Configure Assets

Network Passive Sensor can see traffic flows between two types of IP addresses. These IP addresses can be internal (within your network) or external (outside your network).

You can configure how you want to categorize the assets discovered by the sensors while monitoring traffic flow. All these assets are listed in the Assets tab of Global AssetView/CyberSecurity Asset Management.

Assets can be defined as Internal Assets, Excluded Assets, and External Assets.

Internal Assets

To add internal assets, go to Configuration > Internal Assets > Add.default_ip_range

Define the IP ranges within the network you want to monitor. The assets discovered for these IP addresses are individually inventoried and tracked for traffic analysis. You can use Default IP Ranges, IP range Tags, and Custom IP Ranges options to define the range of internal assets. NPS inventory assets for the IP ranges configured in the Internal Asset IP Range when the default option under Do you want to Inventory the assets? Is set to Yes.

Select No if you want to monitor the traffic flows to/from the configured IP ranges but not track them in the asset inventory. You can edit the sensor configuration later to add assets for the IP ranges to the inventory if you selected No while registering virtual or physical sensors.

You must define the internal asset ranges to complete the sensor setup and start sensing assets. The passive sensor senses all the traffic that you have mirrored. However, by defining internal asset ranges, you choose the assets you want to monitor and report on.

  1. Default IP Ranges

    This option defines internal assets discovered within your network's default internal ranges. Click Select Sensors to select a sensor from the list for which you want to define an internal asset.
    configure asstes.

  2. IP Range Tags

    This option defines internal assets discovered with IP range tags. These are the dynamic tags created with ‘IP Address In Range(s)’ rule engine. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset. Click Select IP Ranges to select IP tags from the list of tags for which you want to define internal asset.use_ip_range_tags_internal.

  3. Custom IP Ranges

    This option defines internal assets discovered with custom IP ranges. You can provide IP ranges for monitoring. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset. use_custom_internal

Excluded Assets

Here, you can define the IP ranges or MAC addresses to be excluded from the inventory. The assets discovered for these addresses are masked as Excluded in the traffic summary.

To add excluded assets, simply go to Configuration > Excluded Assets > Add.configure_excluded_assets

Monitor External Assets

Here, you can define the external sites you want to monitor. These sites are reported individually for traffic summary; however, these cannot be inventoried like the internal assets.

To add external assets, simply go to Configuration > Monitor External Assets > Add.define_external_assets.png

General Settings

The general Settings tab consists of two sub-tabs: General Configuration and Exclusion.

General Configuration

  • By providing fingerprint data, you can help Qualys NPS enhance the operating system and device prediction of the asset
  • You can set up notifications for events like Driver Change Required, Reboot Required, and Asset Reporting Stopped to be sent to your email address.

You can see the latest events generated in the events section of the sensor details page.event_generated

Exclusion

You can exclude specific hostnames when merging unmanaged assets or merging them.

General Configuration

Qualys NPS service uses traffic flow data to predict the OS and hardware. NPS does not collect any user-specific sensitive data. It collects the protocol-specific data gathered from packet headers, which are transparently displayed to the customer in the asset's Raw Discovery Data (in the CSAM/GAV > Asset Details > System Information > View Raw Information Data section) into managed assets.

NPS service identifies patterns in this data to predict OS and device models. There is always a scope for improving pattern recognition to detect more OS and device models. Once consent is given, Qualys can collect the asset's metadata and utilize it to enhance predictions of OS and device models in future releases.

Perform the following steps to configure the general settings:

  1. Navigate to Configuration > General Settings > General Configuration.
  2. To give consent to Qualys to access the metadata, toggle Access to Fingerprint Data to allow access.
  3. Go to the recipient’s text box and add the e-mail or you can add multiple e-mails using comma separated. Click Save.
    configure_excluded_hostnames

You can configure hostnames that need to be excluded while merging unmanaged assets or unmanaged assets into managed assets. The hostnames provided here are case-insensitive. When a new hostname is added to the exclusion list, make sure first to purge the asset created for that hostname. Refer the following screenshot for configuring excluded hostnames.

Also, you can configure hostnames that need to be excluded while de-duplicating unmanaged assets or de-duplicating unmanaged assets into managed assets. The hostnames provided here are case-insensitive. When a new hostname is added to the exclusion list, ensure first to purge the asset created for that hostname. Refer to the following screenshot to configure the excluded hostnames.

exclusion

Related Topic

Network Passive Sensor Tour

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.