Network Passive Sensor can see traffic flows between two types of IP addresses. These IP addresses can be internal (within your network) or external (outside your network).
You can configure how you want to categorize your assets discovered by the sensors while monitoring traffic flow. All these assets are listed in the Assets tab of Global IT Asset Inventory.
Assets can be defined as Internal Assets, Excluded Assets, and External Assets.
Define Internal IP ranges that you want to monitor. IP addresses in these internal ranges will be individually tracked for traffic analysis and inventoried in detail.
While registering a sensor, in Define Internal Assets step, you can add IP ranges within your network to monitor. The assets discovered for these IP addresses will be individually inventoried and tracked for traffic analysis. You'll be able to select IP ranges from default list or can create custom IP ranges.
Alternatively, you can add internal assets, simply go to Configuration > Internal Assets > Create New.
Here, you’ll define the IP ranges within your network you want to monitor. The assets discovered for these IP addresses will be individually inventoried and tracked for traffic analysis. You can use default IP ranges, IP range tags, or customized IP ranges options to define range of internal assets. Select Inventory these assets check box for marking inventoried assets.
To complete the sensor setup and to start sensing assets you must define Internal Asset ranges. The passive sensor senses all the traffic that you have mirrored. However, by defining internal asset ranges, you choose the assets you want to monitor and report on.
1 - Use Default Internal Ranges
This option defines internal assets discovered within default internal ranges for your network. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset.
2 - Use IP-Range Tags
This option defines internal assets discovered with IP range tags. These are the dynamic tags created with ‘IP Address In Range(s)’ rule engine. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset. Click Select Tags to select IP tags from the list of tags for which you want to define internal asset.
3- Custom Ranges
This option defines internal assets discovered with custom IP ranges. You can provide IP ranges for monitoring. Click Select Sensors to select sensor from the list of sensors for which you want to define internal asset.
Define the assets you want to exclude from the inventory. The assets discovered for these addresses will be masked as "Excluded" in traffic summary.
To add excluded assets, simply go to Configuration > Excluded Asset > Add.
Define the external sites you want to monitor. These sites will be reported individually for traffic summary however; these will not be inventoried like the internal assets.
To add external assets, simply go to Configuration > External Asset Group > Add.
All these discovered assets are reported to Qualys Asset Inventory where you can see detailed information about them as well as traffic summary, etc.
If an asset discovered by Passive Sensor is already known by active scans or by cloud agents then it is considered a managed asset and the asset data is correlated and merged. If the asset is previously unknown, then it is placed in the unmanaged list of assets.
In the Inventory column of Asset Inventory, the Asset the source is marked as Passive Sensor to indicate that the asset was discovered by a passive sensor.