Asset groups give you a convenient way to make logical groupings of the assets you want to scan and report on. You can add your assets (hosts, domains, appliances) to multiple groups as needed.
Check out these videos:
Asset groups
How to use asset groups?
Go to Assets > Asset Groups. Select New > Asset Group. To edit an existing asset group, select Edit from the Quick Actions menu.
It's simple. Go to the IPs section to add IPs and go to the Domains section to add domains. Enter or select the IPs and domains you want to add. You can even copy IPs from another asset group. Then save your group.
By adding appliances you can manage which appliances are used for scanning the hosts defined in your asset group.
You have these options:
1) Scan your asset group using appliances in the group. By default up to 5 appliances will be used, and this can be customized for your account. Learn more
2) Scan your asset group using the default appliance in the group.
The business information you provide can be used later when reporting on the hosts in the asset group.
Select a business impact levelSelect a business impact level
The business impact level you select is automatically applied to all hosts in the group. Business impact levels determine which asset groups are most critical to your organization. The higher the impact level, the higher the potential for business loss if compromised. For example, you may apply a higher impact level to a group of Linux servers running mission critical applications than to a group of desktop systems. If you do not assign an impact level to the asset group, then a level of High (or its equivalent) is used. (Tip: Managers can customize the business impact titles by going to VM/VMDR > Reports > Business Risk Setup.)
Enter values for Division, Function and LocationEnter values for Division, Function and Location
When generating scorecard reports you can filter the hosts included in your reports by this business information. For example, only include asset groups where the Division is set to Finance, or only include asset groups where the Division is set to Finance and the Function is On-line Banking.
If CVSS Scoring is enabled for the subscription, you'll see the option to set CVSS environmental metrics in the Business / CVSS Info section. Your selections will be used in reporting when determining the CVSS score for the hosts in this asset group.
Tell me about CVSS environmental metricsTell me about CVSS environmental metrics
CVSS Environmental Metrics capture the characteristics of a vulnerability that are associated with the user's IT environment. The values defined for the asset group apply to all hosts in the asset group.
Collateral Damage Potential represents the possibility for loss in physical equipment and property damage. See possible valuesSee possible values
Not Defined. Assigning this value to the metric will not influence the score. It is a signal to the CVSS scoring equation to skip the metric.
None. There is no potential for loss of life, physical assets, productivity or revenue.
Low. A successful exploit of this vulnerability may result in slight physical or property damage. Or, there may be a slight loss of revenue or productivity to the organization.
Low-Medium. A successful exploit of this vulnerability may result in moderate physical or property damage. Or, there may be a moderate loss of revenue or productivity to the organization.
Medium-High. A successful exploit of this vulnerability may result in significant physical property damage or loss. Or, there may be significant loss of revenue or productivity to the organization.
High. A successful exploit of this vulnerability may result in catastrophic physical or property damage or loss. Or, there may be a catastrophic loss of revenue or productivity to the organization.
Target Distribution represents the relative size of the field of the target systems susceptible to the vulnerability. See possible valuesSee possible values
Not Defined. Assigning this value to the metric will not influence the score. It is a signal to the CVSS scoring equation to skip this metric.
None. No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk.
Low. Targets exist inside the environment on a small scale. Between 1% - 25% of the total environment is at risk.
Medium. Targets exist inside the environment on a medium scale. Between 26% - 75% of the total environment is at risk.
High. Targets exist inside the environment on a considerable scale. Between 76% - 100% of the total environment is at risk.
The following Security Requirements metrics enable users to customize the final CVSS score, depending on the importance of the affected host to the user's organization.
Confidentiality Requirement represents the impact that loss of confidentiality has on the organization or individuals associated with the organization (for example employees, customers).
Integrity Requirement represents the impact that loss of integrity has on the organization or individuals associated with the organization (for example employees, customers).
Availability Requirement represents the impact that loss of availability has on the organization or individuals associated with the organization (for example employees, customers).
The possible values that may be assigned to the Security Requirements metrics are listed below.
Not Defined. Assigning this value to the metric will not influence the score. It is a signal to the CVSS scoring equation to skip this metric.
Low. Loss of requirement is likely to have only a limited adverse effect on the organization or individuals associated with the organization (for example employees, customers).
Medium. Loss of requirement is likely to have a serious adverse effect on the organization or individuals associated with the organization (for example employees, customers).
High. Loss of requirement is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (for example employees, customers).
If you have the Scan by Hostname feature, you'll see the option to add DNS and NetBIOS hostnames to the asset group. Add DNS names to the DNS section and NetBIOS names to the NetBIOS section. Only Managers can edit these sections of the asset group. You must also add a scanner appliance to the group. The scanner appliance must be able to resolve the hostnames in the group to their IP addresses.
Can I also add IPs to the group?Can I also add IPs to the group?
Yes. When the asset group is scanned, all assets in the group will be scanned, including DNS and NetBIOS hostnames and IP addresses.
Make sure hostnames are formatted correctlyMake sure hostnames are formatted correctly
When you add DNS and NetBIOS hostnames, validation will occur to make sure the hostnames are formatted correctly. If the hostnames do not meet the requirements below, then an error will appear. Correct the formatting and try again.
A DNS hostname must follow the formatting requirements of an FQDN (Fully Qualified Domain Name). The hostname may include 2 or more labels separated by a dot. Each label may include up to 63 characters, including alphanumeric characters and hyphens as long as the label doesn't start or end with a hyphen. The last label (the one furthest to the right) must include 2 or more characters and can only be alphabetic characters.
Here are some examples of acceptable DNS hostnames:
qualys.com
corp.qualys.com
host30-2-100.corp.qualys.com
A NetBIOS hostname may include up to 15 alphanumeric characters and these special characters:
! @ # $ % ^ & ( ) - _ ' { } . ~
Learn more about Scan by Hostname
A Manager can see this information when editing an asset group. Go to the Users section, select a user from the list and click the View button to see more information about the user account.
Managers and Unit Managers have the option to change the asset group owner when editing an asset group (not during creation). Edit the group and select a user from the Owner menu. The possible assignees listed in the Owner menu depends on the role of the manager making the change, and the current owner's role and business unit.
See possible ownersSee possible owners
Asset groups may be owned by Managers, Unit Managers and Scanners.
|
User Taking Action |
Current Owner |
Possible New Owner |
|
Manager |
Manager or Scanner in the Unassigned business unit |
Manager or Scanner in the Unassigned business unit |
|
Manager |
Unit Manager or Scanner in a custom business unit |
Manager in the Unassigned business
unit |
|
Unit Manager |
Unit Manager or Scanner in a custom business unit |
Unit Manager or Scanner in the same business unit as the current owner |
Tell me about conflicts with scheduled tasksTell me about conflicts with scheduled tasks
Changing the asset group owner may lead to conflicts with scheduled tasks. Conflicts occur when an asset group is no longer available to the owner of a scheduled task with the asset group specified as the target.
After you save the asset group with the new owner, a confirmation page appears with messages to assist you in resolving conflicts with scheduled tasks. Click the View Report button to see a list of scheduled tasks affected by the change. Then edit each scheduled task to assign a new target. If the scheduled task is left without a valid target before the next scheduled run time, then the scheduled task is automatically deactivated and the task owner is notified by email.
After changing ownership from a Scanner to a Unit Manager or Manager, the new owner may choose to edit the user's account and assign the asset group back to the user to avoid conflicts.
Ownership change from Unit Manager to ManagerOwnership change from Unit Manager to Manager
When you change the asset group owner from Unit Manager to Manager, the asset group automatically remains in the business unit so that users in the business unit can continue using it.
Show the ID column on the asset groups list. Go to the Tools menu above the list (on the right side) and select Columns > ID. You'll also see the ID in the preview pane and in the Asset Group Information page.
Go to Assets > Asset Groups. Select the check boxes for one or more asset groups in the list and then choose Delete from the Actions menu above the list. You'll get a confirmation window with a "View Report" button that lets you see the objects (i.e. business units, scheduled tasks, report templates, etc) that are still associated with an asset group being deleted. We recommend you clean up the objects by assigning new asset groups to them before proceeding. Deleting asset groups could result in empty or invalid business units and report templates. Scheduled tasks left without a target are automatically deactivated at the next scheduled run time.
When Asset Tagging is enabled for your subscription, the system creates an asset tag in AssetView for each asset group in your subscription. You cannot delete system generated tags from AssetView but when you delete an asset group, the corresponding tag is also deleted.
Keep in mind Managers assign asset groups to a business unit, giving BU users access to the hosts, domains, appliances in these asset groups. BU users (Unit Managers, Scanners, Readers) can create personal asset groups including the hosts, domains, appliances in the BU asset groups.
Changes to BU asset groups impact:
- which assets BU users can see, and
- which assets appear in their own personal asset groups
All About Asset Groups | Organizing Assets | Scanning - The Basics | Scan by Hostname | Configure Business Units