Tracking your hosts by host ID

Document created by Qualys Documentation Employee on Mar 1, 2013Last modified by Qualys Documentation Employee on Jul 15, 2014
Version 3Show Document
  • View in full screen mode

You can track your hosts by host ID using the Agentless Tracking feature. When enabled, we'll tag target Windows and/or Unix hosts with a unique host ID during a scan and then report the host ID for the current and future scans of the same host. This option allows you to scan systems with multiple IP addresses and parse the results in order to consolidate all vulnerability data for a particular host ID. This feature is available for vulnerability scans and compliance scans.

 

Step 1: Accept Agentless Tracking

Go to Scans > Setup and click the Agentless Tracking option. This option is only available to the Manager primary contact for the subscription.

 

agentless_tracking.png

In the Setup window, click the Accept button to allow the service to write a host ID on your systems.

 

agentless_tracking2.jpg

 

Step 2: Edit Authentication Records

Agentless Tracking must be enabled in your Windows and/or Unix authentication records for the hosts you want to track by host ID. Go to Scans > Authentication. Create a new record or edit an existing record and select the option "Enable agentless tracking" under Login Credentials. In the Unix record tell us where to write the host ID.

 

agentless_ tracking_auth.jpg

 

Where is the host ID stored?

On Windows systems, the host ID is stored in the registry under:

Key: HKLM\SOFTWARE\Qualys

Value Name: HostID

 

On Unix systems, the host ID is stored at the path entered in the Unix authentication record. A directory called "qualys" will be created with the file "hostid" at the specified location.

 

Step 3: Launch a Scan

Launch or schedule a scan on the hosts you want to track by host ID. For a vulnerability scan, be sure to choose an option profile with Windows and/or Unix authentication enabled. In your scan results, the host ID is reported in QID 45179 "Report Qualys Host ID value" (with the Information Gathered checks).

 

agentless_ tracking_results.jpg

 

Step 4: View Host Information

After the scan you'll see the host ID in your host information. Go to Assets > Host Assets. Click ico_info.jpg for the host you're interested in, and then look at the value called QG HostID under General Information.

 

agentless_ tracking_host_info.jpg

 

Can I remove the host ID from my hosts?

Yes. Go to Scans > Setup > Agentless Tracking and click the Cleanup button. Then run another scan on your hosts with the Agentless Tracking feature turned on in the authentication record. This allows us to find the existing host IDs on your systems and remove them.

Attachments

    Outcomes