Give it a name that helps you to identify it when you assign it to agents. The name can have a maximum of 256 characters.
Select this option and we'll automatically apply this configuration profile when you install agents. This saves you time!
Select if you want all agents using this configuration profile to stop scanning their hosts. What happens? Agents will stop scheduling scans once the profile is downloaded to the agent host. A scan is in progress at the time of the profile download is allowed to complete including all scan subevents (e.g. change list upload, snapshot download, merging). Agents will continue to self update (get new versions), get manifest updates, and get configuration updates after scanning is stopped.
For Windows Agent 4.6 or later, select this option if you want to prevent the tampering of the Qualys Cloud Agent. This includes uninstallation, termination of the agent process, and registry key, file and directory manipulation owned by agent.
Windows Cloud Agents with SQLite In-Memory Databases enabled consumes slightly higher memory, slightly less CPU, and reduced disk. By default, it is disabled.
Select if you want all agents using this configuration profile to stop self-upgrade. The agents will then retain the same agent version and will not be auto-updated. This configuration profile setting applies to Windows Agent 1.5.5+ and Linux/Unix/MacOS Agent 1.6.0+.
Enter a description for your configuration profile. This will be saved with the profile settings and will be visible to all users with access to it.
Configure as many blackout windows as you like. Each window is defined for a timeframe on certain days of the week. Blackout window configuration cannot be 24 hours a day for all 7 days, as the agent will no longer be able to communicate with the platform.
Select a pre-defined performance level (Low, Normal, High) and customize the individual settings. Your settings will be saved with the profile.
Turn on the Customize toggle button to enable the settings. Scroll to the UNIX SPECIFIC PARAMETERS (versions 5.x and above) section and select the required option from the drop-down menu. Your settings are saved with the profile.
By default, the Customize toggle button is turned off. To enable the VM Scan Mode, you need to enable the Customize toggle button.
Note: Even if the Customize toggle button is turned off, the configuration profile will have the Agent User privileges enabled.
By default, when the Customize toggle button is turned on, the Agent User option is selected in the VM Scan Mode drop-down menu.
Give this performance profile a name to help you recognize it.
The performance settings control how agents run the scripts in the agent manifest, which is managed by the cloud platform. You can configure how agents gather security data and upload it to the cloud, agent installation and self-updates, and how agents receive and transmit data in the cloud.
Assign tags and we'll assign this profile to the agent hosts with these tags. Go to the AssetView (AV) application to create and manage tags.
Choose agent hosts by name and we'll directly assign this profile to the hosts you pick.
If this option is enabled, unauthenticated and authenticated vulnerability scan results from agent VM scans for your cloud agent assets will be merged.
If you toggle Bind All to ON, service tries to connect to all the listed ports. Else service just tries to connect to the lowest free port among those specified.
Configure the interval at which the agent collects data for the assets associated with this profile. Data collection interval is the time lapse between the completion of previous scan and the start of the next scan. Specify a value between 240 minutes (4 hours) and 43200 minutes (30 days). Default is 240 minutes.
The time added to the start of scanning, both for new installs and for interval scanning. Value of 0 (zero) means no delay added. Scan Delay configuration is only supported for Windows Cloud Agent 4.4 and later versions.
The range of randomization added to Scan Delay to offset scanning. For example, if the randomization range is 60 minutes, then a random number between 1 and 60 is calculated and used to delay the start of the next scanning interval. Value of 0 (zero) means no randomization will occur. Scan Randomize configuration is only supported for Windows Cloud Agent 4.4 and later versions.
Enable FIM for this agent, and then specify settings for transmitting FIM data to the Qualys cloud platform.
FIM events are transmitted to the Qualys Cloud platform when either of the following occurs: FIM event log file reaches the maximum specified size, payload threshold time is hit, or the disk usage for total FIM data on the agent reaches the maximum specified size.
FIM events are transmitted to the Qualys Cloud platform when the FIM event log file reaches the maximum specified size. You can specify a file size between 10 KB and 10240 KB. Default is 1024 KB. This value can be lower if the Payload threshold time is lower.
FIM events are transmitted to the Qualys Cloud platform when the FIM payload threshold time is hit, ie., the specified seconds elapse after the previous payload was sent to the Qualys cloud Platform. You can specify a threshold between 30 seconds and 1800 seconds. Default is 300 seconds. This value is lower the better to prevent data loss on busy systems.
This is the maximum size on disk available to a Cloud Agent for caching FIM events to be sent to the Qualys Cloud Platform for processing . If the maximum size is reached, the oldest events are deleted in order to create space for newly generated events. You can specify a disk usage size between 100 MB and 2048 MB. Default is 300 MB.
Configure the interval at which the agent collects data for the assets associated with this profile. Data collection interval is the time lapse between the completion of previous scan and the start of the next scan. Specify a value between 240 minutes (4 hours) and 43200 minutes (30 days). Default is 360 minutes.
Configure the interval at which the agent collects data for the assets associated with this profile. Data collection interval is the time lapse between the completion of previous scan and the start of the next scan. Specify a value between 1440 minutes (24 hours) and 10080 minutes (168 hours, that is 7 days). Default is 2160 minutes (36 hours).
Enable EDR for this agent, and then specify settings for transmitting EDR data to the Qualys cloud platform.
EDR events are transmitted to the Qualys Cloud platform when the EDR event log file reaches the maximum specified size. You can specify a file size between 10 KB and 10240 KB. Default is 1024 KB. This value can be lower if the Payload threshold time is lower.
EDR events are transmitted to the Qualys Cloud platform when the EDR payload threshold time is hit, ie., the specified seconds elapse after the previous payload was sent to the Qualys cloud Platform. You can specify a threshold between 30 seconds and 1800 seconds. Default is 60 seconds. This value is lower the better to prevent data loss on busy systems.
This is the maximum size on disk available to a Cloud Agent for caching EDR events to be sent to the Qualys Cloud Platform for processing . If the maximum size is reached, the oldest events are deleted in order to create space for newly generated events. You can specify a disk usage size between 100 MB and 2048 MB. Default is 1024 MB.
PM is enabled by default. Review/update PM configuration settings as appropriate.
This setting determines how much space the agent should allocate to store downloaded patches on the asset. By default, 2048 MB are allocated. If you are planning on using the opportunistic download, where an agent downloads patches before deployment, it is recommended to increase the cache size, or to allow for Unlimited Cache size. Note that the agent will clear the cached files after deployment.