Has anyone been able to tag assets with a defined tag based on if they were scanned by an External Qualys scanner appliance?
My reasoning for this is to tag assets that are detected during external perimeter scans as "INET_EXPOSED" so I can pull periodic inventories and vulnerability reports. This also helps keep network/firewall teams honest when they say something is no internet facing.
At this time, there isn't a flag based on the Scanner Appliance that we can use for tagging.
How about tagging based on IP ranges? I'm guessing there must be a well-defined set of IP's that have been publicly exposed.