Qualys Vulnerability Management comes with the Map: a feature with which to discover what your scanners can discover about the target network they are given.
The target of a Map can be specified in two ways:
- Domains/Netblocks: the specific, most granular definition of the perimeter in which to look for live systems.
- Asset Groups: a symbolic container that includes one or more of either Domains/Netblocks and/or IP addresses.
- Scanning uses IP addresses, usually as ranges. Never Domains. Never netblocks.
- Mapping uses Domains, and possibly also Netblocks. Can also use Scanning IP Ranges in-lieu of netblocks.
You might have observed that "netblocks" and "IP address ranges" are very similar in appearance and purpose, and yet Qualys uses two different names for what appears to be the same thing. The different names are to make sure it is easy to understand what is meant and how this information is used.
Step 1: Add a Domain
Scan and Map both require you to first add targets to your subscription that you wish to scan. In Scan you may be used to adding IPs, but for the Map you'll need to add "Domains".
In order to Map your internal perimeter, I suggest you work with the "none" Domain. Any other Domain, such as "corp.com" will trigger the scanner into running DNS queries. If you want to find resources because the domain name exists, then this is perfectly reasonable. However, if you are using a fake name, beware that this may result in superfluous DNS queries being sent.
I suggest you add "none:[10.0.0.0-10.255.255.255]".
We are using the reserved word domain name "none" to suppress DNS queries and providing the complete 10/8 range - even if we have no intention of mapping all 16 million addresses. We may only be wanting to Map parts of this network - the next steps will show you how.
Step 2: Create an Asset Group
Since we want to Map only a specific subnet or site, we'll use an Asset Group to represent this perimeter.
Give the new Asset Group a name that represents the perimeter you want to Map.
Then select the global "none" Domain that we created previously:
Use the "Edit" link to change the netblock of the "none" Domain we just added:
Edit the netblock (i.e. the IP address range) to reflect the IPs that you actually want to include during the Map that represent the target perimeter (such as "10.1.1.0-10.1.1.255"):
Select the Appliance that is deployed for this perimeter:
Save this Asset Group. Create another Asset Group for the second perimeter, such as "Site Charly" such as "10.3.0.0-10.3.255.255, 10.4.5.0-10.4.5.255":
Notice how with a comma we can include multiple IP or ranges inside one netblock definition - ranges do not need to be contiguous.
This will give us two Asset Groups:
Configure a new scheduled Map in the Scans section.
Use the two Asset Groups we just created to launch two scans against two distinct perimeters with two distinct Appliances at the same time: