AnsweredAssumed Answered

Searching for if IP exists in an asset group

Question asked by derekv on Dec 19, 2018
Latest reply on Dec 26, 2018 by derekv

Had a weird one tossed at me today that face value I thought was super simple, but actually took me a little longer to remember how to figure out... As such, I figure I would document my process and share in case the situation ever comes up for anyone else or see if someone knows a better way...

 

Was asked why I wasn't reporting vulns on a few hosts that were all mirrors of a system that had vulns... First step was pull up asset search, search for the IPs in question (we track based on IP), and what do you know... No results. Alright my search continues... Try going to "Asset Groups" and search but oh no! There is no search based on IP... I could probably guess which asset group the IPs should be in; however, we have an older account that has seen many admins over the years so I really don't want to play the guessing game... T

 

o the api I go. API has the "IP List" call which I thought was promising... Nope, only returns IPs that have a record in your account... Not those that are in an asset group and have been scanned but not found to be live... My quest continues... Then it dawns on me, the dreaded "Host Assets" tab... The tab I never go into... As previously mentioned, we have a rather mature account so I rarely, if ever, have to add new hosts to our account. And like that, my quest was complete. You can search for IPs in your account via the Host Assets tab under Assets in the VM module. From there, if the IP exists in your account, you can look at the info and see the asset groups it belongs to.

 

Personally, I would love an easier more reportable way to get this data. For instance, if I am being audited and am challenged as to if I am scanning X IPs, I could run the report and in fact show I am scanning them but no live host is being found... Ideally, the report would also include the AG that the IPs belong to so I could tie it back to scheduled scans I am doing... I know under the Scans tab under Scans in VM I can search based on Target and that would show the targets... But I am a lazy man... Perfect world, I could search my AGs and a report would show me that the IPs are in AGs, just nothing being found... 

 

Or who knows, maybe the functionality exists already and I just need more coffee. DMFezzaReed, know of any default way in Qualys to pull the info in a lazy fashion?

 

Regardless, hopefully this post saves someone some time in the future. 

Outcomes