Release 2.17.0.0

March 04, 2024

What's New?

CSAM pill.

CyberSecurity Asset Management

Multiple EASM Profile Creation

Before this release, it was possible to create only one EASM profile for your subscription. With this release, you can create multiple EASM profiles for your subscription. 

 The multiple EASM profile creation feature is exposed to limited customers. It’s in early preview and available on a request basis. Contact support for more information.

Benefits

  • Enables you to control the external attack surface of global organizations with distributed IT owners and support centers.
  • Allows you to assess the external attack surfaces and security postures of potential Mergers & Acquisitions.
  • Provides greater flexibility to administrators to manage profiles independently by creating, updating, and deleting profiles individually.

EASM multiple profiles created.

  • When enabled for your subscription, the EASM Configuration screen shows the Account Type as Multi Profile.
  • The Profile Created count is shown as X/Y, indicating the number of profiles created/maximum profiles you can create.
  • The Add Profile button is disabled if you have consumed the maximum profile creation count granted.  

 The number of profiles that can be created is set per subscription based on the customer's requirement, up to a maximum of 20.

Actions You Can Perform from the EASM Profile Tile

  • By clicking the  Actions menu. menu from the EASM profile tile, you can edit, activate, deactivate, and delete the EASM profile and generate EASM reports on data for that profile. These actions can be limited via role-based access controls in the Administration application.
  • By clicking the assets count, you are navigated to the Inventory page, where you can see the summary of assets scanned or synced using that profile.
  • By clicking the View View icon. icon, you can view the EASM profile.

Actions you can perform from EASM profile tile.

The following are the EASM multiple-profile capabilities in brief. For detailed information, refer to the EASM Multiple Profile section from the Online Help.

  • After the profile creation is completed, you can choose to save the profile, or you can choose to save the profile as a default one. 
  • If you edit the existing profile but want to disregard the changes, you can choose to Reset the changes to default. The benefit of this option is your original profile is retained, and the changes made are not applied to it until you save the profile.
  • You can see the dashboard showcasing consolidated data of all assets synced through all EASM profiles.

Qualys provides an External Attach Surface Dashboard template that you can use to see data from all profiles.

Example:
Dashboard.

Enhancements to EASM Profile (Standard Account Type)

With this release, enhancements are made for a single EASM profile per subscription. As a result, you can view the EASM profile details at a glance. Also, you can complete the actions using the Actions menu. menu from the EASM profile tile.

- You can now see the EASM profile tile from the Configuration > EASM Configuration tab. The Account Type is mentioned as Standard, and your profile is renamed as EASM Default Profile, but you can edit the profile name. You can complete multiple actions from the EASM profile tile.

One EASM profile per subscription.

As highlighted in the screen capture, you can see the important and required details at a glance.
View EASM Profile.

  • After the profile editing is completed, you can choose to update the profile, or you can choose to save the profile as Default.
  • An option is also provided to reset that profile to its default setting in case you want to undo your changes and revert to what was saved as a default.

Additional Vector to Extend TruRisk with CSAM Detection 

With the earlier CSAM 2.16.1.0 release, CSAM extended the TruRisk by adding additional vectors, such as end-of-life & end-of-support (EoS) software, unauthorized software, unauthorized ports, and missing required software. For more information, see CSAM 2.16.1 UI RN.

With this CSAM 2.17.0.0 release, an additional risk vector, the  End of Support Operating System, is introduced to extend the TruRisk with CSAM detections.

If the operating system is at the end of support or operating systems that will be End-of-support within the next 12 months are also scored for risk, such an operating system is now included in calculating the TruRisk. 

When you go to the Security > TruRisk Score tab from the Asset Details page, you can see the End of Support tab, and you can now see the end-of-support operating system details along with the end-of-life and end-of-support software.

End-of-support operating system details.

When you hover over the EOS lifecycle, you can get detailed information about the EOS operating system.

Detailed information about EOS system.

Additions and Updates to the Reporting Templates

A new Certificate Details report is introduced. You can create certificate reports, including certificates associated with Managed and Unmanaged assets discovered from Cloud Agent, IP, and EASM inventory sources.

Externally Exposed Asset Details report section changes:

- The Application Stack Details report template is renamed as EASM Software Details.

- The Certificates Details report is renamed as EASM Certificate Details, which contains Certificate information discovered by EASM.

CSAM and GAV pill.

CyberSecurity Asset Management and Global AssetView

Certificates Discovered Through Various Inventory Sources 

Qualys Certificate View application provides a comprehensive view of all the SSL/TLS certificates across your enterprise and cloud-hosted managed assets. With this release, CSAM integrates with the Qualys Certificate View application, allowing you to view certificates from the Qualys Certificate View application. Moreover, CSAM also enables you to view certificates for unmanaged assets.

A new tab, Certificates, is added under the Inventory tab. From this tab, you can see certificates for managed and unmanaged assets discovered from Cloud Agent, IP, and EASM inventory sources. 

  • When you toggle to CSAM, you can view certificate details for assets discovered from Cloud Agent, IP, and EASM discovery sources.
  • When you toggle to EASM, you can see certificate details for assets discovered only from the EASM discovery source. For more information, refer to View Certificates and View Certificate Details.
  • You can see the tiles that show the count of Expired, Expiring, Low Grade, and Qualys Renewable certificates. 
  • You can see the details of certificates, such as organization, name of the issuer, algorithm, sources, and so on.

Certificates tab.

You can click the respective certificate, and from the Certificate Details, you can get the detailed certificate information. 

Certificates details page.

Installation Path and Last Use Date Details for Windows Cloud Agent Assets

For Windows Cloud Agent assets, you can now see the Installation Path and the Last Use Date details for the software from the Inventory > Installed Software tab on the Asset Details page. 

Prerequisites

  • Windows Cloud Agent version 5.5
  • The prefetch file from the Cloud Agent

Before this release, in the case of Windows Cloud Agent assets, the Installation Path and the Last Use Date details were not shown for most assets. This data is now shown for almost all assets.

The coverage or the number of software detected is now substantially increased with the help of the Windows prefetch file. If the product name and software version details from the prefetch file match the corresponding software name and version identified during the Cloud Agent scan, then the software's Installation Path and the Last Use Date details are shown.

Installation Path and Discovery Sources Details.

Security enhancement for Tag scoping

With this release, the Show Tags in the User Scope checkbox is added to the Select Tags page under the All Tags tab. This enhancement will be available after the RX 2.28.0 release.

This implementation ensures that the non-manager users, such as sub-users, can access only those assets the Manager role has explicitly granted.

Tag-specific Permissions to Sub-Users

  • Sub-users cannot create a child tag for a tag added to its scope.
  • Sub-users do not require edit permission to edit a tag they created. However, delete permission is necessary to delete the tag.

Show Tags in User Scope check box.

  • When the Show Tags in User Scope check box is selected, the tags in your scope are listed. 
  • When the Show Tags in User Scope check box is cleared, you can see all tags in the subscription. The tags that are outside your scope are shown with a lock symbol.  

Discovery Sources Details for Installed Software and Open Ports

With this release, you can now see the discovery sources for software and open ports from the Asset Details page.

Go to the Inventory > Installed Software tab from the Asset Details page. You can see two tabs, Application and Other. Click the software from the Application tab, and you can see the discovery sources from which the software was discovered.

 Before this release, the EASM detected application stack and open ports details were displayed only under the Open Ports and Application Stack tabs under the External Attack Surface section of Asset Details. With this release, all the EASM discovered software and open ports are also listed under the Open Ports and Installed Software sections of Asset Details.

Discovery Sources details.

Go to the Inventory > Open Ports tab and click the port listed under the Port column. You can see the discovery sources from which the open ports are discovered. 

 If multiple discovery sources discover the software and open ports, all the discovery sources are shown as a comma-separated list.

New Tokens

Refer to the following tables to learn more about the tokens added for CSAM.

Click here to view tokens you can access from various tabs (CSAM-specific)Click here to view tokens you can access from various tabs (CSAM-specific)

Token Name Description Tab
operatingSystem.lifecycle.detectionScore  Find the operating systems based on the specified lifecycle detection score. Inventory, Dashboard, and Rules
missingSoftware.detectionScore Find the software based on the specified missing software detection score. Inventory, Dashboard, and Rules.
software:(authorizationDetectionScore  Find the installations of the software product with the QDS you're looking for.

Tags 

tag creation wizard (Dynamic tag > Asset Inventory rule).

software:(lifecycle.detectionScore Find the software based on the specified lifecycle detection score  

software:(authorization
 
Find the installations of the software product based on the specified authorization. Examples: Authorized, Unauthorized, or Needs Review.

Tags

tag creation wizard (Dynamic tag > Asset Inventory rule).

openPorts:(authorization Find the ports based on the specified authorization. Examples: Authorized, Unauthorized, or Needs Review to filter the ports.

Tags

tag creation wizard (Dynamic tag > Asset Inventory rule).

Refer to the following tables to learn more about the tokens added for CSAM and GAV. 

Click here to view tokens you can access from the Certificates tab (CSAM and GAV)Click here to view tokens you can access from the Certificates tab (CSAM and GAV)

Token Name Description
asset:(name Find certificates for the specified asset name.
asset:(interfaces.hostname Find certificates for the specified interface hostname.
asset:(interfaces.address Find the certificate details for the specified host IP address.
asset:(netbiosName Find the certificate details for the specified host NetBios name.
asset:(operatingSystem Find certificates for the specified operating system.
asset:(tags.name Find certificates for the specified tag name.
certificate:(approved Find certificates from approved CAs. Supported values are true and false.
certificate:(dn Find certificates that have the specified subject identifier in the certificate subject distinguished name (DN).
certificate:(certhash Find certificates for the specified certificate fingerprint.
certificate:(issuer.country Find certificates that have the specified country mentioned in the issuer distinguished name.
certificate:(issuer.organization Find certificates that have the specified organization mentioned in the issuer distinguished name.
certificate:(issuer.name Find certificates with the specified name of the issuing certificate authority.
certificate:(issuer.organizationUnit Find certificates that have the organization unit mentioned in the issuer distinguished name.
certificate:(issuerCategory Find certificate for the specified category of certificate.
certificate:(keySize Find certificates for the specified key length of a certificate.
certificate:(subject.country Find certificates for specified country mentioned in the subject distinguished name.
certificate:(subject.organization Find certificates for the organization mentioned in the subject distinguished name.
certificate:(subject.name Find certificates with the specified subject name.
certificate:(subject.locality Find certificates with the specified locality mentioned in the subject distinguished name.
certificate:(subject.state Find certificates with the specified state mentioned in the subject distinguished name.
certificate:(subjectAlternativeNames.dnsName Find certificates with the specified DNS Name in Certificate Subject Alternate Name (SAN).
certificate:(subjectAlternativeNames.ipAddress Find certificates that have the specified IP address in Certificate SAN.
certificate:(validFrom Find certificats for the specified validation date. You can specify the range or specific date.
certificate:(validTo Find certificates that are valid up to the specified date. You can specify the range or specific date.
certificate:(validity Find certificats that are valid based on the validity period you specified. For example, you can find certificates that are valid for 100 days, certificates that are valied for an year, and so on.
certificate:(serialNumber Find certificates with the specified serial number.
certificate:(expiryGroup Find the certificates from one of the groups you specified. The categories are Expired, In 30 Days, In 60 Days, In 90 Days.
certificate:(isRenewable Find the certificates that are renewable. The supported values are true and false.
certificate:(selfSigned Find the certificates that are self signed.
instance:(cipherSuites.value Find the certificates with the specified cipher suit enabled in the SSL/TLS instance.
instance:(fqdn Find the certificates with the specified host FQDN.
instance:(grade Find certificates with the specified Certificate Grade.
instance:(port Find certificates with the specified listening port open.
instance:(service Find the certificates with the specified service.
instance:(sources Find the certificates for assets that are scanned with the specified source.
instance:(sslProtocols Find the certificates for assets with the specified SSL/TLS protocol enabled.
instance:(vulns.severity Find the certificates for assets with the specified vulnerability severity.
instance:(vulns.title Find the certificates for assets with the specified vulnerability title.
asset:(assetID Find the certificates for the specified asset Id.
asset:(created Find the certificates for the specified asset creation date.
asset:(lastUpdated Find the certificates for assets that are last updated on the specified date.
asset:(criticalityScore Find the cetificates for assets with the specified criticality score.
asset:(riskScore Find the certificates for assets with the specified risk score.
asset:(activatedForModules Find the certificates for assets that are activated for the specified modules.
asset:(org.name Find the certificates for assets with the specified organization name.
asset:(isp Find the certificates for assets with the specified ISP.
asset:(domain Find the certificats for assets with the specified domain.
asset:(subdomain Find the certificats for assets with the specified asset subdomain.
asset:(supportGroup Find the certificates for assets with the specified support group.
asset:(businessApp.name Find the certificates for assets with the specified business application name.
asset:(businessApp.businessCriticality Find the certificates for assets with the specified business application business criticality.
asset:(businessApp.supportGroup: Find the certificates for assets with the specified business support group.
asset:(operatingSystem.category1 Find the certificates for assets with the specified operating system category 1.
asset:(operatingSystem.category2 Find the certificates for assets with the specified operating system category 2.
asset:(hardware.category1 Find the certificates for assets with the specified hardware category 1.
asset:(hardware.category2 Find the certificates for assets with the specified hardware category 2.
asset:(provider Find the certificates for assets with the specified provider.
asset:(inventory.source Find the certificates for assets with the specified inventory source.
asset:(inventory.created Find the certificates for assets with the specified inventory created date.
asset:(inventory.lastUpdated Find the certificates for assets with the specified inventory last updated date.

Click here to view tokens that you can access from various tabs (CSAM and GAV)Click here to view tokens that you can access from various tabs (CSAM and GAV)

Token Name Description Tab
inventory:(created Find assets based on the specified inventory created date. Inventory, Dashboard, and Rules.
inventory:(lastUpdated Find assets based on the specified inventory updated date. Inventory, Dashboard, and Rules.
openPorts:(discoverySources Find open ports based on the specified discovery sources. Inventory and Dashboard
software:(discoverySources Find software based on the specified discovery sources. Inventory and Dashboard

Issues Addressed

See the summary of customer CRMs fixed in this release.

Component/Category Description
CSAM+GAV-UI The issue regarding the AWS assets status discrepancy is fixed.
CSAM+GAV-UI The issue was observed in the case of assets running in AWS or Azure but discovered by cloud agents. The AWS or Azure was also shown as one of the sources under the Sources column on the Asset Inventory page. This issue is now fixed.
CSAM+GAV-UI The following issues observed in the case of open ports report are fixed. The report was not completed, and no error was shown. Also, the report status was shown as generated, but the user could not download the report.
CSAM+GAV-API Though the asset was successfully created from the Webhook API, the asset details page for the respective asset couldn't open from the CSAM UI, and an error mentioned "Failed to load Asset Details" was shown.
CSAM+GAV-UI A discrepancy in the Internet Facing Asset count shown on the EASM Summary Report and Asset Inventory page is fixed.
CSAM+GAV-UI The issue was observed where the CSAM application crashed when the user navigated from the EASM inventory to the Web Applications tab by selecting the Group by option, which was not available on the Web Applications tab.
CSAM+GAV-UI The issue regarding generating the inventory download report using the QQL query with the "and" operator in between is fixed. 
CSAM+GAV-API The issue regarding the last boot information not being shown on the Asset Details page for the specific format is now fixed.
CSAM+GAV-UI The page division from the software catalog shows a blank results view is fixed.
CSAM+GAV-UI The issue regarding the Remove All in EASM Configuration Profile not working as expected is fixed. After clicking Remove All, the profile will be deleted, and you will be redirected to the Configure EASM Profile page. For the Standard Account, when the profile is created for the first time, you will see the default EASM configuration in an editable mode. For a Multi Profile account, after clicking Remove All, the profiles will be deleted, and then you can click Add Profile to create a new profile.
CSAM+GAV-UI The issue regarding incorrect hardware data getting displayed for many cloud agent assets is fixed.
CSAM+GAV-UI The issue was fixed where, in the case of GAV, when the last 30 days filter was selected, assets beyond 30 days were displayed.
CSAM+GAV-UI The issue is fixed wherein, despite the software not being detected in the subsequent scan, they were shown in the Installed software section.
CSAM+GAV-UI The open ports result was not shown for large asset groups when trying to find the open ports by running a QQL using the tag name. This issue is fixed. 
CSAM+GAV-UI The issue regarding incorrect results being displayed for software QQL with greater than or less than operators is fixed.
CSAM+GAV-UI The issue regarding the Last seen details (date/time) discrepancy from the asset details page from CSAM compared to other modules is fixed.
CSAM+GAV-UI The issue related to the "Application Crashed" error while accessing the agent by software version widget from the dashboard is fixed.
CSAM+GAV-API When the same QQL was used to view the asset inventory from the inventory page within a few hours, the count fluctuated, though no assets were purged or new assets were discovered.
CSAM+GAV-UI The documentation is updated to mention that you can change the criticality score from tags from CSAM UI and API.
CSAM+GAV-UI The documentation is updated to clarify Nested Queries While using the nested QQL queries using the 'not' operator and multiple values in [].