Configuration Profile settings

General Info

Name your configuration profile

Give it a name that helps you to identify it when you assign it to agents. The name can have a maximum of 256 characters.


Make this profile the default

Select this option and we'll automatically apply this configuration profile when you install agents. This saves you time!


Suspend Scanning on all agents using this profile

Select if you want all agents using this configuration profile to stop scanning their hosts. What happens? Agents will stop scheduling scans once the profile is downloaded to the agent host. A scan is in progress at the time of the profile download is allowed to complete including all scan subevents (e.g. change list upload, snapshot download, merging). Agents will continue to self update (get new versions), get manifest updates, and get configuration updates after scanning is stopped.


Prevent auto updating of the agent binaries

Select if you want all agents using this configuration profile to stop self-upgrade. The agents will then retain the same agent version and will not be auto-updated. This configuration profile setting applies to Windows Agent 1.5.5+ and Linux/Unix/Mac Agent 1.6.0+.


Description for this profile

Enter a description for your configuration profile. This will be saved with the profile settings and will be visible to all users with access to it.

 

Blackout Windows

Defining blackout windows

Configure as many blackout windows as you like. Each window is defined for a timeframe on certain days of the week. Blackout window configuration cannot be 24 hours a day for all 7 days, as the agent will no longer be able to communicate with the platform.

 

Performance Settings

Customize performance settings

Select a pre-defined performance level (Low, Normal, High) and customize the individual settings. Your settings will be saved with the profile.

 

New Performance Profile

Name this performance profile

Give this performance profile a name to help you recognize it.


Set parameters

The performance settings control how agents run the scripts in the agent manifest, which is managed by the cloud platform. You can configure how agents gather security data and upload it to the cloud, agent installation and self-updates, and how agents receive and transmit data in the cloud.

 

Assign Hosts

Assign hosts to this profile (by tag or by name)

Assign tags and we'll assign this profile to the agent hosts with these tags. Go to the AssetView (AV) application to create and manage tags.

Choose agent hosts by name and we'll directly assign this profile to the hosts you pick.

 

Scan Interval

Configure scan interval

Configure the interval at which the agent collects data for the assets associated with this profile.

Specify a value between 240 minutes (4 hours) and 43200 minutes (30 days). Default is 240 minutes.

 

FIM

FIM configuration

Enable FIM for this agent, and then specify settings for transmitting FIM data to the Qualys cloud platform.

FIM events are transmitted to the Qualys Cloud platform when either of the following occurs: FIM event log file reaches the maximum specified size, payload threshold time is hit, or the disk usage for total FIM data on the agent reaches the maximum specified size.


Max event log size

FIM events are transmitted to the Qualys Cloud platform when the FIM event log file reaches the maximum specified size. You can specify a file size between 10 KB and 10240 KB. Default is 1024 KB. This value can be lower if the Payload threshold time is lower.


Payload threshold time

FIM events are transmitted to the Qualys Cloud platform when the FIM payload threshold time is hit, ie., the specified seconds elapse after the previous payload was sent to the Qualys cloud Platform. You can specify a threshold between 30 seconds and 1800 seconds. Default is 300 seconds. This value is lower the better to prevent data loss on busy systems.


Maximum disk usage for FIM Data

This is the maximum size on disk available to a Cloud Agent for caching FIM events to be sent to the Qualys Cloud Platform for processing . If the maximum size is reached, the oldest events are deleted in order to create space for newly generated events. You can specify a disk usage size between 100 MB and 2048 MB. Default is 300 MB.

EDR

EDR configuration

Enable EDR for this agent, and then specify settings for transmitting EDR data to the Qualys cloud platform.

Max event log size

EDR events are transmitted to the Qualys Cloud platform when the EDR event log file reaches the maximum specified size. You can specify a file size between 10 KB and 10240 KB. Default is 1024 KB. This value can be lower if the Payload threshold time is lower.

Payload threshold time

EDR events are transmitted to the Qualys Cloud platform when the EDR payload threshold time is hit, ie., the specified seconds elapse after the previous payload was sent to the Qualys cloud Platform. You can specify a threshold between 30 seconds and 1800 seconds. Default is 60 seconds. This value is lower the better to prevent data loss on busy systems.

Maximum disk usage for EDR Data

This is the maximum size on disk available to a Cloud Agent for caching EDR events to be sent to the Qualys Cloud Platform for processing . If the maximum size is reached, the oldest events are deleted in order to create space for newly generated events. You can specify a disk usage size between 100 MB and 2048 MB. Default is 1024 MB.

PM

PM configuration

PM is enabled by default. Review/update PM configuration settings as appropriate.

Cache size

This setting determines how much space the agent should allocate to store downloaded patches on the asset. By default, 2048 MB are allocated. If you are planning on using the opportunistic download, where an agent downloads patches before deployment, it is recommended to increase the cache size, or to allow for Unlimited Cache size. Note that the agent will clear the cached files after deployment.