I have a question. Over the last year or so I have been working with Qualys and our remediation team and have noticed that there are some issues within our Vulnerability management module. For one I am starting to Question the validity of my data, especially on our workstations. When we set up our Qualys account the person in charge of the account set up our tracking to be done by IP address. Now on our Servers that's fine as we statically assign IP address to our servers, but our workstation are assigned their IPs by DHCP. What I am questioning when a device is moved from one building to another or is renamed how do I know that past and current scan results are going to the right device?
for the record we do not use Cloud Agents.
Should we be tracking at least the Workstations by some other method such as NetBIOS name or DNS name? would that clean up our data?