Oracle Cloud Infrastructure Documentation

Creating a Compute Scan Recipe with a Qualys Agent

Create a Compute (host) scan recipe using your own Qualys license and then view the results in the Console or the Qualys dashboard.

Before You Begin

Complete the following prerequisites before creating a Compute scan recipe with a Qualys agent.

  1. Create an account in Qualys with a license to use VMDR. You must have a Qualys account with a license to use VMDR before you can create a Compute scan recipe with a Qualys agent. See the Qualys VMDR sign-up page to get started. After you have a license, you must generate a Cloud Agent Activation Key, and enable OCI for the agent. Perform these tasks using the Qualys platform. See the Qualys Cloud Platform documentation for instructions.

  2. Create a dynamic group. Create a dynamic group of instances that you want to scan. See Managing Dynamic Groups.

  3. Write policies. Write Agent-Based Standard Policies and Agent-Based Qualys Policies. See Required IAM Policy for Compute Scanning Recipes.

  4. Create a vault. Create a vault to store your Qualys license information. See Managing Vaults.

  5. Define a secret. Create a secret to store your Qualys license information in the vault. See Creating a Secret in a Vault. Optionally, you can create the secret when you’re creating the recipe.

  6. Review the following important information about Qualys scans:
    • After you create an OCI agent or Qualys agent Compute scan recipe, don't change that recipe to change agents. Create another recipe.

    • Qualys performs scans OCI hosts every four hours. Scanning OCI hosts count toward your Qualys license usage. Contact Qualys for any issues with your license or usage.

    • Viewing Qualys scan results:

      • View Qualys scan results in the Qualys portal about four hours after you have created the new scan target.

      • View Qualys scan results in the OCI Console within 12 hours of creating the new scan target.

Using the Console

To create a Compute scan recipe with a Qualys agent, complete the following steps:

  1. On the Scan Recipes list page, select the recipe that you want to work with. If you need help finding the list page or the recipe, see Listing Compute Scan Recipes.
  2. On the Hosts tab of the Scan Recipes list page, select Create. If you need help finding the list page or the recipe, see Listing Compute Scan Recipes.

    The Create scan recipe panel opens.

  3. Verify that the recipe type is Compute.
  4. Enter a name for the recipe.

    Avoid entering confidential information.

  5. Verify that you want to create the recipe in the selected compartment. Select another compartment if needed.
  6. Select the level of public IP port scanning for this recipe.
    • Standard: Check the 1,000 most common port numbers.
    • Light (default): Check the 100 most common port numbers.
    • None: Don't check for open ports.

    The Vulnerability Scanning service uses a network mapper that searches your public IP addresses . See Ports that are Scanned.

  7. Select the Qualys agent.
  8. Select a Vault in the current compartment. Change the compartment if necessary.
  9. Choose a defined secret from the vault or create a new one. See Defining a Secret for a Compute Scan Recipe.
  10. In Schedule, select a schedule for public IP port scanning.

    The schedule controls how often the targets assigned to this recipe are scanned. Select Daily or one of the Weekly values.

    Note

    To configure the Qualys agent scanning schedule or any other Qualys agent configurations, go to the Qualys dashboard.

  11. (Optional) Select Show advanced options to assign tags to the recipe.

    If you have permissions to create a resource, you also have permissions to add free-form tags to that resource.

    To add a defined tag, you must have permissions to use the tag namespace.

    For more information about tagging, see Resource Tags. If you're not sure if you should add tags, skip this option or ask your administrator. You can add tags later.

  12. Save the recipe using one of the following methods.
    • Select Create scan recipe to create the recipe in the Vulnerability Scanning service.
    • Select Save as stack to manage the stack through the Resource Manager service. On the Save as stack window, complete the fields, and then select Save. For more information about stacks, see Managing Stacks.

After creating a recipe, you can create scan targets and associate them with the recipe. See Creating a Compute Target.