Network Passive Sensor

Qualys Network Passive Sensor helps you to detect automatically, and profile devices connected to your network, eliminating blind spots across your IT environment and gaining visibility to all known and unknown assets in your network. Network Passive Sensor (NPS) monitors network activity without any active probing of the device in order to detect the active assets in your network. It also identifies key device attributes that help the PS Microservices on the cloud platform to catalog the devices into operating system/hardware categories. PS also monitors the traffic flow and reports it to the application, helping identify the amount of chatter between communicating endpoints.

What are the Benefits?

• Monitors all network traffic and raises an alert for any asset-related activity that requires attention.
• Identifies and profiles devices the moment they connect to the network, including those difficult to scan, corporate-owned, brought by employees, and rogue IT. The asset metadata is sent immediately to the Qualys Cloud Platform for centralized analysis.
• Enriches existing asset inventory with additional details, such as recent open ports, traffic summary, network services and applications in use. Helping you gain a deeper understanding of an asset and its activity on the network in near-real time.
• Identifies assets that for different reasons can't be actively scanned or monitored with agents. That's often the case with assets like industrial equipment, IoT, and medical devices.
• Aggregates and correlates the data gathered by all Qualys sensors - Qualys Passive Sensors, the Qualys network sensors and the Qualys Cloud Agent - giving you a comprehensive, detailed inventory of all your hardware and software, as well as a multi-dimensional view of your global, hybrid IT environment.

How Does it Work?

The Network Passive Sensor (physical or virtual) is placed inside your network and takes snapshots of the data flowing over the network. It extracts metadata from these snapshots and sends them to the Qualys Cloud Platform for analysis.

Assets discovered by Passive Sensor are reported to Qualys Asset Inventory where you can see information about them. If an asset discovered by Passive Sensor is already known by active scans or by cloud agents then it is considered a managed asset and the asset data is correlated and merged. If the asset is previously unknown, then it is placed in the unmanaged list of assets.

Sensor Deployment Options

Qualys Network Passive Sensor is available as a physical or virtual sensor.

• Virtual Sensor: Hypervisor Support for VMware ESXi 6.0 - 6.5 and Microsoft Hyper-V
• Physical Sensor: 1Gbps, 4Gbps, and 10Gbps

Centralized sensor management, including software updates, from the Qualys Cloud Platform for convenience.

For more information about network placement, sensor sizing, mirroring traffic, etc, refer to:

Getting Started Guide

To know about the requirements and how to setup the physical appliance, refer to:

Physical Appliance User Guide

To know about the requirements and how to setup the virtual appliance, refer to:

Virtual Appliance User Guide

Get Started

It is easy to get started with Qualys Network Passive Sensor.

• Set up network passive sensors (virtual or physical) in your network

  Setup Virtual Sensor

  Setup Physical Sensor

• Define your Assets to be monitored for Traffic Flow

You can configure how you want to monitor traffic flow on assets discovered using the sensors.

Configure my assets