Release 2.17.0.0
March 04, 2024
What's New?
|
|
CyberSecurity Asset Management |
Multiple EASM Profile Creation
Before this release, it was possible to create only one EASM profile for your subscription. With this release, you can create multiple EASM profiles for your subscription.
The multiple EASM profile creation feature is exposed to limited customers. It’s in early preview and available on a request basis. Contact support for more information.
Benefits
- Enables you to control the external attack surface of global organizations with distributed IT owners and support centers.
- Allows you to assess the external attack surfaces and security postures of potential Mergers & Acquisitions.
- Provides greater flexibility to administrators to manage profiles independently by creating, updating, and deleting profiles individually.
- When enabled for your subscription, the EASM Configuration screen shows the Account Type as Multi Profile.
- The Profile Created count is shown as X/Y, indicating the number of profiles created/maximum profiles you can create.
- The Add Profile button is disabled if you have consumed the maximum profile creation count granted.
The number of profiles that can be created is set per subscription based on the customer's requirement, up to a maximum of 20.
Actions You Can Perform from the EASM Profile Tile
- By clicking the
menu from the EASM profile tile, you can edit, activate, deactivate, and delete the EASM profile and generate EASM reports on data for that profile. These actions can be limited via role-based access controls in the Administration application. - By clicking the assets count, you are navigated to the Inventory page, where you can see the summary of assets scanned or synced using that profile.
- By clicking the View
icon, you can view the EASM profile.
The following are the EASM multiple-profile capabilities in brief. For detailed information, refer to the EASM Multiple Profile section from the Online Help.
- After the profile creation is completed, you can choose to save the profile, or you can choose to save the profile as a default one.
- If you edit the existing profile but want to disregard the changes, you can choose to Reset the changes to default. The benefit of this option is your original profile is retained, and the changes made are not applied to it until you save the profile.
- You can see the dashboard showcasing consolidated data of all assets synced through all EASM profiles.
Qualys provides an External Attach Surface Dashboard template that you can use to see data from all profiles.
Example:
Enhancements to EASM Profile (Standard Account Type)
With this release, enhancements are made for a single EASM profile per subscription. As a result, you can view the EASM profile details at a glance. Also, you can complete the actions using the menu from the EASM profile tile.
- You can now see the EASM profile tile from the Configuration > EASM Configuration tab. The Account Type is mentioned as Standard, and your profile is renamed as EASM Default Profile, but you can edit the profile name. You can complete multiple actions from the EASM profile tile.
As highlighted in the screen capture, you can see the important and required details at a glance.
- After the profile editing is completed, you can choose to update the profile, or you can choose to save the profile as Default.
- An option is also provided to reset that profile to its default setting in case you want to undo your changes and revert to what was saved as a default.
Additional Vector to Extend TruRisk with CSAM Detection
With the earlier CSAM 2.16.1.0 release, CSAM extended the TruRisk by adding additional vectors, such as end-of-life & end-of-support (EoS) software, unauthorized software, unauthorized ports, and missing required software. For more information, see CSAM 2.16.1 UI RN.
With this CSAM 2.17.0.0 release, an additional risk vector, the End of Support Operating System, is introduced to extend the TruRisk with CSAM detections.
If the operating system is at the end of support or operating systems that will be End-of-support within the next 12 months are also scored for risk, such an operating system is now included in calculating the TruRisk.
When you go to the Security > TruRisk Score tab from the Asset Details page, you can see the End of Support tab, and you can now see the end-of-support operating system details along with the end-of-life and end-of-support software.
When you hover over the EOS lifecycle, you can get detailed information about the EOS operating system.
Additions and Updates to the Reporting Templates
A new Certificate Details report is introduced. You can create certificate reports, including certificates associated with Managed and Unmanaged assets discovered from Cloud Agent, IP, and EASM inventory sources.
Externally Exposed Asset Details report section changes:
- The Application Stack Details report template is renamed as EASM Software Details.
- The Certificates Details report is renamed as EASM Certificate Details, which contains Certificate information discovered by EASM.
|
|
CyberSecurity Asset Management and Global AssetView |
Certificates Discovered Through Various Inventory Sources
Qualys Certificate View application provides a comprehensive view of all the SSL/TLS certificates across your enterprise and cloud-hosted managed assets. With this release, CSAM integrates with the Qualys Certificate View application, allowing you to view certificates from the Qualys Certificate View application. Moreover, CSAM also enables you to view certificates for unmanaged assets.
A new tab, Certificates, is added under the Inventory tab. From this tab, you can see certificates for managed and unmanaged assets discovered from Cloud Agent, IP, and EASM inventory sources.
- When you toggle to CSAM, you can view certificate details for assets discovered from Cloud Agent, IP, and EASM discovery sources.
- When you toggle to EASM, you can see certificate details for assets discovered only from the EASM discovery source. For more information, refer to View Certificates and View Certificate Details.
- You can see the tiles that show the count of Expired, Expiring, Low Grade, and Qualys Renewable certificates.
- You can see the details of certificates, such as organization, name of the issuer, algorithm, sources, and so on.
You can click the respective certificate, and from the Certificate Details, you can get the detailed certificate information.
Installation Path and Last Use Date Details for Windows Cloud Agent Assets
For Windows Cloud Agent assets, you can now see the Installation Path and the Last Use Date details for the software from the Inventory > Installed Software tab on the Asset Details page.
Prerequisites
- Windows Cloud Agent version 5.5
- The prefetch file from the Cloud Agent
Before this release, in the case of Windows Cloud Agent assets, the Installation Path and the Last Use Date details were not shown for most assets. This data is now shown for almost all assets.
The coverage or the number of software detected is now substantially increased with the help of the Windows prefetch file. If the product name and software version details from the prefetch file match the corresponding software name and version identified during the Cloud Agent scan, then the software's Installation Path and the Last Use Date details are shown.
Security enhancement for Tag scoping
With this release, the Show Tags in the User Scope checkbox is added to the Select Tags page under the All Tags tab. This enhancement will be available after the RX 2.28.0 release.
This implementation ensures that the non-manager users, such as sub-users, can access only those assets the Manager role has explicitly granted.
Tag-specific Permissions to Sub-Users
- Sub-users cannot create a child tag for a tag added to its scope.
- Sub-users do not require edit permission to edit a tag they created. However, delete permission is necessary to delete the tag.
- When the Show Tags in User Scope check box is selected, the tags in your scope are listed.
- When the Show Tags in User Scope check box is cleared, you can see all tags in the subscription. The tags that are outside your scope are shown with a lock symbol.
Discovery Sources Details for Installed Software and Open Ports
With this release, you can now see the discovery sources for software and open ports from the Asset Details page.
Go to the Inventory > Installed Software tab from the Asset Details page. You can see two tabs, Application and Other. Click the software from the Application tab, and you can see the discovery sources from which the software was discovered.
Before this release, the EASM detected application stack and open ports details were displayed only under the Open Ports and Application Stack tabs under the External Attack Surface section of Asset Details. With this release, all the EASM discovered software and open ports are also listed under the Open Ports and Installed Software sections of Asset Details.
Go to the Inventory > Open Ports tab and click the port listed under the Port column. You can see the discovery sources from which the open ports are discovered.
If multiple discovery sources discover the software and open ports, all the discovery sources are shown as a comma-separated list.
New Tokens
Refer to the following tables to learn more about the tokens added for CSAM.
| Token Name | Description | Tab |
| operatingSystem.lifecycle.detectionScore | Find the operating systems based on the specified lifecycle detection score. | Inventory, Dashboard, and Rules |
| missingSoftware.detectionScore | Find the software based on the specified missing software detection score. | Inventory, Dashboard, and Rules. |
| software:(authorizationDetectionScore | Find the installations of the software product with the QDS you're looking for. |
Tags tag creation wizard (Dynamic tag > Asset Inventory rule). |
| software:(lifecycle.detectionScore | Find the software based on the specified lifecycle detection score | |
software:(authorization |
Find the installations of the software product based on the specified authorization. Examples: Authorized, Unauthorized, or Needs Review. |
Tags tag creation wizard (Dynamic tag > Asset Inventory rule). |
| openPorts:(authorization | Find the ports based on the specified authorization. Examples: Authorized, Unauthorized, or Needs Review to filter the ports. |
Tags tag creation wizard (Dynamic tag > Asset Inventory rule). |
Refer to the following tables to learn more about the tokens added for CSAM and GAV.
| Token Name | Description |
| asset:(name | Find certificates for the specified asset name. |
| asset:(interfaces.hostname | Find certificates for the specified interface hostname. |
| asset:(interfaces.address | Find the certificate details for the specified host IP address. |
| asset:(netbiosName | Find the certificate details for the specified host NetBios name. |
| asset:(operatingSystem | Find certificates for the specified operating system. |
| asset:(tags.name | Find certificates for the specified tag name. |
| certificate:(approved | Find certificates from approved CAs. Supported values are true and false. |
| certificate:(dn | Find certificates that have the specified subject identifier in the certificate subject distinguished name (DN). |
| certificate:(certhash | Find certificates for the specified certificate fingerprint. |
| certificate:(issuer.country | Find certificates that have the specified country mentioned in the issuer distinguished name. |
| certificate:(issuer.organization | Find certificates that have the specified organization mentioned in the issuer distinguished name. |
| certificate:(issuer.name | Find certificates with the specified name of the issuing certificate authority. |
| certificate:(issuer.organizationUnit | Find certificates that have the organization unit mentioned in the issuer distinguished name. |
| certificate:(issuerCategory | Find certificate for the specified category of certificate. |
| certificate:(keySize | Find certificates for the specified key length of a certificate. |
| certificate:(subject.country | Find certificates for specified country mentioned in the subject distinguished name. |
| certificate:(subject.organization | Find certificates for the organization mentioned in the subject distinguished name. |
| certificate:(subject.name | Find certificates with the specified subject name. |
| certificate:(subject.locality | Find certificates with the specified locality mentioned in the subject distinguished name. |
| certificate:(subject.state | Find certificates with the specified state mentioned in the subject distinguished name. |
| certificate:(subjectAlternativeNames.dnsName | Find certificates with the specified DNS Name in Certificate Subject Alternate Name (SAN). |
| certificate:(subjectAlternativeNames.ipAddress | Find certificates that have the specified IP address in Certificate SAN. |
| certificate:(validFrom | Find certificats for the specified validation date. You can specify the range or specific date. |
| certificate:(validTo | Find certificates that are valid up to the specified date. You can specify the range or specific date. |
| certificate:(validity | Find certificats that are valid based on the validity period you specified. For example, you can find certificates that are valid for 100 days, certificates that are valied for an year, and so on. |
| certificate:(serialNumber | Find certificates with the specified serial number. |
| certificate:(expiryGroup | Find the certificates from one of the groups you specified. The categories are Expired, In 30 Days, In 60 Days, In 90 Days. |
| certificate:(isRenewable | Find the certificates that are renewable. The supported values are true and false. |
| certificate:(selfSigned | Find the certificates that are self signed. |
| instance:(cipherSuites.value | Find the certificates with the specified cipher suit enabled in the SSL/TLS instance. |
| instance:(fqdn | Find the certificates with the specified host FQDN. |
| instance:(grade | Find certificates with the specified Certificate Grade. |
| instance:(port | Find certificates with the specified listening port open. |
| instance:(service | Find the certificates with the specified service. |
| instance:(sources | Find the certificates for assets that are scanned with the specified source. |
| instance:(sslProtocols | Find the certificates for assets with the specified SSL/TLS protocol enabled. |
| instance:(vulns.severity | Find the certificates for assets with the specified vulnerability severity. |
| instance:(vulns.title | Find the certificates for assets with the specified vulnerability title. |
| asset:(assetID | Find the certificates for the specified asset Id. |
| asset:(created | Find the certificates for the specified asset creation date. |
| asset:(lastUpdated | Find the certificates for assets that are last updated on the specified date. |
| asset:(criticalityScore | Find the cetificates for assets with the specified criticality score. |
| asset:(riskScore | Find the certificates for assets with the specified risk score. |
| asset:(activatedForModules | Find the certificates for assets that are activated for the specified modules. |
| asset:(org.name | Find the certificates for assets with the specified organization name. |
| asset:(isp | Find the certificates for assets with the specified ISP. |
| asset:(domain | Find the certificats for assets with the specified domain. |
| asset:(subdomain | Find the certificats for assets with the specified asset subdomain. |
| asset:(supportGroup | Find the certificates for assets with the specified support group. |
| asset:(businessApp.name | Find the certificates for assets with the specified business application name. |
| asset:(businessApp.businessCriticality | Find the certificates for assets with the specified business application business criticality. |
| asset:(businessApp.supportGroup: | Find the certificates for assets with the specified business support group. |
| asset:(operatingSystem.category1 | Find the certificates for assets with the specified operating system category 1. |
| asset:(operatingSystem.category2 | Find the certificates for assets with the specified operating system category 2. |
| asset:(hardware.category1 | Find the certificates for assets with the specified hardware category 1. |
| asset:(hardware.category2 | Find the certificates for assets with the specified hardware category 2. |
| asset:(provider | Find the certificates for assets with the specified provider. |
| asset:(inventory.source | Find the certificates for assets with the specified inventory source. |
| asset:(inventory.created | Find the certificates for assets with the specified inventory created date. |
| asset:(inventory.lastUpdated | Find the certificates for assets with the specified inventory last updated date. |
| Token Name | Description | Tab |
| inventory:(created | Find assets based on the specified inventory created date. | Inventory, Dashboard, and Rules. |
| inventory:(lastUpdated | Find assets based on the specified inventory updated date. | Inventory, Dashboard, and Rules. |
| openPorts:(discoverySources | Find open ports based on the specified discovery sources. | Inventory and Dashboard |
| software:(discoverySources | Find software based on the specified discovery sources. | Inventory and Dashboard |
Issues Addressed
The following reported and notable customer issues have been fixed in this release.
| Component/Category | Description |
| CSAM+GAV-UI | The issue regarding the AWS assets status discrepancy is fixed. |
| CSAM+GAV-UI | The issue was observed in the case of assets running in AWS or Azure but discovered by cloud agents. The AWS or Azure was also shown as one of the sources under the Sources column on the Asset Inventory page. This issue is now fixed. |
| CSAM+GAV-UI | The following issues observed in the case of open ports report are fixed. The report was not completed, and no error was shown. Also, the report status was shown as generated, but the user could not download the report. |
| CSAM+GAV-API | Though the asset was successfully created from the Webhook API, the asset details page for the respective asset couldn't open from the CSAM UI, and an error mentioned "Failed to load Asset Details" was shown. |
| CSAM+GAV-UI | A discrepancy in the Internet Facing Asset count shown on the EASM Summary Report and Asset Inventory page is fixed. |
| CSAM+GAV-UI | The issue was observed where the CSAM application crashed when the user navigated from the EASM inventory to the Web Applications tab by selecting the Group by option, which was not available on the Web Applications tab. |
| CSAM+GAV-UI | The issue regarding generating the inventory download report using the QQL query with the "and" operator in between is fixed. |
| CSAM+GAV-API | The issue regarding the last boot information not being shown on the Asset Details page for the specific format is now fixed. |
| CSAM+GAV-UI | The page division from the software catalog shows a blank results view is fixed. |
| CSAM+GAV-UI | The issue regarding the Remove All in EASM Configuration Profile not working as expected is fixed. After clicking Remove All, the profile will be deleted, and you will be redirected to the Configure EASM Profile page. For the Standard Account, when the profile is created for the first time, you will see the default EASM configuration in an editable mode. For a Multi Profile account, after clicking Remove All, the profiles will be deleted, and then you can click Add Profile to create a new profile. |
| CSAM+GAV-UI | The issue regarding incorrect hardware data getting displayed for many cloud agent assets is fixed. |
| CSAM+GAV-UI | The issue was fixed where, in the case of GAV, when the last 30 days filter was selected, assets beyond 30 days were displayed. |
| CSAM+GAV-UI | The issue is fixed wherein, despite the software not being detected in the subsequent scan, they were shown in the Installed software section. |
| CSAM+GAV-UI | The open ports result was not shown for large asset groups when trying to find the open ports by running a QQL using the tag name. This issue is fixed. |
| CSAM+GAV-UI | The issue regarding incorrect results being displayed for software QQL with greater than or less than operators is fixed. |
| CSAM+GAV-UI | The issue regarding the Last seen details (date/time) discrepancy from the asset details page from CSAM compared to other modules is fixed. |
| CSAM+GAV-UI | The issue related to the "Application Crashed" error while accessing the agent by software version widget from the dashboard is fixed. |
| CSAM+GAV-API | When the same QQL was used to view the asset inventory from the inventory page within a few hours, the count fluctuated, though no assets were purged or new assets were discovered. |
| CSAM+GAV-UI | The documentation is updated to mention that you can change the criticality score from tags from CSAM UI and API. |
| CSAM+GAV-UI | The documentation is updated to clarify Nested Queries While using the nested QQL queries using the 'not' operator and multiple values in []. |