We had a requirement come up to scan our network for wireless devices on a regular basis. I'm trying to figure out if we can leverage Qualys scans to do the checking for us, instead of investing in infrastructure to monitor the airwaves.
Practically speaking, is using QID 105194 & 78032 for reporting a viable way to detect Wireless devices, leveraging data from existng scans? We run a variety of internal scans every month, so my thought was to just look for these QIDs in the existing results. It was easy to build the report template, and we found a few devices that turned out to be false-positives. We opened a case to get those tuned out.
The alternative is to run separate scans each month. We built a scan profile that uses all of the QIDs that are related to specific wireless devices (like 43010 through 43015 and 32 others), but this doesn't seem as efficient. It takes a long time to run and rescans all the assets we are already touching. It's yet-another-scan to run, and it's a set of specific QIDs that might not match everything that seems to be a wireless device.
Has anyone else worked through this process?