Qualys/log4jscanwin

QID 376160, QID 376195, and QID 376193 still not be being picked up by the Qualys Agent

surbo opened this issue · 12 comments

surbo commented

Can we get an up on the Agent picking up QID 376160, QID 376195, and QID 376193?

We just ran another scan and Qualys did not pick up the stand-alone scanner output from the host.

Thank you.

We also are not seeing detections. could we get a heads up if we need to run a new version of the script or anything like that to get this to work.

Is this actually specific to the agent, or does it impact normal scans as well?

romw commented

I'm investigating this issue, signature deployment is a mostly an automated process these days. All the tickets tracking this issue appear to have been resolved and passed QA checks.

So... I'm a bit surprised to see this right now.

I'll post again when I have more information.

Thank you Rom, wondering if there is a configuration difference between what we have and what you are testing. maybe even cloud agent versions?

romw commented

As of this writing the updated signatures began deployment to the production PODs an hour ago. Full deployment across all PODs can take a couple of hours.

Expect to start seeing changes in the portal in 4 hours.

romw commented

Thank you Rom, wondering if there is a configuration difference between what we have and what you are testing. maybe even cloud agent versions?

It should all be matching right now.

I might be able to get a new release of the utility out in the next day which will cover two additional CVS(s). However, things should be pretty stable at the moment on the agent and utility front.

surbo commented

@romw is there something we can look at within the console to determine if we are running the most updated version that will pick this up?

Hey, just an update. we are starting to see detections come in on this.

surbo commented

Hey, just an update. we are starting to see detections come in on this.

Did you have to do anything special to get the data to import?

surbo commented

We just ran a new scan, and we see the results now. Thanks

Sorry I did not reply sooner Surbo. we just ran the latest script and started seeing detections when the Cloud Agents checked in.

surbo commented

We can close this issue as the scanner is picking up the output now.