We have Cloud Agents on all assets then run and authenticated scan to get remote exploit information. The hope is that a if we have agentless tracking set up ( hositd in /etc/qualys) and cloud agent unified view that we will see just one asset in Assetview with a unified view of the vulnerabilities from cloud agent and the scan
The authenticated scan shows the information about QID 45179. I think agentless tracking is set up correctly. However if I make sure that only the cloud agent is visible in AV before the scan, after the scan a second asset appears. This is not what I expected. If I do a report on the IP address it shows results from two instances of the IP address
Maybe my understanding is incorrect. Should I just see one asset in AV combining the information from the cloud agent and the authenticated scan?