Asset Tracking and Data Merging

You’ll notice host results from your scans and agents are displayed separately in reports and asset views by default. You can choose to merge host results to get unified views of your assets. Just follow these steps.

Run scans using Agentless Tracking

Once your hosts are scanned using Agentless Tracking they are tracked by asset UUID.

What are the steps? Only the Manager primary contact for the subscription can go to Assets > Setup > Asset Tracking & Data Merging > Agentless Tracking Identifier. Then complete the setup instructions in the online help link before scanning.

Asset Tracking & Data Merging

Host data from agents is tracked and merged by a unique Qualys asset UUID with different options.

What are the steps? Any Manager can go to Assets > Setup > Asset Tracking & Data Merging > Asset Tracking & Data Merging and select appropriate options to merge and track the data.

 

Each option is described below to help you better understand how assets will be tracked and the number of asset records that may be created as a result of your selection.

Option 1: Do not merge data

With this option, we will not merge scan results from agent scans and IP scans. You’ll get a separate asset record for each agent and scanned IP interface of an asset. Multiple interfaces will be maintained separately.

Good to Know - Mobile laptops will create multiple asset records based on the IPs they report from scans. Thus, for a single machine, you can have multiple asset records.  

Asset records:

Asset1: Agent scanned asset (Tracking Method: Agent UUID)

Asset2: IP 1 (Tracking Method: IP)

Asset3: IP 2 (Tracking Method: IP)

Asset4: IP 3 (Tracking Method: IP)

...

Option 2: Merge data by scan method

With this option, data will be merged based on the scanning method. You can end up with 2 asset records for the same machine. All scanned interfaces of an asset will be merged into a single asset record (tracked by IP). You will get a separate asset record (tracked by agent UUID) from the cloud agent scan results. Results of network scans and agent data will NOT be merged together.

Good to Know - Multiple interface systems will have single IP tracked asset record and vulnerabilities from different interfaces will not be tracked separately. Thus, for the same machine, you’ll have 2 asset records at the most (if an agent is installed).  

Asset records:

Asset1: Agent scanned asset (Tracking Method: Agent UUID)

Asset2: IP 1, IP 2, IP 3 (Tracking Method: IP)

 

Option 3: Merge data for a single unified view

With this option, you’ll get a single asset record with results from cloud agent scans and results from all scanned IP interfaces merged for a single unified view of the asset. Assets with a cloud agent will be tracked by agent UUID and assets without a cloud agent will be tracked by IP.  

Good to Know - If machines are cloned, various machines with the same unique asset UUID will be merged into a single asset record.

Asset record:  

Asset1: Agent UUID, IP1, IP2, IP3 (Tracking Method: Agent UUID or IP)

 

Option 4: Enable smart merging  

This option is a hybrid approach that will allow customers to maintain their multi-home servers without agents AND user endpoints with agents. We’ll automatically detect whether a cloud agent is installed and merge results into a single unified view of the asset *only* when an agent is found. Assets with a cloud agent will be tracked by agent UUID and all the scanned interfaces of an asset without a cloud agent will be tracked by IP.  

Good to Know - When you enable smart merging, we will automatically choose between merging Option 1 and merging Option 3.

- For multi-home servers with an agent installed, you’ll get a single asset record with results from cloud agent scans and results from all scanned IP interfaces merged for a single unified view of the asset (same as Option 3).

- For endpoints without agents having multiple interfaces (for example, LAN & Wifi) or roaming laptops, you’ll get a separate asset record for each scanned IP interface of the asset. Multiple interfaces will be maintained separately (same as Option 1).

Asset records if an agent is found:

Asset1: Agent UUID, IP 1, IP 2, IP 3 (Tracking Method: Agent UUID)

Asset records if an agent is not found:

Asset1: IP 1 (Tracking Method: IP)

Asset2: IP 2 (Tracking Method: IP)

Asset3: IP 3 (Tracking Method: IP)

...

 

Looking for more help?

Agentless Tracking Identifier setup instructions

Reporting on agent hosts