For those of you that want to quickly update your asset tags on a regular basis, a light scan is a great way to do just that. Note this will not update all tags, only the tags for the QIDs listed below will be updated. Please find below the settings for a scan that mimics a map.
This scan will retrieve the following information for live hosts with minimal probing:
- DNS name.
- NetBIOS name.
- Live services.
- Operating system. (Note, will only update the Operating System tag if fingerprinting is successfully confirmed to one OS.)
- Traceroute (to replace "Router" column).
First, create a static search list to capture traceroute info.
Static Search List:
- Traceroute, QID 45006.
Next, create the option profile. Suggested title is "Map-like scan"
Option profile Scan settings:
- TCP Ports: None.
- TCP Ports, Additional: 21-23, 25, 53, 80, 88, 110-111, 135, 139, 443, 445.
- UDP Ports: None.
- UDP Ports, Additional: 53, 111, 135, 137, 161, 500.
- Vulnerability Detection: Custom, add search list with Traceroute, QID 45006.
- Include Basic host information checks.
- Overall Performance: Custom
- External Scanners: 4
- Internal Scanners: 4
- Packet Delay --> Packet (Burst) Delay: Long
- Port Scanning and Host Discovery --> Intensity: Low
Option profile Additional settings:
- TCP Ports: Standard.
- UDP Ports: None.
- ICMP: Yes.
There are a few differences.
- The "A" or "Approved" column will not exist. Scans live in a different database.
- The "S" or "Scannable" column will not exist, but this is moot. QualysGuard will warn you that a host has not yet been added to the subscription. You can add all hosts within the range, and then delete the hosts from the subscription post-scan. You will not be charged as long as you delete the hosts you don't use from the subscription.
- The "L" or "Live" column refers to hosts that are alive and will exist.
- The "N" or "In Netblock" column will not exist. You will be able to use the Traceroute QID 45006 for any intermediary hosts.