Qualys Network Passive Sensor helps you to automatically detect, and profile devices connected to your network, eliminating blind spots across your IT environment and gaining visibility to all known and unknown assets in your network. Network Passive Sensor (PS) monitors network activity without any active probing of the device in order to detect the active assets in your network. It also identifies key device attributes that help the PS Micro services on the cloud platform to catalog the devices into operating system / hardware categories. PS also monitors the traffic flow and reports it to application helping identify the amount of chatter between communicating endpoints.
- continuously monitors all network traffic and flags any asset activity
- identifies and profiles devices the moment they connect to the network, including those difficult to scan, corporate owned, brought by employees, and rogue IT. The asset metadata is sent immediately to the Qualys Cloud Platform for centralized analysis.
- enriches existing asset inventory with additional details, such as recent open ports, traffic summary, network services and applications in use. Helping you gain a deeper understanding of an asset and its activity on the network in near-real time.
- identifies assets that for different reasons can't be actively scanned or monitored with agents. That's often the case with assets like industrial equipment, IoT and medical devices.
- aggregates and correlates the data gathered by all Qualys sensors - Qualys Passive Sensors, the Qualys network sensors and the Qualys Cloud Agent - giving you a comprehensive, detailed inventory of all your hardware and software, as well as a multi-dimensional view of your global, hybrid IT environment.
The Network Passive Sensor (physical or virtual) is placed inside your network and takes snapshots of the data flowing over the network. It extracts metadata from these snapshots and sends them to the Qualys Cloud Platform for analysis.
Assets discovered by Passive Sensor are reported to Qualys Asset Inventory where you can see information about them. If an asset discovered by Passive Sensor is already known by active scans or by cloud agents then it is considered a managed asset and the asset data is correlated and merged. If the asset is previously unknown, then it is placed in the unmanaged list of assets.
Qualys Network Passive Sensor is available as a physical or virtual sensor.
- Virtual Sensor: Hypervisor Support for VMware ESXi 6.0 - 6.5 and Microsoft Hyper-V
- Physical Sensor: 1Gbps, 4Gbps, and 10Gbps
Centralized sensor management, including software updates, from the Qualys Cloud Platform for convenience.
For more information about network placement, sensor sizing, mirroring traffic, etc, refer to:
To know about the requirements and how to setup the physical appliance, refer to:
To know about the requirements and how to setup the virtual appliance, refer to:
It's easy to get started with Qualys Network Passive Sensor.
- Set up network passive sensors (virtual or physical) in your network
- Define your Assets to be monitored for Traffic Flow
You can configure how you want to monitor traffic flow on assets discovered using the sensors.