Just want to share a solution to what I think could be a common problem for others.
We've got a naming convention in place for Asset Groups which is based on subnets scanned.
The naming convention requires AGs start with the 2 letter ISO country code indicating the country that the subnet is allocated in. e.g.
and so on.
In order to report per geo/country, I recently needed to create tags that included all the assets in AGs per country code.
- The tag "US" should be applied to all assets in US_SUBNET1_SCAN_INTERNAL and US_SUBNET2_SCAN_INTERNAL
- "IN" for all assets in IN_SUBNET1_SCAN_INTERNAL and IN_SUBNET2_SCAN_INTERNAL
- "NZ" for all assets in NZ_SUBNET1_SCAN_EXTERNAL and NZ_SUBNET2_SCAN_EXTERNAL
I could of course hard code all the asset group names,
but that would be silly, because it means if I (or someone else) added a new asset group, we would have to remember to update the asset tags as well. Managing Qualys is not a full time role at our organisation, and therefore there is a high likelihood that someone would forget to update tags when adding asset groups. Besides, why should humans have to do a machines job?
Luckily, the methods available for Groovy scripts were recently made public.
After some discussions with support, the solution was to use a regular expression with the new Groovy script method: asset.tags
Below is the Groovy script I ended up using, to achieve my goal. It should be easy to modify the regular expression to suit your specific naming convention or use case.
This works really well and now all anyone needs to do is add assets into existing asset groups or create new groups per naming convention, and they would get auto-tagged based on your location / reporting rules.
You can of course setup business units etc, but in practice it is overhead just to manage them, and I haven't really seen too many organisations derive value from setting up business units etc.
Hope this helps someone!