Finding Assets within Qualys Using the Qualys Host ID

Document created by Spencer Brown Employee on Nov 4, 2019Last modified by Spencer Brown Employee on Nov 7, 2019
Version 4Show Document
  • View in full screen mode

Assets can be searched by IP, Hostname, etc.  Another option is to use the UUID written to the endpoint on Windows and Unix operating systems.  We will discuss searching by this identifier below.

 

 Use Case:

For ephemeral IP addresses and with Agentless Tracking and Unified View enabled, it can be difficult to find the scan results from your most recent scan by searching by IP within Asset Search.  This is in part due to the record merging into an existing record from a previous/original scan.

 

Note: this use case is geared more towards ephemeral IP addresses; however, can be used whenever unable to locate an asset by IP, Hostname, NetBIOS, etc.

 

More about Agentless Tracking and Unified View: How to Merge Agent Data 

 

 

Asset Search

 

Vulnerability Management -> Assets -> Asset Search

 

Using QID 45179 Report Qualys Host ID Value

 

 

This will only be populated if scans are completed by the scanner and QID 45179 Report Qualys Host ID Value is found.

 

Agentless Tracking is not enabled by default.  Please see Getting Started with Agentless Tracking 

 

 

Search Tokens

 

Using 'agentId' search token

 

 

 

This same search can be completed in Cloud Agent UI, AssetView and the VM Dashboard

3 people found this helpful

Attachments

    Outcomes