Installing Cloud Agents for Patch Management
Agent installations are managed in Cloud Agent (CA).
Qualys Cloud Agent Platform
Our revolutionary platform gives you continuous security updates through the cloud using lightweight cloud agents. Go to Cloud Agent (CA) app to install agents and activate them for PM. It's possible to activate existing agents for PM with other capabilities that are available in VM and PC modules.
Let's get started!
Choose CA (Cloud Agent) from the app picker.
What are the steps?
Create an activation key. Go to Activation Keys, click the New Key button. Give it a title, provision for the PM application and click Generate.
As you can see you can provision the same key for any of the other applications in your account. To understand the license numbers, see About Available License Count.
Download Installer
Based on your preference, click Install instructions next to Windows (.exe) or Linux (.rpm).
Review the installation requirements and click Download
You'll run the installer on each system from an elevated command prompt, or use a systems management tool or Windows group policy.
Your agents should start connecting to our cloud platform.
For Windows agent:
For Linux agent, to enable patch installation on Linux assets, ensure the following:
- The Agent must be running with root user or as sudo user. You can configure users by using the Agent configuration tool.
- For RHEL 6 and 7, the supported Cloud Agent version is 4.0 and later.
- For RHEL 8, CentOS 6 and 7, the supported Cloud Agent version is 4.6 and later.
- For Oracle Linux 6, 7, 8, Amazon Linux, and Amazon Linux 2 the supported Cloud Agent Version is 4.8 and later.
- Supported YUM file version 3.2.29.
- YUM file must be configured with debugloglevel >= 2 Default is 2.
- The YUM file is configured with correct proxy settings.
- The endpoint is subscribed for active Red Hat subscriptions.
- For Ubuntu Linux 18, 20, and 21, and Debian 9, 10, and 11 the supported Cloud Agent version is 4.9 and later.
If the proxy is configured for a machine, then add the same proxy: /etc/apt/apt.conf.d/proxy.conf
Example:
Acquire::http::Proxy "http://<<proxy_ip_address>>:<<port>>"
Acquire::https::Proxy "https://<<proxy_ip_address>>:<<port>>"
Your host must be able to reach your Qualys Cloud Platform (or the Qualys Private Cloud Platform) over HTTPS port 443. On the Qualys Cloud Platform, go to Help > About to see the URL your host needs to access. For more information about connectivity requirements/proxy settings refer to the platform specific Cloud Agent Installation Guides available on https://www.qualys.com/documentation/.
Enable Cloud Agent to Download Patches
To ensure that the Cloud Agents can successfully download patches, you must add the download URLs to the allowlist. Click here to refer to the list of URLs that you must add to the allowlist.
Activate your agents for PM
Go to the Agents tab, and from the Quick Actions menu of an agent, click "Activate for FIM or EDR or PM or SA". (Bulk activation is supported using the Actions menu).
For Linux assets, you also need to activate Vulnerability Management (VM) along with PM because the missing patches for Linux assets are derived from the vulnerability scan performed by the agent.
Click "Activate Agent" and activate VM to see the missing patches for Linux assets on the Patch Management UI.
Activate PM in a CA configuration profile
Create a new CA configuration profile for Patch Management. On the PM tab, toggle “Enable PM module for this profile” to ON.
You're ready!
Select PM from the application picker and then create a deployment job to start installing patches on your assets.