Release 2.17.1.0

March 28, 2024

What's New?

CyberSecurity Asset Management

Attribution Confidence Score

With this release, we introduced a new score, "Attribution Confidence", for assets discovered through an EASM discovery. The possible values are High, Medium, and Low. With this score, you can now understand which assets belong to your organization or domain because you get a clear distinction between the true and false positives encountered in some situations of EASM discoveries.

The "Attribution Confidence" score indicates confidence in the asset’s attribution to your organization. The "Attribution Confidence" score is based on the correlation of multiple data facets retrieved from the different sources queried during EASM discovery.

When the "Attribution Confidence" score is high, the asset belongs to your organization or domain, but when it's Low, it's not straightforward to infer if the asset belongs to your organization or domain. For more information, refer to the Online Help.

As shown in the following screen capture, you can use the "Attribution Confidence" search criterion to find the assets based on high, medium, and low "Attribution Confidence".

Search Criterion - Attribution Confidence.

You can see the Attribution Confidence score from the External Attack Surface tab on the Asset details page.

Attribution Confidence score from the External Attack Surface tab.

Unresolved Domain Details

Before this release, you could see the details of resolved domains discovered by EASM. However, as the unresolved domains discovered by EASM are not mapped with IP addresses, those details were unavailable on the UI then.

With this release, we introduced a new Domains tab that lets you view the EASM discovered resolved and unresolved domains and subdomain details in one place. These details include Registrar, Registrant Org, and Registrant Email ID.

These are the domains and subdomains that are known but not used. With the help of the unresolved domain and subdomain details, you can decide on the candidates for domain takeover. For more information, refer to the Online Help.

unresolved domain details.

resolved domain details.

Enhancements to the External Attack Surface tab

The External Attack Surface tab is enhanced, which enables you to view the software and open ports with the discovery source EASM. If the software or open ports are discovered through multiple sources along with EASM, they are listed under the Software and Open Ports tabs. Also, the following enhancements are made to the Open Ports and Software tabs:

Enhancements to the Software tab

Go to the Security > External Attack Surface tab from the Asset Details page. The Application Stack tab has been renamed to the Software tab. When you go to the Software > Applications tab, you can see software discovered by EASM. You can now click the software and see the discovery source details. EASM and another discovery source may detect the software. In that case, both are shown as a comma-separated list.
You can use the search facility to find the software based on the criteria you entered. Also, you can download the software details.

Enhancements to the Open Ports tab

Go to the Security > External Attack Surface tab from the Asset Details page. You can see open ports discovered by EASM from the Open Ports tab. You can click the open port and see the discovery source details. EASM and another discovery source may detect the open port. In that case, both are shown as a comma-separated list.
You can use the search facility to find the open ports based on the criteria you enter, such as port, protocol, or detected service. Also, you can download the open port details.

Installation Path and Last Use Date Details for Windows Cloud Agent Assets

Before this release, you could see the Installation Path and the Last Use Date details for Windows Cloud Agent assets for the installed software. As shown in the following screen capture, you can view these details from the "Asset Details" page from Inventory > Installed Software > Application tab. For more information, refer to the CSAM 2.17.0.0 UI RN.

With this release, you can also view the Installation Path and the Last Use Date details for the software displayed upon clicking the Other tab.

Prerequisites

Windows Cloud Agent version 5.5
The prefetch file from the Cloud Agent

Installed Softare tab from the Asset Details page.

Installation Path and Discovery Sources Details.

New Token

Token	Description
software:product	Similar to CSAM, you can now use this QQL token from the Global AssetView (GAV) tag creation wizard (Dynamic tag > Asset Inventory rule). Use this QQL token to find the details of the required software product. Examples: software:(product:Office) software:(product:"Chrome")

Issues Addressed

See the summary of customer CRMs fixed in this release.

Component/Category	Description
CSAM+GAV-API	We fixed the issue where the last location and TruRisk section details were not accurate.
CSAM+GAV-UI	We fixed the issue of the uninstall job failing for the customer for whom the uninstall feature support was enabled.
CSAM+GAV-UI	We fixed the issue where, for assets with only the custom attribute key, not the value, the latest events were not getting forwarded, and as a result, the backlog of PC agent scans was not completed.
CSAM+GAV-UI	We have fixed the issue where the reports downloaded from the Inventory > Assets tab show multiple blank columns, such as Inventory Source, Inventory Created On, and Inventory Last Updated On.
CSAM+GAV-UI	We fixed the issue where, despite having all the required permissions, the non-manager users could not see the details from the External Attack Surface tab on the asset details page.
CSAM+GAV-UI	We fixed the issue where the user with tag-based scoping could see out-of-scope assets that were not present in the tags.
CSAM+GAV-UI	We fixed the issue where if the existing purge rule name includes a "/"special character, a 404 error was shown while downloading the execution report for that purge rule.