The Inventory > Assets tab gives you asset information, such as identity, running services, installed software, open ports, users, and more. CyberSecurity Asset Management (CSAM) gives you deep visibility into your assets, granting you a detailed, multidimensional view of each one that encompasses both its IT and security data. You can flag issues such as configuration problems, security risks, IT policy violations, and regulatory non-compliance with an asset profile that includes a wealth of data.
You can see an overview of assets in your organization from the Assets tab.
Important:
When you navigate to the Inventory tab and turn the EASM toggle on, you can see the Vulnerabilities tab that lists all the vulnerabilities detected using the EASM lightweight scan. For more information. see Vulnerabilities Detected Using EASM Lightweight Scan.
Note that the EASM lightweight scan feature is available to limited customers as an early preview available on a request basis. Contact your Technical Account Manager or Qualys Support. For more information, see CSAM 2.18 UI RN.
(1) Search for assets: You can search for assets using a Qualys Query Language (QQL) query for a specific timeframe. For more information, see Qualys Query Language.
Note: The date search is evaluated only for UTC format for all date-related tokens. The actual search results might show you the date as per your time zone.
(2) Bar chart representation: You can see bar charts for the top hardware and operating system categories. Click a specific bar from the chart to view the list of specific assets for the respective criterion. To know more about these categories, see the Usage Guides - Hardware and Operating System in the Appendix.
(3) Search criteria provided in the left pane: You can view the total assets matching your search criteria and the asset manufacturer and asset tags with their count of assets from the left pane. Click the count of assets to view the list of assets.
(4) Quick Actions Menu: You can perform multiple actions, such as viewing asset details, adding tags to the asset, and purging the asset from the Quick Actions menu.
- You can not purge GCP assets using the on-demand method (from Inventory > Assets) tab.
- In a single operation, you can add tags to a maximum of 10,000 assets. For more information, see Manage Asset Tags.
(5) Asset Criticality Score: You can see the asset criticality score for the assets. For more information, see Asset Criticality Score.
(6) TruRisk Score: You can see the TruRisk Score of the asset. The TruRisk score enables you to prioritize vulnerabilities, assets, and groups of assets based on the actual risk they pose to the organization. For more information, see TruRisk Score.
(7) Asset discovery Sources: You can see different sources from where the asset was discovered. For more information, see Sources Column Details.
(8) Group assets based on criteria or categories, such as External Attack Surface, Operating System, Hardware, AWS, and so on. As shown in the following example, for some of the categories, further subcategories are also available.
- Assets discovered by Cloud Agent as Passive Sensor
- Software Composition Analysis
- Download Asset Details Information
- Activate Passive Sensor Assets
- View Unresolved Domain Details