Configuring Agents for SQL Scanning
The same agent can be used to scan SQL Databases. However, a modified deployment and configuration approach is required when interfacing scan agents with SQL servers for scanning.
When jobs are scheduled using the central UI, the operator can schedule “An SQL Scan”. Which databases to scan and where, are determined indirectly by which AgentGroups (and hence agents) are selected for the scan.
It is up to the local.cfg files on certain agent installs to define connection information – SQL servers, databases, and credentials. As this configuration is a deployment-time operation, the agent contains tools and commands to help deployment operators verify connectivity with and table access to, their SQL DBs.
- configure DB connections,
- ensure the DB can be connected to,
- ensure the tables & columns are enumerated and rows selected.
The agent deployment can be left in an assured state so that the scan will work when the UI-using central operators actually go to run it.
Note: The contents of your SQL DB must be plaintext in order to perform a successful Quasar scan. Databases with encrypted contents or application-specific encodings will not be accessible for scanning by the default scanner, and will require application support & setup at deployment time to be successful.