AnsweredAssumed Answered

Rebuilding...Tagging

Question asked by John Sponheimer on Nov 2, 2018
Latest reply on Nov 5, 2018 by John Sponheimer

Like • Show 0 Likes0
Comment • 4

I am jotting some ideas down for a rebuild of the Tagging and the like. How I get some of the data you great guys have produced previously.

What is your methodology on designing your Tagging?

I am curious on how you guys delineate things...

tag

OS - Servers

OS - Servers - Windows

OS - Servers - Windows - 2000

OS - Servers - Windows - 2003

OS - Servers - Windows - 2008

OS - Servers - Windows - 2012

OS - Servers - Windows - 2016

OS - Servers - Linux

OS - Servers - Linux - CentOS

OS - Servers - Linux - CentOS - version x

OS - Servers - Linux - CentOS - version y

OS - Servers - Linux - Red Hat

OS - Servers - Linux - Red Hat - version x

OS - Servers - Linux - Red Hat - version y

OS - Servers - Unix

OS - Servers - Unix - HPUX

OS - Servers - Unix - HPUX - version x

OS - Servers - Unix - HPUX - version y

OS - Servers - Unix - FreeBSD

OS - Servers - Unix - FreeBSD - version x

OS - Servers - Unix - FreeBSD - version y

OS - Servers - Unix - AIX

OS - Servers - Unix - AIX - AIX x

OS - Servers - Unix - AIX - AIX y

Printers

Networking

iOS

Android

VMware

Databases

WebServers

Application X (important)

Domain Controllers

Citrix

DMZ

Mail Servers

Location X

Location Y

No one else has this question

Outcomes

Busby Nov 2, 2018 8:38 AM

I might approach it different but it really does depend on your environment and how you are going to want people to focus.

General philosophy in Qualys is only one attribute to a TAG which is good in theory and for the most part this works well but not always.

You could have an Operating System TAG and then sub Tags by OS; you might turn on the CPE of the OS as well; then you could have a TAG for say ALL Windows

Now you might have a separate TAG for Applications

So top level (root) would be Applications->Application #1 and then how you apply the tag, could be by IP, Netbios, etc...

I have some TAGS by Services then a sub tag for Telnet, a sub tag for SMBv1 etc.. This not only allows me to do a targeted scan where I scan everything with the TAG SMBv1 AND TAG Server as an example

Plus then you can build dashboards and reports based on the tags. Needless to say it does take a LOT more thought that I seem to have spent on it.

Best of luck.

4 people found this helpful

Actions

John Sponheimer @ Busby on Nov 2, 2018 8:50 AM

Thanks for your thoughts. I am gathering alot of tidbits here and there from the community here.

I am still a little hazy on some things inside of Qualys and the like...but using it will help with that.

After reading I am leaning towards something like this

OS
(subtags going possibly deep, windows, unix, linux)

Services
(subtags and possible sub-sub tags for things like WebServers [Apache and IIS], Mailservers [exchange, etc], Important Application X [text, prod if the subdivision is really needed], DMZ, Domain Controllers, plus some you highlighted, like telnet, smbv1, etc)

Investigate
(numerous sub tags that have items that might be related to "failures" or obvious problems that need to get resolved to better have them get scanned, etc...for instance authentication failure tags..etc)

Location
(sub tags for each of the locations)

Authentication Related (maybe)

(tags showing authentication related results)

Question is where do I put things like Printers, Routers, insert non-standard devices outside servers....

4 people found this helpful

Actions

John Sponheimer @ DMFezzaReed on Nov 5, 2018 4:38 AM

I will be digging into those Debra thanks! (It never stops)

1 person found this helpful

Actions

4 Replies

Busby Nov 2, 2018 8:38 AM
Mark Correct
Correct Answer
I might approach it different but it really does depend on your environment and how you are going to want people to focus.
General philosophy in Qualys is only one attribute to a TAG which is good in theory and for the most part this works well but not always.

You could have an Operating System TAG and then sub Tags by OS; you might turn on the CPE of the OS as well; then you could have a TAG for say ALL Windows

Now you might have a separate TAG for Applications
So top level (root) would be Applications->Application #1 and then how you apply the tag, could be by IP, Netbios, etc...

I have some TAGS by Services then a sub tag for Telnet, a sub tag for SMBv1 etc.. This not only allows me to do a targeted scan where I scan everything with the TAG SMBv1 AND TAG Server as an example

Plus then you can build dashboards and reports based on the tags. Needless to say it does take a LOT more thought that I seem to have spent on it.

Best of luck.
4 people found this helpful
Like • Show 3 Likes3
Actions
- John Sponheimer @ Busby on Nov 2, 2018 8:50 AM
  Mark Correct
  Correct Answer
  Thanks for your thoughts. I am gathering alot of tidbits here and there from the community here.
  
  I am still a little hazy on some things inside of Qualys and the like...but using it will help with that.
  
  After reading I am leaning towards something like this
  
  OS
  (subtags going possibly deep, windows, unix, linux)
  
  Services
  (subtags and possible sub-sub tags for things like WebServers [Apache and IIS], Mailservers [exchange, etc], Important Application X [text, prod if the subdivision is really needed], DMZ, Domain Controllers, plus some you highlighted, like telnet, smbv1, etc)
  
  Investigate
  (numerous sub tags that have items that might be related to "failures" or obvious problems that need to get resolved to better have them get scanned, etc...for instance authentication failure tags..etc)
  
  Location
  (sub tags for each of the locations)
  
  Authentication Related (maybe)
  (tags showing authentication related results)
  Question is where do I put things like Printers, Routers, insert non-standard devices outside servers....
  4 people found this helpful
  Like • Show 3 Likes3
  Actions
DMFezzaReed Nov 4, 2018 2:18 PM
Mark Correct
Correct Answer
Recommended Reads:
Asset Tags: Are You Getting The Best Value?
Dashboard Toolbox - NEW IG QIDs for Microsoft OS...Enrich Your Queries
https://discussions.qualys.com/community/asset-inventory/tags#/?tags=asset_tagging
3 people found this helpful
Like • Show 2 Likes2
Actions
- John Sponheimer @ DMFezzaReed on Nov 5, 2018 4:38 AM
  Mark Correct
  Correct Answer
  I will be digging into those Debra thanks! (It never stops)
  1 person found this helpful
  Like • Show 2 Likes2
  Actions

Rebuilding...Tagging

Outcomes

Related Content

Recommended Content