I am trying to tag using the CPE and it simply will not do it.
I can create an asset search using the cpe and receive 300 records as expected. When click the create tag button it tags all of my assets(+3000). When I go edit the created tag rule the xml does not contain any CPE entry.
Is anyone else having this issue? I would be happy to manually add this xml but do not know the proper variable for "OS CPE".
Brian - I've seen this same behavior and have submitted a feature request to modify the Asset Tagging functionality to allow for the use of the CPE field as I find it to have a higher degree of accuracy vs. the OS field. Apparently, the FR was already existing, so we were just added to the list. I would suggest that you do the same, so Qualys can see continuing interest in the feature and potentially increase it's priority.
I also would like to request the functionality that the Asset Search with OS CPE can activate the create tag. Or at least add OS_CPE as a searchable field for Dynamic Tags if we utilize Asset Search Rule Engine with XML.
<?xml version="1.0" encoding="UTF-8"?>
<TAG_CRITERIA>
<OS_CPE>
<SEARCH_TYPE>BEGINNING</SEARCH_TYPE>
<SEARCH_TERM>cpe:/o:vmware:esxi:6</SEARCH_TERM>
</OS_CPE>
</TAG_CRITERIA>
Error: An error occurred while creating the tag: The supplied configuration was empty - you must have at least one criteria.
I also wanted to do this and figured out how using the Groovy Script dynamic tag feature. The "ah ha" moment was when I figure out that the CPE information is returned in QID 45017. I have a set of tags based on this around CPE values. I have condensed the multiple tags into a single script and added extra comments in bold to explain how it works.
// Skip testing on any non-VM hosts.
// Only check assets that are hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Test command to view returned data.
//I remove the comment the next line and comment out every line below this one the one below when I want to test what my scripts are returning. Just select any assets and click the gear button next to the asset to see the output from the command.
//asset.resultsForQid(45017).toString();
//
// Find all assets where the QID 45017 contains the text "CPE".
// If the contents of QID 45017 contains the string "CPE" then apply the tag. In this case the name the tag is "Has CPE"
//if(asset.resultsForQid(45017).contains("CPE")) return true;
// Find all assets where the QID 45017 does not contain the text "CPE".
// If the contents of QID 45017 does not contain the string "CPE" then apply the tag. In this case name the tag is "No CPE"
if(!asset.resultsForQid(45017).contains("CPE")) return true;
// Find all assets where the QID 45017 does not contain the text "cpe:/o:microsoft:windows_7::sp1:x64:".
// If the contents of QID 45017 does not contain the string "cpe:/o:microsoft:windows_7::sp1:x64:" then apply the tag. In this case name the tag is "Windows 7 SP1 64-bit"
//if(!asset.resultsForQid(45017).contains("cpe:/o:microsoft:windows_7::sp1:x64:")) return true;
//
// Else return false.
// This next line is not specifically needed but I like to keep my code explicit.
return false;
I also wanted to do this and figured out how using the Groovy Script dynamic tag feature. The "ah ha" moment was when I figure out that the CPE information is returned in QID 45017. I have a set of tags based on this around CPE values. I have condensed the multiple tags into a single script and added extra comments in bold to explain how it works.
// Skip testing on any non-VM hosts.
// Only check assets that are hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Test command to view returned data.
//I remove the comment the next line and comment out every line below this one the one below when I want to test what my scripts are returning. Just select any assets and click the gear button next to the asset to see the output from the command.
//asset.resultsForQid(45017).toString();
//
// Find all assets where the QID 45017 contains the text "CPE".
// If the contents of QID 45017 contains the string "CPE" then apply the tag. In this case the name the tag is "Has CPE"
//if(asset.resultsForQid(45017).contains("CPE")) return true;
// Find all assets where the QID 45017 does not contain the text "CPE".
// If the contents of QID 45017 does not contain the string "CPE" then apply the tag. In this case name the tag is "No CPE"
if(!asset.resultsForQid(45017).contains("CPE")) return true;
// Find all assets where the QID 45017 does not contain the text "cpe:/o:microsoft:windows_7::sp1:x64:".
// If the contents of QID 45017 does not contain the string "cpe:/o:microsoft:windows_7::sp1:x64:" then apply the tag. In this case name the tag is "Windows 7 SP1 64-bit"
//if(!asset.resultsForQid(45017).contains("cpe:/o:microsoft:windows_7::sp1:x64:")) return true;
//
// Else return false.
// This next line is not specifically needed but I like to keep my code explicit.
return false;