With Agent UDC Support you can evaluate PC user-defined controls using cloud agents. There's no need to create duplicate controls - the controls you've already defined in your PC account for compliance scanning will also be evaluated by cloud agents with no action from you.
We’ve added new agent scan options in certain controls:
Directory Search Check and Directory Integrity Check - the "Use agent scans only" option lets you specify that the control is only evaluated using agent scans.
File Integrity Check and Directory Integrity Check - the "Auto update expected value" option lets you update a control's expected values with the actual values collected from agent scans.
- Agent UDC Support must be available on the Qualys Cloud Platform for your subscription
- Qualys Policy Compliance must be enabled for your subscription
- Qualys Cloud Agent must be enabled for your subscription
- Cloud Agents must be activated for the PC module
- Windows Cloud Agent 2.1.x or later
- Linux & AIX Cloud Agent 2.3.x or later
New agents will automatically support UDCs as long as they meet the minimum version requirement. No user action is required.
To activate UDC support for an existing agent, go to Cloud Agent, identify the agent in your Agents list and choose Assign UDC Manifest from the Quick Actions menu.
For bulk activation, select multiple agents in your list and choose Assign UDC Manifest from the Actions menu above the list.
You’ll see the option "Use agent scans only" in these Windows and Unix control types: Directory Search Check and Directory Integrity Check. When you select this option, the control will only be evaluated using agent scan data. You'll also notice that you can enter wildcards in the Base Directory when defining the control's scan parameters since this is supported by agents.
The option "Auto Update expected value" lets you update a control's expected values with the actual values collected from each cloud agent scan. Enable this option in Directory Integrity Checks and File Integrity Checks. You must also enable "Use scan data as expected value" in the same control (under Control Technologies).