>
Deduplication of Unmanaged Assets

Deduplication of Unmanaged Assets

An asset in Qualys platform is considered managed if it is reported to Qualys platform either by active scanning or when Qualys Agent installed on the asset reports it. When CAPS functionality is activated on the Cloud Agents, it passively identifies assets in the neighborhood and deduplicates assets identified with managed assets. Such deduplicated assets are displayed in the managed inventory.

Deduplication with managed assets uses basic asset identity parameters such as the MAC address and hostname.

CAPS always reports assets with MAC addresses. If MAC is reported for the managed asset, then CAPS deduplicates unmanaged asset that it identified, with managed asset using MAC.
If hostname but no MAC is discovered for the managed asset and hostname is identified by CAPS, then CAPS deduplicates asset that it identified, with managed using the hostname.

IP based deduplication is currently not implemented in CAPS.

CAPS triggers the deduplication only when it receives an update from the CAPS-activated agent that reports the asset. This means that CAPS evaluates the deduplication logic for merging the unmanaged asset it detected with the managed asset only when CAPS binary reports the asset update.

For example, CAPS unmanaged asset is created at time T1 with hostname H1 and a managed asset is created at time T2 with hostname H1. As deduplication is not triggered yet, the managed asset is shown in the managed inventory with hostname H1 and CAPS reported asset is shown in the unmanaged inventory with the same hostname H1.

At a later time say T3, CAPS reports the same asset again, it deduplicates the managed and unmanaged assets with matching hostnames H1 and the asset is shown only in the managed inventory.