How to scan IP ranges using asset tags

Document created by Qualys Documentation Employee on Dec 11, 2012Last modified by Qualys Documentation Employee on Jul 15, 2014
Version 4Show Document
  • View in full screen mode

Users have the option to scan IP ranges using asset tags. By selecting the option "Use IP Network Range Tags" you can scan all of the IPs defined in the tag rule even if they don't have the tag assigned. This feature is available for VM and PC for on-demand scans and scheduled scans.

 

Let’s say you have a tag called My Network with the IP range 172.31.254.0-172.31.254.25. You’ve scanned IPs 172.31.254.10 and 172.31.254.20 before and so these hosts have the My Network tag assigned. The other IPs in the range have not been scanned before and do not have the tag.

 

Here's a look at the tag rule for the My Network tag. You can view your tags from the Asset Management application.

 

tag_rule_my_network_cropped.jpg

 

Case 1: You want to scan all IPs in the tag

When you configure your scan, select the option “Use IP Network Range Tags”. The entire IP range 172.31.254.0-172.31.254.25 defined in the tag will be scanned. Hosts in the range that are scanned for the first time will be applied the tag automatically.

 

launch_scan_using_tags.jpg

 

Case 2: You want to scan hosts that are assigned the tag

When you configure your scan, leave the option “Use IP Network Range Tags” unchecked. Only hosts 172.31.254.10 and 172.31.254.20 will be scanned since these are the only hosts in the range that have been scanned before and have the tag assigned.

 

I don't see the "Tags" option when launching scans. How come?

To launch scans using tags, you must have the Asset Tagging feature added to your subscription by an account manager or support. Also a Manager must enable Asset Tagging by opting in to the New Data Security Model by going to Users > Setup > Security. Once properly set up, you'll notice Asset Management appears in your application picker.

Attachments

    Outcomes