View Assets in GAV

The Inventory > Assets tab gives you asset information, such as identity, running services, installed software, open ports, users, and more. The GAV gives you deep visibility into your assets granting you a detailed, multidimensional view of each one that encompasses both its IT and security data. You can flag issues such as configuration problems, security risks, IT policy violations and regulatory non-compliance with an asset profile that includes a wealth of data.

Assets tab gives you an overview of assets in your organization.

(1) Search for assets using a Qualys Query Language (QQL) query for a specific timeframe. For more information, see Qualys Query Language. Note: For all the date-related tokens, the date search is evaluated only for UTC format. The actual search results might show you the date as per your time zone.

(2) View bar charts for the top hardware and operating system categories. Click a specific bar from the chart to view the list of assets. For more information on the categories, see the Usage Guides - Hardware and Operating System in the Appendix.

(3) View the total assets matching your search criteria and the asset manufacturer and asset tags with their count of assets from the left pane. Click the count of assets to view the list of assets.

(4) View assets details, add static tag and purge asset for the asset from the Quick Actions menu. In a single operation, you can add tags to a maximum of 100 assets. If you select more than 100 assets, 'Add Tags' action will be disabled. You can not purge GCP assets using on-demand method (from Inventory > Assets) tab. You can activate passive sensor assets by clicking the 'Activate' option under Quick Actions menu. But you can’t activate the ICS assets.

(5) View asset criticality score for the assets. For more information, see Asset Criticality Score.

(6) Asset Risk Score of the asset. For more information, see Asset Risk Score.

(7) Shows different sources from where the asset was collected. For a particular source, you can hover on the icon to see the first found and last seen date. Aggregate first found and last seen dates for all sources are displayed under the list of icons in the local timezone. We also display the aggregate UTC time of first found and last seen dates for all assets on hovering over the (i) icon. Refer the screenshots below. 

8) Group assets based on criteria or categories, such as External Attack Surface, Operating System, Hardware, AWS, and so on. As shown in the following  example, for some of the categories, further subcategories are also available.

Group Assets by

(9) You can activate passive sensor unmanaged assets by clicking the "Activate" option under the Quick Actions menu. You can add IPs of passive sensor unmanaged assets to be scanned by Policy Compliance (PC) or Vulnerability Management (VM) module, or both, by clicking the "Activate" option under the Quick Actions menu.

Activate Passive Sensor Assets

Note:

- Assets that are tagged with ICS_OCA tag are sensitive in nature, for example, OT assets such as PLCs. Actively scanning such sensitive assets might potentially bring them down. So, the "Activate" option is not visible for all such assets.

- Assets that are sensitive in nature can also be reported by passive sensors deployed in OT networks. The "Activate" option is not visible for such assets as well.

Activation Disabled for Passive Sensor Assets

Asset Details

This section gives you detailed and consolidated view for an asset with information of asset inventory, security posture, compliance posture, and sensor information to all interfaces for the assets. This detailed information includes IT and security data. This helps user to understand the security risks, policy and compliance violations, IT data such as licenses, end of life dates, network connections. Users can flag issues and any such problems.

To view asset details, navigate to Inventory > Assets and then click View Details under the Quick Actions menu for an asset. You are navigated to the Asset Summary of that asset. You can see details, such as EC2 Activity, Identification information, and tags assigned to that asset.

Note: From the tags section, by clicking Add Tags, you can add static and dynamic tags to that asset. Also, by clicking Remove Tag, you can remove the static tag that is assigned to that asset. Note that you cannot remove dynamic and system-defined tags assigned to that asset. The Remove Tag option is shown only for static tags.

Remove Static Tags

Expand the following sections to view more information:

InventoryInventory

Asset Inventory gives you deep visibility into the assets, granting you a detailed, multidimensional view of each one that encompasses its IT data such as:

- Asset Summary: Gives you detailed information to identify the asset, activity on that asset, last location from where the asset was accessed and different tags assigned to the asset. You can also add tag to the asset from this page.

- System Information: Gives you system information such as hardware specifications (detailed information for operating system, hardware, volumes, processors, etc.), services, and users. For all assets, except the ICS_OCA tagged assets, you can submit your feedback by clicking ‘Give Feedback’. For more information about ICS_OCA tag, see Manage Asset Tags.

 With the PS 1.5.0.0 release, the "Unmanaged" asset listing view is now homogenized as per the "Managed" and "All" asset listing view page. The Operating System Confidence and Hardware Confidence are no more shown in the "Operating System" and "Hardware" columns on the asset listing view page. The OS Confidence as was seen under the "Passive Sensor Assets" dropdown prior to PS 1.5.0.0 is no longer shown in the left side pane. Instead, confidence is shown on the “System Information” page of the asset details in the "Operating System" and "Hardware" tiles".

OS Confidence

- Network Information: Gives you information for the network connection to the asset.

- Open Ports: Gives you list of open ports and services running on those ports.

- Installed Software: Gives you list of software installed on the asset. This helps you identify the software version, end of license date, etc. For PC-enabled subscriptions, you can see the running instances of middleware technologies auto-discovered by the cloud agent (only Windows and Linux platforms) with inventory scan.  Refer to the article which lists the middleware technologies that are auto-discovered by Cloud Agents for Policy Compliance (PC).

You can also download a list of software in the Application/Others category installed on the asset by clicking on the download icon, as shown in the following screenshot. 

Select the timezone from the drop-down list to use it in the report for the dates and choose available download formats (CSV, HTML, XML). Click Download button.

In the following example shown, for the “qualys-virtual-machine” asset, you can see “Apache Tomcat Server” middleware technology has 1 running instance.

Middleware Instances

Find where your assets are located!

We’re now tracking geolocation of your assets using public IPs. Asset Geolocation is enabled by default for US based customers. For an asset that has an associated public IP, you’ll see its last location on a world map in Asset Details > Asset Summary.

How it works

- We’ll check the asset’s network interfaces for a public IP

- Asset that has an agent installed - we’ll check the IP reported by the agent

- AWS/EC2 asset - we’ll use the EC2 instance public IP

- Asset associated with a network - we will look for a public IP associated with the scanner used

If no public IP is found, we’ll show the location as unknown.

Want to enable (or disable) Asset Geolocation? Sure no problem. Just contact Qualys Support or your Qualys Account Manager and we’ll help you out.

This asset was last seen in Columbus, Ohio at 3:06 pm.

geo location of the asset

SecuritySecurity

This section lists security posture for the asset. It gives summarized view for potential and confirmed vulnerabilities on the asset. You can view vulnerability details, apply patches and monitor possible malware.

ComplianceCompliance

This section shows compliance posture by a policy or all policies in your subscription.

SourcesSources

Agent Summary gives information of the agent from where the asset is collected.

Summary gives information of different sensors and external sources.

The "Passive Sensor" page provides the details of the sensor that reported the asset. However, ICS_OCA tagged assets are created from the project file that is uploaded by the user in the "ICS module".  Hence, the passive sensor information is not applicable for such assets and therefore not shown on the 'Passive Sensor' page.

Sensor details for passive sensors

For assets to download the Assets list where a particular asset is installed. Click the Download Icon on the asset details page as highlighted in the screenshot below.

Select the timezone from the drop-down list to use it in report for the dates and choose available download formats (CSV, HTML, XML). Click Download button.

Download Format

Asset Criticality Score

With GAV, you can apply tags manually or configure rules for automatic classification of your assets in logical, hierarchical, business-contextual groups. Assign Business Criticality through tags to establish priorities, and automatically calculate the asset criticality score of an asset based on highest aggregated criticality. For more information, check out this tutorial!

Asset Criticality Score Tutorial

Once you've created tags with asset criticality score and added tags to the asset, the asset criticality score of the asset will be calculated. For more information related to defining asset criticality score for the tag, refer to the Configure Tags section.

In the following example, asset has three tags with asset criticality score - 5, 4, and 3. So the criticality score of the asset is 5 (the maximum asset criticality score among the three tags).

If the tags associated with your assets do not have criticality score set, by default the asset criticality score '2' will be applied to that asset.

Asset criticality score

Asset Risk Score

Asset Risk Score (ARS) is categorized as Low, Medium, High, and Severe base on the calculated score between 0 to 1000. The following screenshot gives detailed information on the Asset Risk Score (ARS) formula and other details.

Asset Risk Score

The Inventory > Assets tab gives you asset information with the overall risk score assigned to the asset based on the following contributing factors:

a. Asset Criticality Score (ACS)

b. Risk (QID) scores for each severity level (Critical [C], High [H], Medium [M], Low [L])

c. Auto assigned weighing factor (w) for each criticality level of QIDs

Also, click on the asset to view the Asset Risk Score on the Asset Details page, as highlighted in the following screenshot.

Activate Passive Sensor Asset

This feature is available with Passive Sensor (PS) version 1.5.0.0 or later.

To activate  passive sensor unmanaged assets, click the Activate option from the Quick Actions menu of the asset from the inventory list. You can add IPs of passive sensor unmanaged assets to be scanned by Policy Compliance (PC) or Vulnerability Management (VM) module, or both, by clicking the "Activate" option under the Quick Actions menu.

Note:
- Assets that are tagged with ICS_OCA tag are sensitive in nature, for example, OT assets such as PLCs. Actively scanning such sensitive assets might potentially bring them down. So, the "Activate" option is not visible for all such assets.

 - Assets that are sensitive in nature can also be reported by passive sensors deployed in OT networks. The "Activate" option is not visible for such assets as well.

Activate passive sensor assets

You can select modules for which you want the asset to be activated. Once you activate the asset for the module, the IP of that asset is added for the Policy Compliance (PC) or Vulnerability Management (VM) scan.

Search Actions

The Inventory > Asset and Software tab gives you the flexibility to create the widget from query. Click Create Widget from Query to quickly build a widget from the search query you have built.

Alternatively, you can build your widget from the Dashboard tab. Go to the Dashboard tab and click the Add Widget icon. From the "Add or Customize Dashboard Widget Templates" page, click Build your widget.

Note: You can create the widget from the query using the Assets as well as Software.

The widget builder is displayed with pre-populated search query. You can give a name and description to the widget. If you want to show description on widget and widget representation, enable the checkboxe Show description on widget and select the Widget Representation as Regular or Summary.

Select Display results as Assets to add your query and widget for ALL, Managed, and Unmanaged assets.

To add your query and widget to show the Group by details, you must click Bar, Table, or Pie. Select the required option from the Group by list then.

Group by

For Multi-Grouped representation, click Multi-Grouped and then click the Group by 2 (X-axis 2) link. The Group By 2 list is shown. Select the required option from the Group By 2 list then.

 Group By 2