Create Software Rule
Go to Rules > Software Rules > Create Rule to create a new software rule.
Step 1: Basic Information
Enter the rule name and rule description, and click Next.
Step 2: Select Assets
Select tags to include and exclude the assets from the rule.
Click 
to select the assets using asset tags. If you select Any value from the drop-down, the asset with any selected tag will be included/excluded. If you select All value from drop-down, asset having all selected tags will be included/excluded. You can search and select assets with asset tags.
Note: For the newly created asset, the software authorization rule is not applied to the asset because tag evaluation happens after the asset creation. In the subsequent scan, the software authorization rule gets applied to the asset.
Once you select the assets with asset tags to include and exclude, click Next.
Step 3: Select Software
1. Add and select Authorized Software (1), Unauthorized Software (2), and Software that Needs Review (3) to be included in the rule. To do so, Click to select and add software to the rule.
Add Authorized SoftwareAdd Authorized Software
1. From the Software Selector page, select the software that you want to add as an authorized software and click Add to Rule.
Note: Click the Product parameter if you want to add an individual software product to the rule. Click the Publisher parameter if you want to add all software of the selected publisher to the rule. Click the Category parameter if you want to add all software of the selected category to the rule.
Know more if you want to Add Software from Golden Asset ImageAdd Software from Golden Asset Image.
Click Add Software from Golden Asset Image to select the software from Golden Image assets which shows a pop-up to select software.
2. If you want, turn on the Required toggle and select the required QDS from the QDS(If Missing) column. This QDS gets associated with the software you selected as required software.
Note: While creating a new software rule, you can now assign the QDS when adding authorized software to the software rule. The default QDS value is 80 (High).
For the existing software rules in your subscription, the default QDS value is automatically assigned. Also, you can edit the existing software rules to change the default QDS value.
Once you add software in the Authorized bucket, you can mark software as required for the asset. If the required software is not installed on the asset, it will be flagged as 'missing required software' for the asset.
If you want you can modify the version or update the scope, refer to Modify version/update scope.
Add Unauthorized SoftwareAdd Unauthorized Software
1. From the Software Selector page, select the software that you want to add as unauthorized software and click Add to Rule.
Note: Click the Product parameter if you want to add an individual software product to the rule. Click the Publisher parameter if you want to add all software of the selected publisher to the rule. Click the Category parameter if you want to add all software of the selected category to the rule.
2. Select the required QDS from the QDS(If Installed) column. This QDS gets associated with the software you selected as unauthorized software.
Note: While creating a new software rule, you can now assign the QDS when adding unauthorized software to the software rule. The default QDS value is 80 (High).
For the existing software rules in your subscription, the default QDS value is automatically assigned. Also, you can edit the existing software rules to change the default QDS value.
If you want you can modify the version or update the scope, refer to Modify version/update scope.
Add Needs Review SoftwareAdd Needs Review Software
1. From the Software Selector page, select the software that you want to add software as Needs Review Software and click Add to Rule.
Note: Click the Product parameter if you want to add an individual software product to the rule. Click the Publisher parameter if you want to add all software of the selected publisher to the rule. Click the Category parameter if you want to add all software of the selected category to the rule.
If you want you can modify the version or update the scope, refer to Modify version/update scope.
2. Click Next after you add authorized software, unauthorized software, or software that needs review as required.
Step 4: Review and Confirm
Review and confirm your selections. You can edit basic information, select assets, and select software from this step as well if required.
and click Finish. The following message is shown, and the software rule is created.
What to do Next
Click Reorder This Rule to reorder the rule.
Good to Know!
Click View All Rules to see the list of rules.
- From the Quick Actions menu, you can view, edit, delete, disable, and create alerts for the rule. For more information, refer Manage Authorization Rule.
- Software Rules lists the following default rules in the 'Disabled' state:
Apps with Log4j: When enabled, this rule applies to all the software that uses Log4j and that are vulnerable or potentially vulnerable as documented by NCSC-NL. QLYS-CSAM - Log4j Risk dashboard shows assets vulnerable to Log4j with count of apps, Log4j versions, os distribution, etc.
Software Elevating CyberSecurity Risk for Data Center Assets: When enabled, this rule applies to all the software products that elevate Cybersecurity Risk for Data Center Assets.
Most Common Ransomware Attack Vectors: When enabled, this rule applies to all the software products that are most commonly used as Ransomware Attack Vectors. RansomWare (RW) Attack Vectors dashboard allows you to examine your assets with missing antivirus, Cybersecurity Risk for Data Center, Most Common Ransomware Attack Vectors, threat exposure, use previous searches, and swiftly remedy the vulnerabilities that are most important to you.
- Click the Software tab to view the list of software with the publisher, category, authorization, rule name, and rule status.
Also, you can view the software rules based on the criteria, whether the software is authorized or not by the rule, as highlighted in the following screenshot.
To view the software product as authorized/unauthorized, go to Inventory > Software > under the quick actions menu, and click View Authorization Rule.
You can view whether the software product is authorized or not.
- You can also view the missing required software details:
i. Go to Inventory > Software tab.
ii. From the Quick Actions menu for software click View Install List.
iii. Click the asset from the Installation Details page.
iv. Go to the Inventory > Installed Software tab from the Asset Details page. You can view the missing required software details against the software rule and the product. You can click the rule name to view the rule.
Modify version/update scope
Once you add software for the Authorized, Unauthorized, and Needs Review list, click Modify to select the appropriate criteria.
You can select software with different versions and/or update criteria from the following list:
- ANY
- Specific
- In Between
- Above
- Below
Notes:
- Selecting Version and Update criteria in different categories for the same product is prohibited. For example, you are not allowed to select 'Cloud Agent' product with 'Version' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Update' criteria in the 'Authorized' category for the same rule.
- Make sure you have not selected the same specific software (with version and/or update) in different categories. If you select the same specific software in two different categories, it will show an error message for conflict while creating a rule. For example, if you select 'Cloud Agent' product with 'Specific - Version = 4.6' criteria in the 'Unauthorized' category and 'Cloud Agent' product with 'Below - Version = 5.0' criteria in the 'Authorized' category for the same rule, the "Cloud Agent 4.6" will be considered in both the categories which is conflicting.
