adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

feat(qualys/tagsv3): mise a jour catalogue YAML aligne sur taxonomie V3 finale (2026-04-22) - regles QQL exactes Asset Inventory + restreint Server, ENV avec exceptions legacy, POS enumeration starts-with, NOM-LEGACY/TAG-EMV/TAG-OBS/TAG-ELS

Browse Source
This commit is contained in:
Pierre & Lumière 2026-04-29 14:23:55 +02:00
parent 983552a442
commit e79678b640
1 changed files with 141 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

246
deploy/qualys_tags_v3.yaml
View File

@ -1,179 +1,215 @@
# Catalogue des tags Qualys V3 SANEF # Catalogue des tags Qualys V3 SANEF
# Source : SANEF DSI / Sécurité Opérationnelle — Plan d'action Qualys V3 (Mars 2026) # Source : SANEF DSI / Sécurité Opérationnelle — Plan d'action Qualys V3 (validé 2026-04-22, MAJ 2026-04-28)
# Reference complete avec QQL : C:\Claude\sanef\QL\docs\SANEF_Qualys_Tags_V3_RuleTypes_v2.xlsx
# #
# type: DYN (dynamic — création console web Qualys UNIQUEMENT) # type: DYN (dynamic — Tag Rule en console Qualys, recalcul auto a chaque scan)
# STAT (static — création + assignation via API OK) # STAT (static — assignation manuelle ou bulk via SQATM/API)
# auto: True = entierement automatisable (Tag Rule ou script) # auto: True = entierement automatisable (Tag Rule)
# False = necessite decision humaine # False = necessite decision humaine (zones securite, decom, etc.)
# rule_type: "Asset Inventory" obligatoire (Asset Search legacy bug en XML)
categories: categories:
OS: OS:
description: "Système d'exploitation — dynamique sur operatingSystem" description: "Système d'exploitation — dynamique sur operatingSystem + asset.trackingMethod:QAGENT (sauf ESXi)"
tags: tags:
- name: OS-LIN - name: OS-LIN-SRV
type: DYN type: DYN
auto: true auto: true
qql: 'operatingSystem.category1: "Linux"' qql: 'operatingSystem.category1:Linux and operatingSystem.category2:Server and asset.trackingMethod:QAGENT'
color: "#4CAF50" color: "#4CAF50"
- name: OS-WIN description: "Serveurs Linux avec Cloud Agent Qualys (~729)"
type: DYN
auto: true
qql: 'operatingSystem.category1: "Windows"'
color: "#2196F3"
- name: OS-WIN-SRV - name: OS-WIN-SRV
type: DYN type: DYN
auto: true auto: true
qql: 'operatingSystem: "Windows Server"' qql: 'operatingSystem.category1:Windows and operatingSystem.category2:Server and asset.trackingMethod:QAGENT'
color: "#1976D2" color: "#1976D2"
description: "Serveurs Windows Server avec Cloud Agent Qualys (~505)"
- name: OS-WIN-WKS
type: DYN
auto: true
qql: 'operatingSystem.category1:Windows and operatingSystem.category2:Client and asset.trackingMethod:QAGENT'
color: "#2196F3"
description: "Postes de travail Windows avec Cloud Agent Qualys (~2056)"
- name: OS-MAC
type: DYN
auto: true
qql: 'operatingSystem.category1:Mac and asset.trackingMethod:QAGENT'
color: "#546E7A"
description: "Postes macOS avec Cloud Agent Qualys (~7)"
- name: OS-ESX - name: OS-ESX
type: DYN type: DYN
auto: true auto: true
qql: 'operatingSystem: "ESXi"' qql: 'operatingSystem:"ESXi"'
color: "#9C27B0" color: "#9C27B0"
description: "Hyperviseurs VMware ESXi (hors scope, pas d'agent ~2)"
ENV:
description: "Environnement — dynamique sur hostname position 2"
tags:
- name: ENV-PRD
type: DYN
auto: true
qql: 'name: "vp" OR name: "sp" OR name: "lp" OR name: "ls-"'
color: "#F44336"
- name: ENV-REC
type: DYN
auto: true
qql: 'name: "vr" OR name: "sr" OR name: "lr"'
color: "#FF9800"
- name: ENV-PPR
type: DYN
auto: true
qql: 'name: "vi" OR name: "si" OR name: "vo"'
color: "#FFC107"
- name: ENV-TST
type: DYN
auto: true
qql: 'name: "vv" OR name: "vt"'
color: "#CDDC39"
- name: ENV-DEV
type: DYN
auto: true
qql: 'name: "vd" OR name: "sd"'
color: "#8BC34A"
POS:
description: "Périmètre / Domaine — dynamique sur hostname positions 2-N"
tags:
- name: POS-FL
type: DYN
auto: true
qql: 'name: "*bot" OR name: "*boo" OR name: "*boc" OR name: "*afl" OR name: "*sup"'
color: "#009688"
- name: POS-INF
type: DYN
auto: true
qql: 'name: "*dsi" OR name: "*cyb" OR name: "*vsa" OR name: "*iad" OR name: "*bur" OR name: "*aii" OR name: "*ecm" OR name: "*log" OR name: "*vid" OR name: "*gaw" OR name: "*bck" OR name: "*ngw" OR name: "*pct" OR name: "*pix" OR name: "*sim" OR name: "*nms" OR name: "*ges" OR name: "*mon"'
color: "#3F51B5"
- name: POS-PEA
type: DYN
auto: true
qql: 'name: "*pea" OR name: "*osa" OR name: "*svp" OR name: "*adv" OR name: "*rpa" OR name: "*rpn" OR name: "ls-"'
color: "#673AB7"
- name: POS-TRA
type: DYN
auto: true
qql: 'name: "*ame" OR name: "*tra" OR name: "*dai" OR name: "*pat" OR name: "*rau" OR name: "*dep" OR name: "*exp" OR name: "*sig" OR name: "*air"'
color: "#E91E63"
- name: POS-BI
type: DYN
auto: true
qql: 'name: "*dec" OR name: "*sas" OR name: "*bip" OR name: "*apt" OR name: "*pbi" OR name: "*rep"'
color: "#FF5722"
- name: POS-GES
type: DYN
auto: true
qql: 'name: "*int" OR name: "*agt" OR name: "*pin" OR name: "*ech"'
color: "#795548"
- name: POS-DMZ
type: DYN
auto: true
qql: 'name: "*ssi"'
color: "#607D8B"
EQT: EQT:
description: "Type equipement — position 1" description: "Type équipement — V3 (anciennement TYP)"
tags: tags:
- name: EQT-VIR - name: EQT-VIR
type: DYN type: DYN
auto: true auto: true
qql: 'name: "v"' qql: 'asset.name:v* and not operatingSystem.category2:"Client"'
color: "#00BCD4" color: "#00BCD4"
description: "Machines virtuelles (hors postes clients) (~956)"
- name: EQT-SRV - name: EQT-SRV
type: DYN type: DYN
auto: true auto: true
qql: 'name: "l" OR name: "s"' qql: '(asset.name:l* or asset.name:s*) and not operatingSystem.category2:"Client" and not asset.name:svp*'
color: "#03A9F4" color: "#03A9F4"
description: "Serveurs physiques (hors VM, equipements reseau et postes SVP) (~307)"
- name: EQT-SWI - name: EQT-SWI
type: DYN type: DYN
auto: true auto: true
qql: 'name: "n"' qql: 'operatingSystem.category1:"Network Operating System"'
color: "#4DD0E1" color: "#4DD0E1"
description: "Equipements reseau (Juniper JUNOS, F5, Cisco PIX, Pulse Secure) (~72)"
SPEC_AUTO: ENV:
description: "Tags spécifiques automatisables" description: "Environnement — règles V3 + exceptions legacy + restreint Server"
tags: tags:
- name: TAG-OBS - name: ENV-PRD
type: DYN type: DYN
auto: true auto: true
qql: 'operatingSystem: "Windows Server 2008" OR operatingSystem: "Windows Server 2012" OR operatingSystem: "CentOS release 6" OR operatingSystem: "Red Hat Enterprise Linux Server release 6"' qql: '(asset.name:vp* or asset.name:sp* or asset.name:lp* or asset.name:ls-* or asset.name:lam* or (asset.name:vmm* and asset.fqdn:*.sanef-int.adds)) and not (asset.name:vppi* or asset.name:lamar* or asset.name:lamr* or asset.name:lamt* or asset.name:vmamr* or asset.name:vmamd* or asset.name:vmrgmao7 or asset.name:vmcmdb1 or asset.name:vmcmdb2) and operatingSystem.category2:"Server"'
color: "#B71C1C" color: "#F44336"
description: "Production - V3 (vp/sp/lp/ls-) + legacy lam* (sauf lamar/lamr/lamt) + vmm*.sanef-int.adds, restreint Serveurs (~772)"
- name: ENV-REC
type: DYN
auto: true
qql: '(asset.name:vr* or asset.name:sr* or asset.name:lr* or asset.name:lamar* or asset.name:lamr* or asset.name:lamt* or (asset.name:vmd* and asset.fqdn:*.recette.adds) or asset.name:vmamr* or asset.name:vmrgmao7 or asset.name:vmcmdb1 or asset.name:vmcmdb2) and not (asset.name:vrsupbmap1 or asset.name:vrsupbmbi1) and operatingSystem.category2:"Server"'
color: "#FF9800"
description: "Recette - V3 (vr/sr/lr) + legacy lamar/lamr/lamt + AME (vmamr*, vmrgmao7, vmcmdb1/2) + vmd*.recette.adds, exclut exceptions TST (~302)"
- name: ENV-PPR
type: DYN
auto: true
qql: '(asset.name:vi* or asset.name:si* or asset.name:vo* or asset.name:vppi*) and operatingSystem.category2:"Server"'
color: "#FFC107"
description: "Pre-Production - V3 (vi/si/vo/vppi), restreint Serveurs (~76)"
- name: ENV-TST
type: DYN
auto: true
qql: '(asset.name:vv* or asset.name:vt* or asset.name:sv* or asset.name:vrsupbmap1 or asset.name:vrsupbmbi1) and not asset.name:svp* and operatingSystem.category2:"Server"'
color: "#CDDC39"
description: "Test - V3 (vv/vt/sv) + exceptions vrsupbmap1/bmbi1, EXCLUT svp* (postes SVP), restreint Serveurs (~83)"
- name: ENV-DEV
type: DYN
auto: true
qql: '(asset.name:vd* or asset.name:sd* or asset.name:vmamd*) and operatingSystem.category2:"Server"'
color: "#8BC34A"
description: "Developpement - V3 (vd/sd) + AME dev (vmamd*), restreint Serveurs (~21)"
POS:
description: "Périmètre / Domaine applicatif — enumération starts-with (Tag rule ne supporte PAS contains *X*)"
tags:
- name: POS-FL
type: DYN
auto: true
qql: '(asset.name:vpbot* or asset.name:vrbot* or asset.name:vibot* or asset.name:vvbot* or asset.name:vdbot* or asset.name:vpboo* or asset.name:vrboo* or asset.name:viboo* or asset.name:vvboo* or asset.name:vdboo* or asset.name:spboo* or asset.name:siboo* or asset.name:svboo* or asset.name:vpboc* or asset.name:vrboc* or asset.name:viboc* or asset.name:vvboc* or asset.name:vdboc* or asset.name:spboc* or asset.name:siboc* or asset.name:vpafl* or asset.name:vrafl* or asset.name:viafl* or asset.name:vvafl* or asset.name:vdafl* or asset.name:vpsupa* or asset.name:vrsupa* or asset.name:visupa* or asset.name:vvsupa* or asset.name:vpsupb* or asset.name:vrsupb* or asset.name:vppeaab* or asset.name:vrpeaab* or asset.name:vipeaab* or asset.name:vvpeaab* or asset.name:vrpeaak* or asset.name:vppeab* or asset.name:vrpeab* or asset.name:vipeab* or asset.name:vvpeab* or asset.name:vppeah* or asset.name:vrpeah* or asset.name:vipeah* or asset.name:vvpeah* or asset.name:vpnit*) and operatingSystem.category2:"Server"'
color: "#009688"
description: "Flux Libre - Free Flow (BOT/BOO/BOC), AFL, Supervision, BOOST peage, restreint Serveurs"
- name: POS-INF
type: DYN
auto: true
qql: 'See file C:\\Claude\\sanef\\QL\\inputs\\dom_inf_rule_v2.txt — 91 prefixes (DNS/AD/Sauvegarde/SCCM/Logs/etc) + 16 NOT exclusions + and operatingSystem.category2:"Server"'
color: "#3F51B5"
description: "Infrastructure DSI - 91 prefixes avec exclusions Gestion/Trafic, voir dom_inf_rule_v2.txt"
- name: POS-PEA
type: DYN
auto: true
qql: '(asset.name:ls-* or asset.name:lrpea* or asset.name:vdosa* or asset.name:viosa* or asset.name:vpadv* or asset.name:vpalb* or asset.name:vpbipa* or asset.name:vpboe* or asset.name:vposa* or asset.name:vppbo* or asset.name:vppeaaa* or asset.name:vppeaae* or asset.name:vppeaar* or asset.name:vpppear* or asset.name:vpppeas* or asset.name:vprpa* or asset.name:vprpn* or asset.name:vprps* or asset.name:vpsimas* or asset.name:vradv* or asset.name:vraiia* or asset.name:vrboe* or asset.name:vrffb* or asset.name:vrgrs* or asset.name:vrosa* or asset.name:vrpeaar* or asset.name:vrrpa* or asset.name:vrrpn* or asset.name:vrrps* or asset.name:vrsvp*) and operatingSystem.category2:"Server"'
color: "#673AB7"
description: "Peage - sites geo (ls-*), OSAP, SVP, ADV, RPA, RPN, BoE, FFB, GRS, BIP, ALB, BO, restreint Serveurs"
- name: POS-TRA
type: DYN
auto: true
qql: '(asset.name:vpame* or asset.name:vrame* or asset.name:viame* or asset.name:vvame* or asset.name:vdame* or asset.name:vmame* or asset.name:vmamp* or asset.name:vmamr* or asset.name:vmamd* or asset.name:vpdai* or asset.name:vrdai* or asset.name:vidai* or asset.name:vppat* or asset.name:vrpat* or asset.name:vipat* or asset.name:vprau* or asset.name:vrrau* or asset.name:vpdep* or asset.name:vrdep* or asset.name:vpsig* or asset.name:vrsig* or asset.name:visig* or asset.name:vpair* or asset.name:vrair* or asset.name:vpexpa* or asset.name:vpexpb* or asset.name:vpgmo* or asset.name:vrgmo*) and not (asset.name:vpexpaxfb* or asset.name:vpexpbdech*) and operatingSystem.category2:"Server"'
color: "#E91E63"
description: "Trafic - AME/Sextan/Octan, Aquarius, Isis, RAU/ASUR, GDEPA, SIG, GMO + legacy vmam*, restreint Serveurs"
- name: POS-BI
type: DYN
auto: true
qql: '(asset.name:vdrep* or asset.name:vpapt* or asset.name:vpbipb* or asset.name:vpdec* or asset.name:vppbi* or asset.name:vpsas* or asset.name:vraptb* or asset.name:vrbip* or asset.name:vrdec* or asset.name:vrpbi*) and not (asset.name:vpapta* or asset.name:vrapta*) and operatingSystem.category2:"Server"'
color: "#FF5722"
description: "Business Intelligence - SAS Decisionnel/Viya, Bip&Go, Power BI, Reporting, exclut Apta (= GES), restreint Serveurs"
- name: POS-GES
type: DYN
auto: true
qql: '(asset.name:lpagt* or asset.name:lragt* or asset.name:vdechat* or asset.name:vpagt* or asset.name:vpechat* or asset.name:vpint* or asset.name:vppin* or asset.name:vragt* or asset.name:vrechat* or asset.name:vrint* or asset.name:vpaiiat* or asset.name:vrdsiat* or asset.name:vpgesb* or asset.name:vrapta*) and operatingSystem.category2:"Server"'
color: "#9E9D24"
description: "Gestion - Institutionnel, Intranet, AgileTime, Talend ETL, Echat, Apta, Aide pilotage, restreint Serveurs"
SPEC_AUTO:
description: "Tags spécifiques automatisables (Tag Rule)"
tags:
- name: NOM-LEGACY
type: DYN
auto: true
qql: '(operatingSystem.category2:"Server" or operatingSystem.category1:"Network Operating System") and not (asset.name:vp* or asset.name:vr* or asset.name:vi* or asset.name:vv* or asset.name:vd* or asset.name:vt* or asset.name:vo* or asset.name:vs* or asset.name:sp* or asset.name:sr* or asset.name:si* or asset.name:sd* or asset.name:sv* or asset.name:ss* or asset.name:st* or asset.name:so* or asset.name:lp* or asset.name:lr* or asset.name:ls-* or asset.name:li* or asset.name:lv* or asset.name:ld* or asset.name:lt*)'
color: "#795548"
description: "Asset (Serveur ou Network OS) avec nommage pre-V3 a renommer - KPI dette de conformite (~219)"
- name: TAG-EMV - name: TAG-EMV
type: DYN type: DYN
auto: true auto: true
qql: 'name: "*emv" OR name: "*pci"' qql: '(asset.name:vpemv* or asset.name:lpemv* or asset.name:lremv* or asset.name:vemvr* or asset.name:spemv* or asset.name:vemvs*) and operatingSystem.category2:"Server"'
color: "#D500F9" color: "#D500F9"
description: "Asset en zone EMV/PCI-DSS - patching renforce, audits conformite, restreint Serveurs (~34)"
- name: TAG-OBS
type: DYN
auto: true
qql: 'operatingSystem:"Windows XP" or operatingSystem:"Windows Server 2003" or operatingSystem:"Windows Server 2008" or operatingSystem:"Windows Server 2008 R2" or operatingSystem:"Windows Server 2012" or operatingSystem:"Windows 7" or operatingSystem:"Windows7" or operatingSystem:"Red Hat Enterprise Linux Server 5" or operatingSystem:"Red Hat Enterprise Linux Server 6" or operatingSystem:"Red Hat Enterprise Linux Server 7" or operatingSystem:"CentOS 5" or operatingSystem:"CentOS 6" or operatingSystem:"CentOS 7" or operatingSystem:"Ubuntu 14" or operatingSystem:"Ubuntu 16" or operatingSystem:"Ubuntu 18" or operatingSystem:"Debian 8" or operatingSystem:"Debian 9" or operatingSystem:"Oracle Linux 5" or operatingSystem:"Oracle Linux 6" or operatingSystem:"SLES 11" or operatingSystem:"SLES 12" or operatingSystem:"Solaris 10" or operatingSystem:"AIX 6.1"'
color: "#B71C1C"
description: "OS obsolete/EOL : Win XP/7/2003/2008/2012, RHEL 5/6/7, CentOS 5/6/7, Ubuntu 14/16/18, Debian 8/9, Oracle Linux 5/6, SLES 11/12, Solaris 10, AIX 6.1. PAS de filtre Server (~190)"
SPEC_MANUAL: SPEC_MANUAL:
description: "Tags spécifiques non automatisables (decision humaine)" description: "Tags spécifiques non automatisables (decision humaine, assignation via SQATM ou API)"
tags: tags:
- name: TAG-SED - name: TAG-SED
type: STAT type: STAT
auto: false auto: false
description: "Securite Exposition Directe — IP publique / NAT direct"
color: "#C62828" color: "#C62828"
description: "Securite Exposition Directe — frontaux DMZ avec IP publique (~10 frontaux). Cible bulk SQATM. Long terme : passer en dynamique avec IP CIDR DMZ (83.68.96.0/24 Juniper, 83.68.99.0/24 F5)."
- name: TAG-SEI - name: TAG-SEI
type: STAT type: STAT
auto: false auto: false
description: "Securite Exposition Indirecte — derriere frontal"
color: "#EF6C00" color: "#EF6C00"
description: "Securite Exposition Indirecte — backends DMZ derriere frontal (~22 backends). Cible bulk SQATM."
- name: TAG-ELS
type: STAT
auto: false
color: "#00838F"
description: "Extended Life Support — serveurs sous contrat ELS (Microsoft/Red Hat). Tag vide a remplir manuellement (DSI). Permet d'exclure un asset de TAG-OBS."
- name: TAG-DEC - name: TAG-DEC
type: STAT type: STAT
auto: false auto: false
description: "Decommissionnement en cours"
color: "#6D4C41" color: "#6D4C41"
description: "Decommissionnement en cours — exclusion temporaire des plans de patching et alertes."
- name: TAG-INT - name: TAG-INT
type: STAT type: STAT
auto: false auto: false
description: "Integration / Implémentation en cours"
color: "#FDD835" color: "#FDD835"
description: "Integration / Implementation en cours — serveur en construction, alertes informationnelles."
- name: TAG-SIC - name: TAG-SIC
type: STAT type: STAT
auto: false auto: false
description: "Zone SIC — Systeme Information Classifie"
color: "#1A237E" color: "#1A237E"
description: "Zone SIC — Systeme Information Classifie."
- name: TAG-SIA - name: TAG-SIA
type: STAT type: STAT
auto: false auto: false
description: "Zone SIA — Systeme Information Administration"
color: "#283593" color: "#283593"
description: "Zone SIA — Systeme Information Administration."
PREFIXES_MANUAL: PREFIXES_MANUAL:
description: "Prefixes statiques pour tags nominatifs (crees a la demande via API)" description: "Prefixes statiques pour tags nominatifs (crees a la demande via SQATM ou API)"
prefixes: prefixes:
- prefix: APP- - prefix: APP-
description: "Application hebergee — APP-SAT, APP-JIRA, APP-GLPI..." description: "Application hebergee — APP-SAT, APP-JIRA, APP-GLPI, APP-ITOP, APP-ZABBIX..."
- prefix: BDD- - prefix: BDD-
description: "Type de base de donnees — BDD-ORA, BDD-PG, BDD-SQL..." description: "Type de base de donnees — BDD-ORA, BDD-PG, BDD-SQL, BDD-MYSQL, BDD-MONGO..."
- prefix: VRF- - prefix: VRF-
description: "VRF reseau — VRF-TRAFIC, VRF-EMV..." description: "VRF reseau — VRF-TRAFIC, VRF-EMV, VRF-INFRA..."
- prefix: MID- - prefix: MID-
description: "Middleware — MID-TOMCAT, MID-HAPROXY..." description: "Middleware — MID-TOMCAT, MID-HAPROXY, MID-NGINX, MID-IIS..."
- prefix: VULN-
description: "Pondération vuln/risque — VULN-CRIT-EXP (vuln critique exposee), VULN-EXEMPT (exemption validee)."