I am jotting some ideas down for a rebuild of the Tagging and the like. How I get some of the data you great guys have produced previously.
What is your methodology on designing your Tagging?
I am curious on how you guys delineate things...
OS
OS - Servers
OS - Servers - Windows
OS - Servers - Windows - 2000
OS - Servers - Windows - 2003
OS - Servers - Windows - 2008
OS - Servers - Windows - 2012
OS - Servers - Windows - 2016
OS - Servers - Linux
OS - Servers - Linux - CentOS
OS - Servers - Linux - CentOS - version x
OS - Servers - Linux - CentOS - version y
OS - Servers - Linux - Red Hat
OS - Servers - Linux - Red Hat - version x
OS - Servers - Linux - Red Hat - version y
OS - Servers - Unix
OS - Servers - Unix - HPUX
OS - Servers - Unix - HPUX - version x
OS - Servers - Unix - HPUX - version y
OS - Servers - Unix - FreeBSD
OS - Servers - Unix - FreeBSD - version x
OS - Servers - Unix - FreeBSD - version y
OS - Servers - Unix - AIX
OS - Servers - Unix - AIX - AIX x
OS - Servers - Unix - AIX - AIX y
Printers
Networking
iOS
Android
VMware
Databases
WebServers
Application X (important)
Application X (important)
Application X (important)
Domain Controllers
Citrix
DMZ
Mail Servers
Location X
Location Y
I might approach it different but it really does depend on your environment and how you are going to want people to focus.
General philosophy in Qualys is only one attribute to a TAG which is good in theory and for the most part this works well but not always.
You could have an Operating System TAG and then sub Tags by OS; you might turn on the CPE of the OS as well; then you could have a TAG for say ALL Windows
Now you might have a separate TAG for Applications
So top level (root) would be Applications->Application #1 and then how you apply the tag, could be by IP, Netbios, etc...
I have some TAGS by Services then a sub tag for Telnet, a sub tag for SMBv1 etc.. This not only allows me to do a targeted scan where I scan everything with the TAG SMBv1 AND TAG Server as an example
Plus then you can build dashboards and reports based on the tags. Needless to say it does take a LOT more thought that I seem to have spent on it.
Best of luck.