Get Started with Agent Correlation Identifier (beta)

Agent Correlation Identifier allows you to merge unauthenticated and authenticated vulnerability scan results from scanned IP interfaces and agent VM scans for your cloud agent assets. The Agent Correlation Identifier is supported for VM only and is detected by QID 48143 “Qualys Correlation ID Detected”.
For more information on merging unauthenticated and scan agent results, visit our blog and watch video!

Prerequisites

The Agent Correlation Identifier feature must be available on your Qualys Cloud Platform.

- Your agent hosts must have the minimum Cloud Agent version: Windows Agent version 4.2 or later | Linux Agent version 3.1 or later

- The agent configuration profile must have the Agent Scan Merge option enabled. See steps below to learn how to enable this option in the Cloud Agent UI.

- The following TCP ports must not be blocked: 10001, 10002, 10003, 10004, 10005. These ports will be included in your vulnerability scans automatically when the agent correlation identifier option is accepted. We’ll add these ports to the scanned ports list.

- Your vulnerability scans must include Information Gathered QID 48143 “Qualys Correlation ID Detected”. A Full vulnerability scan will include this QID by default. If you run a custom scan using a search list, then you’ll need to make sure this QID is included. Add the QID to a search list and add the search list to the scan option profile under Vulnerability Detection: Custom.

What are the steps?

Follow the steps below to start using the Agent Correlation Identifier.

In Cloud Agent:

1) Toggle On the Enable Agent Scan Merge for this profile option in the configuration profile. Choose Cloud Agent from the app picker, then go to Agent Management > Configuration Profiles. Create a new profile (or edit an existing profile) and select this option.

In Vulnerability Management:

2) (Manager primary contact) Go to Assets > Setup > Asset Tracking & Data Merging. On the Unique Asset Identifiers tab, scroll down to Agent Correlation Identifier and select the option Accept Agent Correlation Identifier.

3) Go to Scans > Option Profiles. Create a new option profile (or edit an existing profile) and make sure the scan is a Full scan or Custom scan with QID 48143 added.

4) Run new vulnerability scans to start gathering data for QID 48143.