AnsweredAssumed Answered

best practices/questions on asset tagging, maps, and scans

Question asked by Michael Dickey on Mar 13, 2018

Just to get these at the top, these are some of my questions:

 

1- When does tagging occur? Does it happen with manual/ad hoc vuln scans? I suspect my recurring light scans are replacing operatingSystem tags on my assets with ambiguous ones...

2- How do others handle the ambiguous OS results, such as "Windows 2012 R2/8.1 with dynamic tagging using regex?

 

What I do is the following:

  • set up a small number of Domains that include the subnets I want to discover assets in.
  • a map scan that runs every day against each Domain to discover assets.
  • manually review the map scan results, and any new asset that is not Approved, I Approved and assign to one of a small number of Asset Groups. My Asset Groups are based on network location (Geo1-DMZ, Geo1-Internal, Geo2-DMZ, etc).
  • a weekly light Vuln Scan (with no authentication) for each Asset Group. The goal of this is just a quick scan to do OS detection and begin assigning Asset Tags.
  • a monthly full Vuln Scan (with authentication) on my major Asset Tags (Geo1-DMZ-Windows, Geo1-DMZ-Linux, Geo1-DMZ-Others, etc). This is designed to catch everything identified from scans above.
  • I plan to use only Asset Tags for all reports.

 

Thank you for any insight!

Outcomes