How is Asset tagging within Qualys used at UIC?

Tags qualys

Overview

With Qualys, Asset Tags are how we organize our assets for easy sorting, and to be able to view them in the Global IT Asset View easily.

Technology Solutions has created a naming convention for UIC's tagging scheme, with examples of each. This list is a sampling of the types of tags to use and how they can be used. It is not a comprehensive list and units may contact the Security team to discuss creating their own tags as needed.

Example tags in Technology Solutions naming convention

Business Units

The top-level of our users. All Assets will belong to a Business Unit which corresponds to the unit that owns it. All Business Units will have a prefix of 'BU-".

  • BU-COM
  • BU-LAS
  • BU-ACCC

Asset Groups

This defines a group of assets within a Business Unit.  All asset groups will have a prefix of  'AG-'.

  • AG - ACCC
  • AG - Pharmacy Chicago
    • AG- Pharmacy Chicago Static NAT’s

Asset Types

Identifies the type of asset. This allows you to sort your assets quickly. All asset types with have a prefix of 'Type-".

  • Type-Domain Controller
  • Type-ESX Server
  • Type-Server
  • Type-Workstation

Operating Systems

All Operating systems will have a prefix of "OS-".

  • OS-MacOS
  • OS-RHEL 7.x
  • OS-Ubuntu
  • OS-Windows 10
  • OS-Windows Server 2012
  • OS-Windows Servers (ALL)

Data Type

This allows us to organize potentially sensitive data. All data type tags will have a prefix pf “Data-

  • Data-FERPA
  • Data-PHI
  • Data-SSN

Data Classification

How is the data on this asset classified? All data  classification tags will have a prefix of “Class-

  • Class-High-Risk
  • Class-Sensitive
  • Class-Internal

With these asset tags applied to the assets that are added into Qualys, each unit can organize their assets and data related to these assets in order to better use the Qualys system.

Print Article

Related Articles (6)

A step by step guide for creating, running, and scheduling vulnerability scans in Qualys
How to create and run a vulnerability report in Qualys
How to use Qualys Cloud Agent's features and a guide to what the Cloud Agent can do.
Qualys’s Global IT Asset Inventory is a system built into Qualys that allows you view and organize all the assets in a unit.
A summary of what is the UIC Qualys Threat Protection module how to use it.
An overview of Qualys a network vulnerability scanner

Related Services / Offerings (1)

Qualys is a cloud-based vulnerability scanner and threat detector which comes with the ability to run IP based targeted scans or install a lightweight agent on endpoints for continuous monitoring. Qualys not only discovers threats and vulnerabilities but offers known effective ways to solve these threats.