I need to automate the ability to identify any host/device connected to the network. I know I can manually do this but is there a fairly easy way to somewhat automate? I know I can schedule maps but what is te easiest way to do a comparison?
Let me start out by saying that this is a fairly unique request but not one that isn't needed. I like it.
So, we first have to determine what is an authorized device on your network. You can go into map results and mark devices as approved. There, now we have all approved devices on the network.
We run a map and get a list of devices, they will then be either marked approved, or they will not have the approved flag. You can pull map data via the APIs and look at the results and flag any device that isn't approved for further interrogation (you have to build this scripting). Once you have that process built it is just a matter of pulling the data after your maps run.
Qualys has built in differential reporting as well. You could take a map that is just of devices that are approved, and run a differential report comparing your baseline map, with the most recent, and that would also show you devices that are new. You then have to determine are they approved or rogue.
Retrieving data ...