Getting Started with Agentless Tracking Identifier
Click here to view navigation pane

Get Started with Agentless Tracking Identifier

With Agentless Tracking Identifier, you can track hosts by host ID, instead of relying on the IP address (or DNS name or NetBIOS name) to identify the host. When enabled, we'll tag target Windows and/or Unix hosts with a unique host ID during the scanning process and report on the host ID for the current and future scans of the same host. This provides a scan option for those who want to scan systems with multiple IP addresses and parse the results in order to consolidate all vulnerability data for a unique host ID.

Tip - We recommend the use of Agentless Tracking Identifier for customers with a DHCP environment. This will allow users to track each host using a unique ID, and will prevent multiple asset entries for the same host with different IP addresses.

Good to Know

- Only the Manager primary contact for the subscription can accept or decline Agentless Tracking Identifier.

- Only the Manager primary contact for the subscription can perform cleanup actions to remove host IDs from systems.

- This feature is supported for both vulnerability scans and compliance scans.

- This feature is not available to Express Lite users.

 

Get Started

Step 1: Accept Agentless Tracking IdentifierStep 1: Accept Agentless Tracking Identifier

This action can only be taken by the Manager primary contact for the subscription.

The Manager primary contact for the subscription can enable the Agentless Tracking Identifier feature by going to Assets > Setup > Asset Tracking & Data Merging > Unique Asset Identifier tab and clicking the Accept Agentless Tracking Identifier radio button.

At any time, the Manager primary contact can decline and cleanup to remove the unique asset UUID from your systems during the next scans on your hosts using respective radio buttons.

Choose Decline Agentless Tracking Identifier radio button if you do not agree to use agentless tracking identifier.

Choose Decline Agentless Tracking Identifier & Cleanup radio button if you do not agree to use agentless tracking identifier to remove the unique asset UUID from your systems during the next scans on your hosts.

Step 2: Edit Authentication RecordsStep 2: Edit Authentication Records

This action can be taken by any user with permission to edit authentication records.

Agentless Tracking Identifier must be enabled in the Windows and/or Unix authentication records for the hosts you want to track by host ID. Go to Scans > Authentication. Create a new record or edit an existing record and select the option "Enable agentless tracking" under Login Credentials.

Where is the host ID stored on Unix systems?Where is the host ID stored on Unix systems?

In your Unix record, tell us where to store the host ID. For example, enter the path /etc. A directory called "qualys" will be created at your specified location with the file "hostid".

Where is the host ID stored on Windows systems?Where is the host ID stored on Windows systems?

On Windows systems, the host ID is stored in the registry under:

Key: HKLM\SOFTWARE\Qualys
Value Name: HostID

Why don't I see the Agentless Tracking option in my records?Why don't I see the Agentless Tracking option in my records?

You will not see this option until the Agentless Tracking feature has been accepted at the subscription level by the Manager primary contact. See the previous step.

Step 3: Run a ScanStep 3: Run a Scan

Start a scan on the hosts you want to track by host ID.

For a vulnerability scan, you must select an option profile with Windows and/or Unix authentication enabled. The host ID is reported in QID 45179 "Report Qualys Host ID value". This QID appears in your scan results in the list of Information Gathered checks.

Step 4: View Host InformationStep 4: View Host Information

Once a host ID has been added to a host during a scan, you can view it on the Host Information page. Go to Assets > Host Assets. Click Info icon for the host you're interested in. Look at the value called Qualys Host ID (below the Operating System) in the General Information section.

Can I remove the host ID from my hosts?Can I remove the host ID from my hosts?

This action can only be taken by the Manager primary contact for the subscription.

To perform a cleanup action:

- The Manager primary contact for the subscription can start a cleanup action by going to Assets > Setup > Asset Tracking & Data Merging > Unique Asset Identifier and selecting the Decline Agentless Tracking Identifier & Cleanup radio button.

- Run another scan on your hosts with the Agentless Tracking feature turned on in the authentication record. This allows the service to find the existing host IDs on your systems and remove them.