AnsweredAssumed Answered

Qualys asset grouping of large networks

Question asked by Lin Xin Koh on Jul 3, 2014
Latest reply on Jul 8, 2014 by Mal

Hi!

 

Assuming my network is pretty large e.g. a 10.0.0.0/8 and have 20 scanner appliances available for this subnet. If I wish to divide them into 4 asset groups with 5 scanner appliances each, I could do divide the subnet into 4 "equal" parts below and assign them like this to the 4 asset groups

 

 

10.0.0.0-10.63.255.255 (AG1)

 

10.64.0.0-10.127.255.255 (AG2)

 

10.128.0.0-10.191.255.255 (AG3)

 

10.192.0.0-10.255.255.255 (AG4)

 

However, from previous scan results, it seems that while the asset groups look balanced, the number of live hosts differs greatly for each asset group, making the scan times for some groups long, and some short. What I would like to achieve here is approximately equal scan times for each asset group.

 

Of course, the best idea would be to "know" exactly how many live hosts there are in each smaller subnet, which I do not think can be done before a scan is run?

 

Alternatively, assuming most of the ip addresses assigned are static, is it possible to extract the ip addresses of the live hosts found during a previous scan, and then do some magic with them?

 

I guess a more general question is, because Qualys will only utilise the top 5 scanner appliances in an asset group, how do I ensure distributed scanning across all my scanner appliances in a such a large network? The conventional way of dividing into several smaller subnets do not really work well.

 

Thanks all for your help!

Outcomes