If Asset Tagging is enabled in a scan, I am assuming that something is written to the target host (probably registry in the case of Windows, and a simple file for shell targets), but I cant seem to find information on where this is. I need to create test scripts to confirm that the assets are actually indeed being assigned a unique MVM ID - just in case the Asset label was used, I searched for this in the registry of a scanned Windows host (credentialled scan was successful in this instance), and I couldnt find it. Cant seem to find anything in the documentation I have either!
Could anybody point me in the right direction?
I was always under the impression that the Tags are done inside the MVM database based upon some unique identifiers (like MAC address). So, the endpoints shouldn't reflect a tag.
The McAfee documentation isnt great in this respect - you are likely referring to asset tagging within the product, and not the actual unique ID asset tagging I am asking about. Any asset already in the database can be assigned a tag (manual tagging) and we now also have dynamic tagging so you can set tagging rules based on asset properties. This isnt the tagging I am referring to, but the option within the scan configuration and is referenced in the product guide:
"FS Asset ID – If Asset Tagging is enabled for a scan, the product uses a unique McAfee Vulnerability Manager Asset ID on discovered hosts. In subsequently scans, this ID is used to uniquely identify the host. This improves the accuracy of asset reconciliation across scans."
So I think McAfee uses the same term 'asset tagging' for two different things.