AnsweredAssumed Answered

Feature Request: Dynamic Host Tracking & Stale Data Management

Question asked by Qualys_BT on May 7, 2014
Latest reply on May 9, 2014 by Corey Bodzin

I would like to request a feature to add an additional method for tracking hosts. Currently we're limited to IP, DNS, or NETBIOS. I feel that these methods of tracking make it difficult to gain full coverage of the network and can lead to duplication of host data. A fourth option should be added which will dynamically track hosts based off of a combination of items (IP, NETBIOS, Ports, OS etc). For example, not every device on a workstation segment will have a netbios name, if you scan by IP you'll end up with tons of duplicate entries over time due to IP changes. If you select netbios, you'll miss anything that doesnt resolve a netbios name. At the very least we should be able to track by NETBIOS then default back to tracking by IP if a hostname isnt resolved.

 

Also, it would be nice if there was a better way of identifying and managing stale data. Maybe just an extra field to track active vs inactive hosts. This would allow for more control over what's reported without having to purge data. For trending data this could be used to identify the vulnerabilities as closed. For example, if there's a host that has a number of open vulnerabilities and it's identified as a system that can be retired rather than fixed, the data will sit open in the reports eventhough the host has been removed from the network and is no longer a risk. When I generate trend data I would like to be able to show proper historical trends, (correct me if I'm wrong) by purging data it removes that historcal data which would skew the trend.

 

Thanks,

B

Outcomes