Configure Assets

Network Passive Sensor can see traffic flows between two types of IP addresses. These IP addresses can be internal (within your network) or external (outside your network).

You can configure how you want to categorize your assets discovered by the sensors while monitoring traffics flow. All these assets are listed in the Assets tab of Global AssetView/CyberSecurity Asset Management.

Assets can be defined as Internal Assets, Excluded Assets, and External Assets.

Internal Assets

To add internal assets, simply go to Configuration > Internal Assets > Add.
default_ip_range

Here, you define the IP ranges within the network you want to monitor. The assets discovered for these IP addresses will be individually inventoried and tracked for traffic analysis. You can use default IP ranges, IP range tags, or customized IP range options to define the range of internal assets. NPS inventory the assets for the IP ranges configured in the Internal Asset IP Range when the default option under Do you want to Inventory the assets is set to Yes.

Select No if you want to monitor the traffic flows to/from the configured IP ranges but not track them in the asset inventory. If you have selected No while registering virtual sensors, you can always edit the sensor configuration later to add assets for the IP ranges to the inventory.

You must define the internal asset ranges to complete the sensor setup and start sensing assets. The passive sensor senses all the traffic that you have mirrored. However, by defining internal asset ranges, you choose the assets you want to monitor and report on.

  1. Default IP Ranges
    This option defines internal assets discovered within default internal ranges for your network. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset.
    configure_asset.
  2. IP-Range Tags
    This option defines internal assets discovered with IP range tags. These are the dynamic tags created with ‘IP Address In Range(s)’ rule engine. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset.
    Click Select IP Ranges to select IP tags from the list of tags for which you want to define internal asset.
    use_ip_range_tags_internal
  3. Custom IP Ranges
    This option defines internal assets discovered with custom IP ranges. You can provide IP ranges for monitoring. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset.
    use_custom_internal

Excluded Assets

Here, you define the IP ranges or MAC addresses to be excluded from the inventory. The assets discovered for these addresses are masked as Excluded in the traffic summary.

To add excluded assets, simply go to Configuration > Excluded Assets > Add.
configure_excluded_assets

Monitor External Assets

Here, you define the external sites you want to monitor. These sites are reported individually for traffic summary; however, they do not be inventoried like the internal assets.

To add external assets, simply go to Configuration > Monitor External Assets > Add.
configure_external_assets

General Settings

  • You can help Qualys NPS to enhance the operating system and device prediction of the asset by providing fingerprint data.
  • You can set up notifications for events like Driver Change Required, Reboot Required, and Asset Reporting Stopped to be sent to your email address.

You can see the latest events generated in the events section of the sensor details page.
event_generated

Exclusion

You can exclude specific hostnames when merging unmanaged assets or merging them into managed assets.

General Configuration

Qualys NPS service utilizes the data gathered from traffic flows to predict the OS and hardware. NPS does not collect any user-specific sensitive data. It collects the protocol-specific data gathered from packet headers. These pacaket headers are transparently displayed to the customer in the asset's Raw Discovery Data (in the CSAM/GAV > Asset Details > System Information > View Raw Information Data section).

NPS service identifies patterns in this data to predict OS and device models. There is always a scope for improving pattern recognition to detect more OS and device models.

Once consent is given, Qualys can collect the asset's metadata and utilize it to enhance predictions of OS and device models in future releases.

Perform the following steps to configure the general settings.

  1. Navigate to Configuration > General Settings > General configuration.
  2. To give consent to Qualys to access the metadata, toggle Access to Fingerprint Data to allow access.
  3. Go to the Recipients text box and add the e-mail. You can add multiple e-mails using comma separated.
  4. Click Save.

Once you add the recipients, they receive the events in their e-mail inbox.
configure_excluded_hostnames

Exclusion

You can configure hostnames that need to be excluded while merging unmanaged assets or merging unmanaged assets into managed assets.

The hostnames provided here are case-insensitive. When a new hostname is added to the exclusion list, make sure first to purge the asset created for that hostname.

Also, you can configure hostnames that need to be excluded while de-duplicating unmanaged assets or de-duplicating unmanaged assets into managed assets. The hostnames provided here are case-insensitive. When a new hostname is added to the exclusion list, make sure first to purge the asset created for that hostname. Refer to the following screenshot for configuring excluded hostnames.
exclusion

 Contact Qualys Customer Support to get hostnames deleted to avoid duplication in the future.

Related Topic

Network Configurations

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.