Tuesday, September 11, 2018

Qualys Guard Tips and Tricks


1. Assetview Tag 

Asset Search - Dynamic Rule
Search all assets found / scanned in last 90 days:






<?xml version="1.0" encoding="UTF-8"?>
<TAG_CRITERIA>
 <LAST_SCAN_DATE>
  <SEARCH_TYPE>WITHIN</SEARCH_TYPE>
  <DAYS>270</DAYS>
 </LAST_SCAN_DATE>
</TAG_CRITERIA>


2. Enable Agentless Tracking

To reduce / suppress the duplicated assets because of dhcp, one of effective methods is to enable agentless tracking.
Agentless Tracking
In order to support Agentless Tracking capabilities, QualysGuard will write a unique host ID on your Windows and/or Unix hosts during authenticated scans with agentless tracking enabled. Once the Manager primary contact has accepted this feature, agentless tracking may be enabled in Windows and/or Unix authentication records. For additional help, please visit the online help .


2.1. VM > Scans > Setup > Agentless Tracking > Accept


2.2. VM > Scans > Authentication > Edit [Your Authentication Record] > Login Credentials > "Enable Agentless Tracking"


2.3. VM > Users > Setup > Cloud Agent Setup > "Show unified view of hosts"


Note: QID 45179 for successfully checked tracking
QID 45180 - for failed



3. Change IP tracked host assets to DNS 

Qualys provides multiple mechanisms for tracking assets in your environment; IP, DNS, NetBIOS, Agent, and EC2. In Qualys IP tracking is the default mechanism. DNS and NetBIOS tracking are most useful for DHCP networks.

Note:










No comments:

Post a Comment