We leverage the Qualys cloud agent on all hosts in the DMZ and do not perform any authenticated scans from a physical appliance in the DMZ. In doing so we have one less set of credentials to worry about in the DMZ. With that being said, I have no idea how to generate a scan report on a single host that has the agent installed without creating very specific tags. If I use the default "cloud agent" tag it will return info on all hosts. Makes sense so far. The next logical step would be to run a scan report based off a single IP, however, all of the agents are behind an F5 and they all show the same IP. I am not sure if this is a config issue on our end or not.
The only way I can think of is to create a tag based off of a host name... which would be cumbersome.