View Assets

The Inventory > Assets tab gives you asset information, such as identity, running services, installed software, open ports, users, and more. The GAV gives you deep visibility into your assets granting you a detailed, multidimensional view of each one that encompasses both its IT and security data. You can flag issues such as configuration problems, security risks, IT policy violations and regulatory non-compliance with an asset profile that includes a wealth of data.

Assets tab gives you an overview of assets in your organization.

(1) Search for assets using a Qualys Query Language (QQL) query for a specific timeframe. For more information, see Qualys Query Language. Note: For all the date-related tokens, the date search is evaluated only for UTC format. The actual search results might show you the date as per your time zone.

(2) View bar charts for the top hardware and operating system categories. Click a specific bar from the chart to view the list of assets. For more information on the categories, see the Usage Guides - Hardware and Operating System in the Appendix.

(3) View the total assets matching your search criteria and the asset manufacturer and asset tags with their count of assets from the left pane. Click the count of assets to view the list of assets.

(4) View assets details, add static tag and purge asset for the asset from the Quick Actions menu. In a single operation, you can add tags to a maximum of 100 assets. If you select more than 100 assets, 'Add Tags' action will be disabled. You can not purge GCP assets using on-demand method (from Inventory > Assets) tab. You can activate passive sensor assets by clicking the 'Activate' option under Quick Actions menu. But you can’t activate the ICS assets.

(5) View asset criticality score for the assets. For more information, see Asset Criticality Score.

(6) Asset Risk Score of the asset. For more information, see Asset Risk Score.

(7) Shows different sources from where the asset was collected. For a particular source, you can hover on the icon to see the first found and last seen date. Aggregate first found and last seen dates for all sources are displayed under the list of icons in the local timezone. We also display the aggregate UTC time of first found and last seen dates for all assets on hovering over the (i) icon. Refer the screenshots below. 

8) Group assets based on criteria or categories, such as External Attack Surface, Operating System, Hardware, AWS, and so on. As shown in the following  example, for some of the categories, further subcategories are also available.

Group Assets by

(9) You can activate passive sensor unmanaged assets by clicking the "Activate" option under the Quick Actions menu. You can add IPs of passive sensor unmanaged assets to be scanned by Policy Compliance (PC) or Vulnerability Management (VM) module, or both, by clicking the "Activate" option under the Quick Actions menu.

Activate Passive Sensor Assets

Note:

- Assets that are tagged with ICS_OCA tag are sensitive in nature, for example, OT assets such as PLCs. Actively scanning such sensitive assets might potentially bring them down. So, the "Activate" option is not visible for all such assets.

- Assets that are sensitive in nature can also be reported by passive sensors deployed in OT networks. The "Activate" option is not visible for such assets as well.

Activation Disabled for Passive Sensor Assets

Asset Details

This section gives you detailed and consolidated view for an asset with information of asset inventory, security posture, compliance posture, and sensor information to all interfaces for the assets. This detailed information includes IT and security data. This helps user to understand the security risks, policy and compliance violations, IT data such as licenses, end of life dates, network connections. User can flag issues any such problems.

To view asset details, navigate to Inventory > Assets and then click View Details under the Quick Actions menu for the asset.

Expand following sections to view more information:

Inventory

Security

Compliance

Sources

For assets to download the Assets list where a particular asset is installed. Click the Download Icon on the asset details page as highlighted in the screenshot below.

Select the timezone from the drop-down list to use it in report for the dates and choose available download formats (CSV, HTML, XML). Click Download button.

Download Format

Asset Criticality Score

With GAV, you can apply tags manually or configure rules for automatic classification of your assets in logical, hierarchical, business-contextual groups. Assign Business Criticality through tags to establish priorities, and automatically calculate the asset criticality score of an asset based on highest aggregated criticality. For more information, check out this tutorial!

Asset Criticality Score Tutorial

Once you've created tags with asset criticality score and added tags to the asset, the asset criticality score of the asset will be calculated. For more information related to defining asset criticality score for the tag, refer to the Configure Tags section.

In the following example, asset has three tags with asset criticality score - 5, 4, and 3. So the criticality score of the asset is 5 (the maximum asset criticality score among the three tags).

If the tags associated with your assets do not have criticality score set, by default the asset criticality score '2' will be applied to that asset.

Asset criticality score

Asset Risk Score

Asset Risk Score (ARS) is categorized as Low, Medium, High, and Severe base on the calculated score between 0 to 1000. The following screenshot gives detailed information on the Asset Risk Score (ARS) formula and other details.

Asset Risk Score

The Inventory > Assets tab gives you asset information with the overall risk score assigned to the asset based on the following contributing factors:

a. Asset Criticality Score (ACS)

b. Risk (QID) scores for each severity level (Critical [C], High [H], Medium [M], Low [L])

c. Auto assigned weighing factor (w) for each criticality level of QIDs

Also, click on the asset to view the Asset Risk Score on the Asset Details page, as highlighted in the following screenshot.

Activate Passive Sensor Asset

This feature is available with Passive Sensor (PS) version 1.5.0.0 or later.

To activate  passive sensor unmanaged assets, click the Activate option from the Quick Actions menu of the asset from the inventory list. You can add IPs of passive sensor unmanaged assets to be scanned by Policy Compliance (PC) or Vulnerability Management (VM) module, or both, by clicking the "Activate" option under the Quick Actions menu.

Note:
- Assets that are tagged with ICS_OCA tag are sensitive in nature, for example, OT assets such as PLCs. Actively scanning such sensitive assets might potentially bring them down. So, the "Activate" option is not visible for all such assets.

 - Assets that are sensitive in nature can also be reported by passive sensors deployed in OT networks. The "Activate" option is not visible for such assets as well.

Activate passive sensor assets

You can select modules for which you want the asset to be activated. Once you activate the asset for the module, the IP of that asset is added for the Policy Compliance (PC) or Vulnerability Management (VM) scan.

Search Actions

The Inventory > Asset and Software tab gives you the flexibility to create the widget from query. Click Create Widget from Query to quickly build a widget from the search query you have built.

Alternatively, you can build your widget from the Dashboard tab. Go to the Dashboard tab and click the Add Widget icon. From the "Add or Customize Dashboard Widget Templates" page, click Build your widget.

Note: You can create the widget from the query using the Assets as well as Software.

The widget builder is displayed with pre-populated search query. You can give a name and description to the widget. If you want to show description on widget and widget representation, enable the checkboxe Show description on widget and select the Widget Representation as Regular or Summary.

Select Display results as Assets to add your query and widget for ALL, Managed, and Unmanaged assets.

To add your query and widget to show the Group by details, you must click Bar, Table, or Pie. Select the required option from the Group by list then.

Group by

For Multi-Grouped representation, click Multi-Grouped and then click the Group by 2 (X-axis 2) link. The Group By 2 list is shown. Select the required option from the Group By 2 list then.

 Group By 2