I'd like to set up a service that combines an external nmap scanner with the Qualys API to dynamically tag all assets that are found. This has a lot of obvious benefits, like quickly noticing that a dev server is visible when it shouldn't be for example.
The problem I'm faced with is how to translate the external IPs to their corresponding internal IPs so that Qualys can tag them.
Is this possible? If so what information do I need? The first idea that popped into my head is to have every asset discover it's public IP and report back but that's impractical for a dozen reasons. I'm open to ideas, simple or not.