Which of the following best describes qualys vulnerability management assessment tool?

Are you studying for the certification?

Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.

Skillset helps you pass your certification exam.

Practice Questions

Study thousands of practice questions that organized by skills and ranked by difficulty.

Personalized Training

Create a tailored training plan based on the knowledge you already possess.

Exam Readiness

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Get A Free Skillset Account

Qualys EDR / Patch Management Blog Series [Part 1]

NOTE: This is the first part of a blog series.

Part 1: Qualys Patch Management (PM)

Part 2: Qualys Endpoint Detection and Response (EDR)

Part 3: PM and EDR Remediation Demonstration

Overview

In this blog post, we will take a look at the Qualys Patch Management (PM) module. We will be answering questions including, “What is Qualys Patch Management?”, “What is it used for?”, “How does it work?”, “How to activate and set up?”, “Which feature does what?”, and “What can we do with this module?”.

Part 2 of this blog series will be focusing on Qualys Endpoint Detection and Response (EDR). EDR is an important endpoint security module similar to PM. Then, in Part 3 of this blog series, we'll be showing various remediation techniques using PM and EDR.

Patch Management (PM) with Qualys: An Overview

Qualys Patch Management is a cloud-based tool that assists security and IT professionals in quickly resolving vulnerabilities and patching their systems.

Qualys Patch Management can:

• Locate any missing fixes.
• Patch your assets, whether they're on-site, on mobile devices, roaming, or in the cloud.

Qualys Patch Management, built on the world's greatest cloud-based security and compliance platform, frees you from the considerable expense, resource, and deployment issues associated with traditional software.

Qualys Patch Management video library will provide you with more information.

Patch Management Features

• Correlates newly found vulnerabilities with the patches that are necessary.
• Allows the use of existing Qualys Agents for deploying and uninstalling patches.
• Patches the operating system and applications, including patches from third-party software suppliers (e.g., Adobe, Java, Google, Mozilla, Microsoft, etc.)
• Enables patching from almost anywhere with an Internet connection (e.g., airports, coffee shops, remote offices, etc.).
• Discovers which patches are missing or required and identifies patches that have been superseded.
• Creates patches for specific vulnerabilities, severity levels, and known threats.

Patch Sources

OS and Application Patches come from Global CDNs for Vendors (e.g., Oracle, Adobe, Microsoft, Apache, Google, etc.)

Qualys validates downloaded fixes using both digital signatures and hash values which are then validated again using Qualys Malware Insights.

Local repository (Qualys Gateway Server)

• Patch downloads requested by one agent are cached on QGS and made “locally” available to other agents who require the patch.
• Manifests and agent binaries are also cached by QGS.

PM Activation and Setup

The following configuration procedures are necessary to use the Qualys Patch Management (PM) program successfully:

4.1 Cloud Agent Module

4.1.1 On the target host, install Cloud Agent.

Note: Cloud Agent must be installed with an activation key that is compatible with the PM module.

Check out the Qualys Cloud Agent Installation Guide with Windows and Linux Scripts if you're not sure how to install and configure “Qualys Cloud Agent.”

4.1.2 Assign a Configuration Profile with PM enabled to the target agent host.

To establish a “Configuration Profile” containing assets, add a new asset tag.

Create a new “Configuration Profile” to work with.

PERFORMANCE: The high-performance option performs more frequent inspections.

ASSIGN HOSTS: Choose which assets will receive this profile. Assets can be found using “Asset Tags or Asset Names.”.

PM: For Configuration Profile, enable the PM module. To accommodate Windows Updates, the cache size must be at least 2048 MB.

4.1.3 Activate the PM module on the target agent host (as an alternative to Configuration)

You can also manually activate the asset module instead of using Configuration Profile to enable PM.

4.2 Patch Management Module

To use the PM module, you must assign hosts to the profile you created.

4.2.1 Assign the target agent host to a PM Assessment Profile that is enabled.

To assign target agents for PM jobs, create an “Assessment Profile.”.

Choose which assets will be assigned.

Note: In the Assessment Profile, only asset tags can be used to choose assets.

Set up an Assessment Schedule to collect patch data from agents.

Note: Scanning time should be at least 4 hours long.

Note: Unlicensed assets will have a 24-hour scan interval.

4.2.2 Assign hosts to PM Jobs (activate the license).

To assign hosts to PM Jobs, you need to activate their licenses. The number of licenses available is limited.

Note: In License Consumption, only asset tags can be used to select assets.

Overview of the PM Application

5.1 Patch Management UI

• CONFIGURATION: Set the frequency of patch assessments and the number of patching licenses to be used.
• JOBS: Use one or more PM Jobs to deploy and/or uninstall specific patches for specific groups of host assets.
• ASSETS: A list of the agent host assets that were activated by the PM module.
• PATCHES: A catalog of application and operating system patches.
• DASHBOARD: This section has widgets that track key patch statistics.

5.2 Assessment Profile

As the Assessment Profile, the System Profile will be used by default.

Assessment scans reveal which patches are missing and which have been implemented on an agent host.

5.3 License Consumption

Asset Tags are used to designate which agent host assets are patchable. (Note: Asset tags are the only way to specify.)

To prevent patching on specific assets, choose the “Exclusion” check box.

PM Deployment Job/ PM Uninstall Job

We'll concentrate on the main stages in patch deployment (PM, VM, VMDR). We'll look at various patch deployment options.

Create Deployment job:

Select your assets. “Asset Tags” or “Asset Names” can be used to select assets.

Patches that are patchable can be chosen. (isSuperseded:false)

Patches are automatically added within scope when you click add patches. Patches that haven't been superseded can be chosen to make patch jobs more efficient.

Note: “Key” symbol nearby patch name means “Acquire from Vendor”. These patches aren't available for download, and they can't be applied to the job.

Patches identified with “key-shaped” icons will not be downloaded by Qualys' Cloud Agent, according to the confirmation notice box.

Selected patches will be listed.

Deployment Jobs can be made to run on demand or scheduled, and Recurring Jobs can be used recursively as daily, weekly, or monthly.

If a patch installation does not begin inside the given Patch Window, the job will be marked as Timed out.

To provide patch jobs for an infinite period of time, choose None.

Allow agents to download required patches prior to the commencement of a scheduled job with the Enable opportunistic patch download option enabled. (Note: This step can be only applied for scheduled jobs.)

Messages sent to the client during deployment.

• Before patch deployment begins, a pre-deployment message is sent to the client. Can be deferred for a specified number of days and a specific time.

• The information signals the Deployment in Progress and Deployment Complete statuses.

Reboot messages were used to inform the client of the reboot.

• Reboots are disabled when you use Suppress Reboot.

• Reboot Request is a notification that the client needs to reboot.
• When the deferment limits are reached, Reboot Countdown displays a countdown message and reboots.

Clients receive pop-up messages. It is possible to customize the message descriptions.

Note: The process of generating an uninstall job is similar to that of creating a deployment job. Instead of downloading patches, simply pick remove patches.

Note: Some of the patches can’t be rollback and uninstall. For this reason, uninstall patches are less than downloadable patches.

6.1 Job Status

On the “View Progress” page, you can see the “Job Status”.

• Enabled: Job is presently active.
• Disabled: Job is presently inactive.
• Completed: Job has been completed.

When the deployment job is finished, click View Progress to see the results.

To see the details of a patch that failed, skipped, or succeeded, click View Patch Details.

Patch details are listed.

6.2 Patching from VM and VMDR

On the VULNERABILITIES section, both VM and VMDR support patching.

The Patches section of the Patch Management Module will be redirected if you click View Missing Patches.

Note: There are no patches for all vulnerabilities.

Filter for vulnerabilities that can be patched. Patches that are required for your job can be added from this section.

6.3 VMDR Prioritization Report

Prioritize your remediation activities with VMDR Prioritization.

Prioritize assets by selecting “Asset Tags”.

Click “Prioritize Now”.

To a new or existing job, add prioritized patches.

The “Add to New Job” or “Add to Existing Job” buttons redirect you to the tab for creating deployment jobs.

Note: Also, Prioritized Vulnerabilities can be filtered as “Patchables”.

PM Assets

When the PM module is enabled, the host assets are displayed. The number of “MISSING” and “INSTALLED” patches is displayed after a successful assessment scan.

Note: All assets have been scanned successfully.

View asset details, add assets to an existing job or add assets to a new job using the Quick Actions menu.

• When you click Add to New Job, you'll be redirected to the deployment job tab.
• The “Add to Existing Job” button redirects you to the “Existing Deployment Jobs” tab.
• Any deployment job can have additional assets added to it before it is enabled.
• A “recurring” job might have additional assets added to it both before and after it is enabled.

For details of missing or installed patches, click the numbers.

You can also add a new or existing job to this section.

Patch Catalog (Patches)

On the Patch Management UI, the “Patches” tab lists all patches that are available or unavailable for assets.

By default, when a tab is clicked, it displays filtered results for available assets.

To see all patches, turn off the filters.

Use the “Quick Actions menu” to view asset details, add assets to an existing job, or add assets to a new job.

Conclusion

In the first part of this series, we have learned about Qualys Patch Management (PM). We have discussed the features, benefits, and sources of Qualys PM. We've learned how to use configurations to activate and set up the PM. We made an overview of the PM application, assets, and patches. We also learned about the “Deployment job”, which is the most important part of PM.

Now, we are ready to investigate the Qualys EDR module. Please join us in Part 2: Qualys Endpoint Detection and Response (EDR) of this blog series, where we’ll learn about EDR, an important endpoint security module similar to Qualys Patch Management (PM).

Check out our Vulnerability Management services to stay secure!

Which of the following best describes active scanning?

Which of the following are the three metrics used to determine CVSS score?

Which of the following best describes what SOX does?

Which of the following is a community developed list of common software weaknesses?