Manage Middleware Assets

Evaluate compliance posture on your assets by assessing the middleware technologies installed in your environment using your PC agents. You can dynamically discover and assess middleware technologies like webservers in your environment. We provide you with two ways to quickly get started. You can either choose to enable all your agents to be activated for middleware assessment by default or you can have the assets listed in the Middleware Assets tab and activate it individually.

If you choose to enable by default, it will take away your need to monitor the asset list and then activate the asset. As soon as supported technology instances are discovered on the assets, they will be activated for assessment. As a part of activation process Middleware manifest will be installed on your agent.

In case you choose to activate the asset individually, the manifest is installed on the agent once you choose to activate the asset for assessment.  

The middleware assets and technologies installed on the assets are identified using cloud agents and are listed in the Assets > Middleware Assets tab. There's no need to create duplicate controls - the controls you've already defined in your PC account for compliance scanning will also be evaluated by cloud agents with no action from you.

Pre-requisites

- Qualys Policy Compliance must be enabled for your subscription

- Qualys Cloud Agent must be enabled for your subscription

- Cloud Agents must be activated for the PC module

- Windows Cloud Agent 4.0.x or later

- Linux Cloud Agent 2.8.x or later

Know more about the Supported Middleware Technologies

Identify Middleware Assets

Set up Cloud Agent on the assets you want to scan for assessment of middleware technologies. Once the assets are scanned by the agents the middleware technology details of assets are listed in the Middleware Assets tab.

Here you can view details like number of instances of the technology on your asset, OS, Status, Update Date, etc. There could be a delay in displaying the discovered details in the list depending on intervals set on your Cloud Agent scans.

Middleware Assets list

Not Activated - The asset is not yet activated for middleware assessment. When a technology is identified by agent for first time on the asset, it is listed as Not Activated.

Successful Activation - The asset is activated for middleware assessment. You can run policy compliance reports on this asset for middleware.

Successful Deactivation - The asset is temporarily deactivated for middleware assessment and will be eliminated from upcoming policy reports.

Activate assets for middleware assessment

When a technology is identified by agent for first time on an asset, it is listed as Not Activated.

To activate the asset, select the asset and from the Action menu choose Activate Middleware Assessment. You can choose to activate multiple assets at the same time. Once the asset is activated, the Middleware manifest is assigned to the agent and status is set to Successful. You can now create policies and run compliance reports on these assets for the middleware technologies.

Activate Middleware Assessment

 

Similarly, you can deactivate an asset for assessment using the Deactivate Middleware Assessment option. Once deactivated, the data for technologies on assets will no longer be assessed and will not be displayed in the policy compliance report. However, data collected before deactivation can still be viewed in the report.

You can reactive assessment on an asset any time using the Activate Middleware Assessment option.

Activate assessment on assets by default

You can set the assets to be activated for assessment by default as soon as they are discovered.

Navigate to Assets > Setup, click Middleware Assessment and select the Enable Middleware Assessment by default option.

Enable Middleware Assessment by default setup option

Sample Middleware Assessment Report

Here is a sample Middleware Assessment report for CentOS Linux 7.6.1810

sample middleware assessment report