I am trying to tag using the CPE and it simply will not do it.
I can create an asset search using the cpe and receive 300 records as expected. When click the create tag button it tags all of my assets(+3000). When I go edit the created tag rule the xml does not contain any CPE entry.
Is anyone else having this issue? I would be happy to manually add this xml but do not know the proper variable for "OS CPE".
I also wanted to do this and figured out how using the Groovy Script dynamic tag feature. The "ah ha" moment was when I figure out that the CPE information is returned in QID 45017. I have a set of tags based on this around CPE values. I have condensed the multiple tags into a single script and added extra comments in bold to explain how it works.
// Skip testing on any non-VM hosts.
// Only check assets that are hosts.
if(asset.getAssetType()!=Asset.AssetType.HOST) return false;
// Test command to view returned data.
//I remove the comment the next line and comment out every line below this one the one below when I want to test what my scripts are returning. Just select any assets and click the gear button next to the asset to see the output from the command.
//asset.resultsForQid(45017).toString();
//
// Find all assets where the QID 45017 contains the text "CPE".
// If the contents of QID 45017 contains the string "CPE" then apply the tag. In this case the name the tag is "Has CPE"
//if(asset.resultsForQid(45017).contains("CPE")) return true;
// Find all assets where the QID 45017 does not contain the text "CPE".
// If the contents of QID 45017 does not contain the string "CPE" then apply the tag. In this case name the tag is "No CPE"
if(!asset.resultsForQid(45017).contains("CPE")) return true;
// Find all assets where the QID 45017 does not contain the text "cpe:/o:microsoft:windows_7::sp1:x64:".
// If the contents of QID 45017 does not contain the string "cpe:/o:microsoft:windows_7::sp1:x64:" then apply the tag. In this case name the tag is "Windows 7 SP1 64-bit"
//if(!asset.resultsForQid(45017).contains("cpe:/o:microsoft:windows_7::sp1:x64:")) return true;
//
// Else return false.
// This next line is not specifically needed but I like to keep my code explicit.
return false;