Vulnerabilities Detected Using EASM Lightweight Scan

Under the Inventory tab, a new tab, Vulnerabilities, is introduced that lists all the vulnerabilities detected using the EASM lightweight scan. By default, vulnerabilities of type Information are excluded. Also, as it's an EASM-specific feature, the Vulnerabilities tab is visible only when the EASM toggle is on. 

Note: The EASM Lightweight Scan feature is available to limited customers as an early preview available on a request basis. Contact your Technical Account Manager or Qualys Support. To know more about an overview and benefits of the EASM lightweight scan feature, see CSAM 2.18 UI Release Notes.

Prerequisites

- Your account must be Vulnerability Management Scan Processing (VMSP) migrated.

- New Data Security Model (NDSM), QIDS, and Asset Group Management Service (AGMS) must be enabled for your subscription.

Vulnerabilities tab.

Left Pane Filters: You can filter the vulnerabilities based on the Severity, Category, Operating System, Type Detected, Status, and CVSS Rating filters from the left pane.

Group by: You can also group vulnerabilities based on multiple Groups by options, such as Org/subsidiary, Domain, Subdomain, Vulnerability, and Detection Age.

View Vulnerability Details: You can view the vulnerability details from the Quick Actions menu next to the QID. You can access multiple tabs from the left pan of the Vulnerability Details to see the respective details.

Vulnerability Details.

Download Vulnerability Details: You can download the report in CSV, HTML, XML, and PDF formats. While downloading the report for vulnerabilities detected using the EASM lightweight scan, you can now see CVE and QID options on the Download Formats page. When you select the CVE option, the report includes the CVE details for the QIDs. 

CVE and QID Download Types.