Hello there, I'm trying to find a best way to create an asset tag which looks for specific OS and then picks any host containing CA*. I tried few different methods and none are working so far. Any help would be greatly appreciated!.
cpepper has some excellent articles on TAGGING all the things. Not sure what you mean by CA? If you mean the Cloud Agent then all of your Agents should have a default tag of Cloud Agent. You can also have one or more TAGS added to an asset when an Agent Key is activated.
Then your query might look something like find all assets with TAG: Windows 7 and TAG:Cloud Agent
Let me know if you have more questions, David
So I have Tag created for "Windows 10" and I want to Tag certain host " Host Name" start with CAM*.
So for example Windows 10 hosts name CAM019RTHF-9034
So the goal is to search and Tag ONLY WINDOWS 10 hosts whose name start with CAM(* for Wild Card ) and create a TAG - make sense?
I think I know where you're going with this, or at least what your use case may be, and I like it! Like Busby said, I've got an article that he referenced that may give you some ideas on how to do this. There aren't any use cases in my document that specifically calls out your use case but I think I could work with you on creating this. Hang in there with me and I'll explain a couple things on this:
You want to keep your tags as "general" as possible. For example, you create an asset tag that tags ALL assets where the hostname (or NetBIOS name) begins with, or, contains "CAM". From here, you can use additional tags to narrow your search. Reason for this is to create a scalable asset tagging foundation.
If you want to see ALL assets where the hostname contains "CAM" then you can search for that tag:
This query will include EVERY SINGLE asset where the hostname contains "CAM".
From here, you'd add in additional tags that will narrow down your search even further. For example...
All "CAM" servers (regardless of OS):
tags.name: "CAM" and tags.name: `Type: Server`
Or, "CAM" Windows Servers:
tags.name: "CAM" and tags.name: `OS: Windows Server (ALL)`
Or, "CAM" Windows workstations (regardless of OS):
tags.name: "CAM" and tags.name: `OS: Windows Workstation`
Or, "CAM" Cisco ASA routers:
tags.name: "CAM" and tags.name: `Type: Cisco ASA`
The point is, you don't want to make a tag like this so specific to a particular asset so you can filter from the most broad down to the most specific assets. For example...
"CAM" Linux servers with successful authentication scanning within the last 30 days:
tags.name: "CAM" and tags.name: `OS: UNIX/Linux (ALL)` and tags.name: `Authentication Successful` and lastVmScanDate:[now-30d ... now-1s]
The only way that these tags will be really helpful is if your authentication success rate is high. If Qualys can't find a DNS record for an IP address, the tags we create based on this information won't be applied. You could create a tag that looks at both the DNS hostname and the NetBIOS name. To do this, you could create an asset search. If you know that all hostnames will begin with "CAM" be sure to select the correct option for DNS Hostname and NetBIOS Hostname. Otherwise, select the best option.
Once done, click "Create Tag" at the bottom. The asset tag will be created within AssetView > Assets > Tags under the parent tag "Asset Search Tags".
The tag's rule engine will be "Asset Search" with the following logic:
<?xml version="1.0" encoding="UTF-8"?><TAG_CRITERIA> <DNS_HOSTNAME> <SEARCH_TYPE>BEGINNING</SEARCH_TYPE> <SEARCH_TERM>CAM</SEARCH_TERM> </DNS_HOSTNAME> <NETBIOS> <SEARCH_TYPE>BEGINNING</SEARCH_TYPE> <SEARCH_TERM>CAM</SEARCH_TERM> </NETBIOS></TAG_CRITERIA>
If you only want to use one of the two different attributes (DNS hostname or NetBIOS hostname), you can adjust this in your asset search.
There are a couple different ways I can think of that may work. Let me know how this method works! If you have any questions, please feel free to reach out to me in person by sending me a message from the Qualys Community.
Major Accounts, Solutions Architect
First of all I want to say thank you for the post and solution.
Sorry for the delayed response, I got tangled with something else.
Your solution could work, the only issue I see which preventing me to use it " Create Tag" option is grayed out.
Im not sure how I can use this feature if it wont let me click on it.
No worries at all!! I totally understand!
Make sure that you're not using "Tags" under "Search for". With our current tagging logic, you can't create tags on assets that have tags... If that makes sense . Use "Assets" and be sure to use the "All" asset group.
Retrieving data ...