up but below are simple steps:
1. Download Virtual Box & Ubuntu
2. Install Virtual Box
3. Create virtual Machine for Ubuntu
4. Install Ubuntu
5. Update Ubuntu and Install GNOME Desktop (Desktop environment for Linux)
6. Install Virtual Box Guest Additions (Drivers and software to enhance performance of the VM)
7. Configure Display Settings & Performance to your liking

Downloads
VirtualBox - https://www.virtualbox.org/wiki/Downloads
Ubuntu ARM64 ISO - https://ubuntu.com/download/server/arm
VM successfully created below:

Now the fun stuff begins.
Navigate to Qualys community edition - https://www.qualys.com/community-edition/
To sign up you unfortunately need a work email but you can bypass this by using a student email or using Google Workspace to get a free work email. Once in, you will come to the VM dashboard.

We now need to install the cloud agent on the device. See steps below:
1. Click Vulnerability Management and navigate to Cloud Agent.
2. Click Activation key and select new key.
3. A pop up will be shown listing the activation key along with various installers.
4. Select Linux(.deb) ARM64 installer. (Note well package architecture must match system architecture. You can see the error message that arises when they dont match in the screenshot below.)
5. Next, follow the steps listed : Installation, Activation of the Cloud Agent and Updating Qualys Proxy settings.

See screenshots below showcasing steps listed.

Screenshot of Commands Used To Download On Ubuntu

Installation: sudo dpkg --install QualysCloudAgent.deb

Activation: sudo /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=XXXXXXX-XXXX-XXXX-XXXX CustomerId=XXXXX-XXXX-XXXX

Update Proxy: echo "qualys_https_proxy=\"http://<proxy-url>:1080"" > /etc/sysconfig/qualys-cloud-agent

Restart Services: systemctl restart qualys-cloud-agent

Congrats, now that we have installed this agent and it has connected to the Qualys platform and registered itself, we will now see discovery results appear. Navigate to Vulnerability Management module and then to vulnerabilities. We can see that there are 21 vulnerabilities present for the device each with varying severity ratings.

Notice the “QID” column. QID stands for Qualys ID and it is a unique number assigned to a specific vulnerability.

Some QIDs observed were:

Ubuntu Security Notification for Python Vulnerabilities (USN-7583-1) - 6022172

Open Virtual Private Network (OpenVPN) Server TLS-crypt-v2 Security Vulnerabilities - 383044

You can click this to view details on the vulnerability such as detection summary and patches.

Under General Information, we can see the CVE (Common Vulnerabilities & Exposures), the different CVSS (Common Vulnerability Scoring System) scores which influence the severity score. Additionally, we can see the impact that can occur if this vulnerability is exploited along with the solution.

Alternatively we can gather this information by navigating to Knowledge Base and inputting the QID. For communication purposes in a large organization, I prefer using this method as I have used this at my own job.

To finally remediate one of the vulnerabilities observed, we can go to the link provided in Qualys and see details of this vulnerability along with the remediation which in this case is a standard system update.

Solution: https://ubuntu.com/security/notices/USN-7568-1

Some time has passed since our initial scan and we can now see that there are only 3 vulnerabilities still present after remediations, such as system updates, were carried out.

We also now see 2 new vulnerabilities:
Ubuntu Security Notification for GnuTLS Vulnerabilities (USN-7635-1) - 6022258
Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-7634-1) - 6022257

Looking at Asset details, we can in fact see that 17 vulnerabilities were indeed remediated.

With that, we have been able to achieve our goal of detecting vulnerabilities on our device.

Regarding the Vulnerability Management lifecycle, we were able to focus on asset discovery, prioritization, vulnerability scanning, remediation, verification, monitoring and reporting.

Some next steps that could be taken is to manually remediate the existing vulnerabilities, verify they have been remediated along with monitoring and reporting the findings.

Please also note that the cloud agent works differently from traditional scans. You will not see data from scan reports because a scan was not run in the traditional sense. The data regarding the vulnerabilities comes from the agent which is continuously monitoring the VM and uploading the results.

Qualys is a powerful platform used by big name companies such as Home Depot, Capital One and Cisco. Getting experience with this tool can definitely help in the job interview process and also lets you know if your device is vulnerable or not .

I plan to continue improving my knowledge of the vulnerability management lifecycle and the Qualys platform through labs and certifications.

Resources:

Qualys Community Edition - https://www.qualys.com/community-edition/

VirtualBox - https://www.virtualbox.org/wiki/Downloads

Ubuntu ARM64 ISO - https://ubuntu.com/download/server/arm

Qualys Vulnerability Details - https://docs.qualys.com/en/vmdr/latest/assets/vulnerability_details.htm

Ubuntu Remediation - https://ubuntu.com/security/notices/USN-7568-1