You can track your hosts by host ID using the Agentless Tracking feature. When enabled, we'll tag target Windows and/or Unix hosts with a unique host ID during a scan and then report the host ID for the current and future scans of the same host. This option allows you to scan systems with multiple IP addresses and parse the results in order to consolidate all vulnerability data for a particular host ID. This feature is available for vulnerability scans and compliance scans.
Step 1: Accept Agentless Tracking
Go to Scans > Setup and click the Agentless Tracking option. This option is only available to the Manager primary contact for the subscription.
In the Setup window, click the Accept button to allow the service to write a host ID on your systems.
Step 2: Edit Authentication Records
Agentless Tracking must be enabled in your Windows and/or Unix authentication records for the hosts you want to track by host ID. Go to Scans > Authentication. Create a new record or edit an existing record and select the option "Enable agentless tracking" under Login Credentials. In the Unix record tell us where to write the host ID.
Where is the host ID stored?
On Windows systems, the host ID is stored in the registry under:
Value Name: HostID
On Unix systems, the host ID is stored at the path entered in the Unix authentication record. A directory called "qualys" will be created with the file "hostid" at the specified location.
Step 3: Launch a Scan
Launch or schedule a scan on the hosts you want to track by host ID. For a vulnerability scan, be sure to choose an option profile with Windows and/or Unix authentication enabled. In your scan results, the host ID is reported in QID 45179 "Report Qualys Host ID value" (with the Information Gathered checks).
Step 4: View Host Information
After the scan you'll see the host ID in your host information. Go to Assets > Host Assets. Click for the host you're interested in, and then look at the value called QG HostID under General Information.
Can I remove the host ID from my hosts?
Yes. Go to Scans > Setup > Agentless Tracking and click the Cleanup button. Then run another scan on your hosts with the Agentless Tracking feature turned on in the authentication record. This allows us to find the existing host IDs on your systems and remove them.