Enhancing Qualys Cloud Agent Purge Rules: Unleash Greater Control Without Sacrificing Visibility!
Last updated on: October 26, 2023
Cybersecurity is a business imperative, enabling enterprises to enhance strong operational practices and accelerate their digital transformation efforts. Enterprises successfully safeguard critically sensitive data and assets by improving suitable tools, products, and services.
With that in mind, Qualys announces a significant enhancement to the Purge Rules Feature that gives you more control and flexibility.
Introducing the Option Not To Uninstall the Agent
One of the most significant enhancements to the Purge Rules is introducing an option that allows you not to uninstall the agent when performing asset purges in GAV/CSAM 2.16. This will become the default option for all new and existing purge rules, ensuring a seamless and efficient customer experience and a host of benefits.
Retain Visibility to Your Assets
Previously, when an asset was purged, the associated data would be removed from your account, and the license for that asset would be freed up. Additionally, if the asset had a cloud agent, it used to be uninstalled. This leads to inadvertent loss of visibility into the asset, which might be particularly concerning if the purge was accidental.
With the new option to not uninstall the agent, one can now have complete visibility of an asset even after a purge. If the agent communicates again, it will re-provision itself and create a new asset record in Qualys, a fresh first-found date. It now ensures you don’t inadvertently lose sight of an asset due to a purge.
Fine-Tune Your Purge Rules
Retaining agents during purges allows you to be thorough with your rules without losing visibility. You can configure your purge rules to keep the asset inventory in check, ensuring that only the necessary data is retained while maintaining comprehensive coverage. Thus balancing data management and asset visibility.
Stay Within License Counts
With the new default option to not uninstall the agent, you can efficiently manage license counts. Assets with retained agents won’t consume additional licenses, and you can better use your Qualys licenses without compromising security or visibility.
How It Works
Purge rules will now offer two options:
- Not Uninstall the Agent: This is the default option, ensuring the agent is not uninstalled during the purge. If the agent communicates with Qualys again, it will re-provision itself, and a new record will be created with freshly created and first-found dates.
- Uninstall Agent: This option allows you to remove the agent per the previous behavior if needed.
In addition, Qualys has expanded this option to on-demand purge in GAV/CSAM, allowing ad-hoc purge without uninstalling the agent.
Conclusion
We believe this enhancement to our Purge Rules will provide you with better visibility into your attack surface, an accurate enterprise’s overall security posture and compliance position, and peace of mind from a license point of view. Your assets and data are essential, and we’re committed to helping you manage them with precision and ease.
Does this affect the API also?
such as : /qps/rest/2.0/uninstall/am/hostasset
or
/api/2.0/fo/asset/host/ with action=purge
Hi Michael, in regards to the APIs:
1) /qps/rest/2.0/uninstall/am/hostasset – this feature does not change this API as it’s intended to uninstall the agent as the name suggests
2) /api/2.0/fo/asset/host/ with action=purge – this feature does not change this API as it already does not uninstall the agent
3) On-demand purge in GAV/CSAM UI will give you the option as well