Tuesday, September 11, 2018

Qualys Guard Tips and Tricks

1. Assetview Tag 

Asset Search - Dynamic Rule
Search all assets found / scanned in last 90 days:

<?xml version="1.0" encoding="UTF-8"?>

2. Enable Agentless Tracking

To reduce / suppress the duplicated assets because of dhcp, one of effective methods is to enable agentless tracking.
Agentless Tracking
In order to support Agentless Tracking capabilities, QualysGuard will write a unique host ID on your Windows and/or Unix hosts during authenticated scans with agentless tracking enabled. Once the Manager primary contact has accepted this feature, agentless tracking may be enabled in Windows and/or Unix authentication records. For additional help, please visit the online help .

2.1. VM > Scans > Setup > Agentless Tracking > Accept

2.2. VM > Scans > Authentication > Edit [Your Authentication Record] > Login Credentials > "Enable Agentless Tracking"

2.3. VM > Users > Setup > Cloud Agent Setup > "Show unified view of hosts"

Note: QID 45179 for successfully checked tracking
QID 45180 - for failed

3. Change IP tracked host assets to DNS 

Qualys provides multiple mechanisms for tracking assets in your environment; IP, DNS, NetBIOS, Agent, and EC2. In Qualys IP tracking is the default mechanism. DNS and NetBIOS tracking are most useful for DHCP networks.


No comments:

Post a Comment