Getting Started with PDQ Detect

Introduction

PDQ Detect is a vulnerability scanning tool which provides continuous attack surface visibility, insights and prioritization to help you spot which vulnerabilities are the most dangerous to your organization, as well as detailed remediation steps to help you stay safe.

  • With the Agent-based option, you can install the PDQ Detect Agent onto your Windows, macOS, and Linux endpoints to scan for vulnerabilities.
  • With the Agentless option, you can set up a scanner VM to look for vulnerabilities on your network, either on-prem or in your AWS or Azure cloud infrastructure.
  • And you're welcome to use both!

If you'd like a free 14-day trial of PDQ Detect, check out our trial guide, which includes a guided setup of both modes.

If you're the kind of sysadmin who prefers to tinker on their own, or if you've been invited to join your organization's existing trial or tenant, read on below for a step-by-step guide for how to set up and use both scanning options via the Detect platform.

 

You may notice the names CODA and Footprint on this platform, and we may link to some CODA-specific documentation. CODA and PDQ Detect refer to the same platform. You know how it goes after companies combine forces - sometimes the branding takes a little while to settle down. If you have any questions, feel free to contact us.

Agent-based

  1. Log into the PDQ Detect Management Portal at https://detect.pdq.com.
  2. On the left bar, click Scan Surface.
  3. On the top menu, click Agent-based Surface.
    • If Agent-based Surface does not appear here, you may need to enable this feature.
      1. Browse to Settings | Client Settings.
      2. Locate the Installation Mode, and select Enable Agent-based.
      3. Click Just enable the features.
      4. You can then return to Scan Surface and click Agent-based Surface.
  4. Switch to the Setup agents tab.
    • On the Use Detect Agents to gain more insights on your organization's internal security page, on the right side, you will see two important pieces of information which you will need to set up each endpoint:
      • 🌐Detect Agent Management URL: https://detect.pdq.com
      • 🔑Detect Agent Token (a unique alphanumeric token which your Internal Scanner VM will use to communicate with your PDQ Detect environment)
  5. Choose the client OS environment where you want to install the PDQ Detect agent, and click Get.
    • Windows:
      • Supported versions: Windows 7+, Windows Server 2008 R2+
      • Silent install commands:
        • .msi: msiexec.exe /i ".\FootprintAgentInstaller.msi" /qn /L*V "C:\windows\temp\fp_install.txt" SERVER_URL="https://detect.pdq.com" TOKEN="112233445566aabbccddeeffgg"
        • .exe: .\FootprintAgentInstaller.exe /S -serverurl https://detect.pdq.com -token 112233445566aabbccddeeffgg
      • Use the actual file location; fill in your Detect Agent Management URL and Token from the information above.
    • MacOS
      • Supported versions: macOS 10.15(Catalina)+
      • Silent install command (.sh/.pkg): Click Get Agent Command for your org's specific curl command. Command is case-sensitive, must be run as sudo.
    • Linux
      • Supported versions: Ubuntu 18.04+.
      • Silent install command (.sh/.deb): Click Get Agent Command for your org's specific wget command. Command is case-sensitive, must be run as sudo.
  6. After you have installed the Detect Agent on one or more endpoints, return to the PDQ Detect Management portal. Browse to Scan Surface | Agent-based Surface, switch to the Deployed agents tab, and confirm that your endpoints appear in the list with a state of Active.

Agentless

  1. Log into the PDQ Detect Management Portal at https://detect.pdq.com.
  2. On the left bar, click Scan Surface.
  3. On the top menu, click Agentless Surface.
    • If Agentless Surface does not appear here, you may need to enable this feature.
      1. Browse to Settings | Client Settings.
      2. Locate the Installation Mode, and select Enable Agentless.
      3. Click Just enable the features.
      4. You can then return to Scan Surface and click Agentless Surface.
  4. Switch to the Setup Scanners tab.
    • On the Install an Internal Scanner service page, you will see three important pieces of information which you will need to set up your Internal Scanner VM:
      • 🔷 Hostname
      • 🌐 Detect Management URL: https://detect.pdq.com
      • 🔑 Internal Scanner Token (a unique alphanumeric token which your Internal Scanner VM will use to communicate with your PDQ Detect environment)
  5. In the What scanner type are you looking to install? section, click your desired configuration:
    • Azure Marketplace
      • Make sure you are signed into your Microsoft Azure tenant. When you select this option, an Azure Marketplace listing (link) for CODA Footprint Cloud Appliance will open in a new browser tab.
      • Click Get It Now to proceed with setup of your Azure VM, specifying the Footprint Management URL and Internal Scanner Token when you are prompted.
      • For detailed setup instructions for your Azure VM, see this article.
    • AWS Marketplace
      • Make sure you are signed into your Amazon AWS tenant. When you select this option, an AWS Marketplace listing (link) for CODA Footprint Cloud Appliance will open in a new browser tab.
      • For detailed setup instructions for your AWS VM, see this article.
    • On your own VM (proceed to step 6)
  6.  (optional) Click On your own VM, and then select your hypervisor and download the corresponding virtual hard disk.
    • You will need to open the selected virtualization platform, create a new VM, and attach the downloaded virtual hard disk.
    • Supported platforms include:
      • VMWare Fusion/Player/Workstation 14+ (VMDK and OVA)
      • Windows Hyper-V (VHD and full VM)
      • QEMU (qcow2)
    • The approximate size of each download is 8GB.
    • Recommended specs will depend on the size of the scan surface, but a minimum of 4GB of RAM/50GB HDD space and 2 CPU cores is recommended, with higher amounts needed for environments with a larger scan surface/number of scan targets.
    • See this article for detailed setup instructions, which will include:
      • Powering on the VM, which will display an IP address to access the web portal for the agentless scanner, via port 8080.
      • Opening up a web browser on another machine on the same network, and browsing to the web portal above.
      • Clicking Configure, and entering the three values from above:
        Hostname, Detect Management URL, and Internal Scanner Token.
  7. After you have configured the cloud or on-prem scanner VM, return to the PDQ Detect portal. Browse to Scan Surface | Agentless Surface, switch to the Deployed Scanners tab, and confirm that your deployed scanner shows a status of Active.

  8. (optional) If you wish, you can define additional scan targets for your agentless scan surface. Browse to Scan Surface | Agentless Surface, and click the button to Add elements to agentless scan surface.

    The scanner VM will attempt to scan any target which is reachable from where it is set up, and identify any vulnerabilities it can detect. You can add public or private IP addresses/ranges, hostnames, and email addresses. See this article for further details.

     

    Please note than vulnerability scanning may be regulated in certain jurisdictions. As a reminder, under PDQ's End User License Agreement, all users must use PDQ software in accordance with the law. Do not scan any target which you do not own or have express written consent from the owner to scan.

What to do next

Once you've set up your agents, agentless scanner VM, or both, and they have had time to complete their scans, you can browse the various options on the left bar.

Here are a few items we suggest you look at first:

    • Elements
      • Click Elements to see these.
      • Elements are all of the things that makes up your organization. Your devices, your applications, what applications you have installed (and which versions have known vulnerabilities!), your business contexts (which include a few that we've set up for you), as well as any business contexts you may wish to set up and define yourself (e.g. a particular subnet, physical office).
    • Executive Report
      • Click on Reports, locate the Executive Report at the top of the page, and click Download PDF to download a top-level overview of your organization's vulnerabilities for leadership.
    • Remediations
      • Remediations are actions you can take to resolve vulnerabilities which will help make your organization more secure. 
      • Click Reports, then switch to the Remediation tab, and view or download the Remediation Report.
    • Vulnerabilities
      • Vulnerabilities are conditions which were found in your environment which make you vulnerable to a known attack vector, such as an outdated OS patch level or software version, a configuration status, etc. Vulnerabilities may correspond to a public CVE (Common Vulnerabilties and Exposures) number.
    • Risks
      • The Contextual Risk Scoring Report ranks vulnerabilities according to how dangerous they are to your business, based on a combined contextual risk score, which accounts for a particular vulnerability's impact, exploitability, and weaponization.

 

Was this article helpful?
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.