Is there a way where we can add only the live IPs to an asset group directly after performing a discovery scan?
Why dont you scan the whole range. The live ones only will get scanned and once scanned you can TAG them. Tag is way more flexible than AssetGroup anyway. btw Qualys charges for live IP's scanned and not dead IP's.
That would be a great feature. You can put in a feature request with your TAM. Also, there is not a good way to do an automated discovery or asset management within Qualys. How are you doing your asset discovery?
Currently I have a report template configured for live IP generation and using API, I take in the discovery scans as input and output it to asset group from which my vulnerability scans kick off. Let me know if you think of a better approach/alternative
I gotta work/experiment on the tagging feature.
Additionally, I'm working on splitting the scans into multiple scans rather than have one large scan. factors considered - scan time slots, scanner appliances for respective subnets
my asset group approach is only bcoz I do discovery and vulnerability scans separately.
If you do your discovery and vuln scans separately, then you will be good. Definitely look at the tagging closely.
Retrieving data ...