I've recently taken over being the overall Admin for Qualys and my teams vulnerability management responsibilities and after looking at the way its been organized in the past, I think there are some big steps I can take to get data better organized, manageable....overall just much more useful for prioritizing efforts, reporting about security posture, tracking assets, etc.
I've spoken with my Qualys rep about basic best practices for asset groups and tagging, the biggest pieces I want to start leveraging in the immediate future, but I wanted to ask the community if they have any tried and true organization techniques for their asset groups, tags, and anything else.
Right now, as it relates to tagging, the basic stuff I've discussed thus far is as follows....
- Operating Systems
- OS 1
- OS 2
- OS 3
- Location 1
- Location 2
I feel like this is a good start but again, anything ya'll find extremely useful that you recommend implementing?
As far as asset groups, same sort of thing....without all too many details how have you best leveraged the groups? Group IPs by network (e.g. DMZ, Internal, etc)? It was recommended to me to not have more than a 3-5 groups and then use tagging to really organize things.
Any advice for a newbie is appreciated!