Concern: We have seen agents "break" such that they continue to check-in but are not providing updated vulnerability data and we need a way to find and track those systems. Our current tracking solution is a Qualys Dashboard to list systems tagged with "Cloud Agent", a "lastCheckedIn" within the past week, but no "lastVmScanDate" within the past two weeks. (those specific timeframes are somewhat arbitrary)
Scanning Posture: We currently have agents deployed across all supported platforms. We also execute weekly authenticated network scans. Leveraging Unified View, we only have a single host record that is updated by both the agent and network scans.
Problem: Since unified view would be updating the "lastVmScanDate" field when an authenticated network scan is executed, we are likely missing systems with agents that aren't actively scanning. How can we better define our query to ensure we capture those systems with broken agents?
Is there an agent specific analog to "lastVmScanDate"?