The Qualys Cloud Platform and its integrated apps can simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Qualys Scanner Appliance is an option with the Qualys Cloud Platform. With the Qualys Scanner Appliance, you can easily assess internal network devices, systems and web applications. This post summarize some of my experience with Qualys Guard service from Qualys Scanner Appliance.
1. Assetview Tag
Asset Search – Dynamic Rule
Search all assets found / scanned in last 90 days:
<?xml version=”1.0″ encoding=”UTF-8″?><TAG_CRITERIA> <LAST_SCAN_DATE> <SEARCH_TYPE>WITHIN</SEARCH_TYPE> <DAYS>270</DAYS> </LAST_SCAN_DATE></TAG_CRITERIA>
2. Enable Agentless Tracking
To reduce / suppress the duplicated assets because of dhcp, one of effective methods is to enable agentless tracking.
2.1. VM > Scans > Setup > Agentless Tracking > Accept
2.2. VM > Scans > Authentication > Edit [Your Authentication Record] > Login Credentials > “Enable Agentless Tracking”
2.3. VM > Users > Setup > Cloud Agent Setup > “Show unified view of hosts”
Note: QID 45179 for successfully checked tracking
QID 45180 – for failed
3. Change IP tracked host assets to DNS
Qualys provides multiple mechanisms for tracking assets in your environment; IP, DNS, NetBIOS, Agent, and EC2. In Qualys IP tracking is the default mechanism. DNS and NetBIOS tracking are most useful for DHCP networks.
Note:
- Qualys Article Number: 000002856
- Understanding IP, DNS, and NetBIOS Tracking and Scan by Hostname
- Change IP tracking method from IP to DNS, it will require to remove all hosts assets. Basically remove all assets then start it from beginning.
4. Purge Assets Older than 90 Days
The idea is to find all assets not scanned in last 90 days then purge them all.
Best Practice to maintain a timely and effective report in Qualys from Qualys Community:
Youtube Video: