Release 3.1.0.0

August 05, 2024 (Updated on August 30, 2024)

What's New?

CyberSecurity Asset Management

The following are the new features available with the CSAM subscription.

Visibility to Attribution Confidence Score Logs

Before this release, you could see the High, Medium, and Low attribution confidence scores on the CSAM UI for assets discovered through an EASM discovery. With this release, you can now see the attribution confidence score log on the CSAM UI.

The attribution confidence score facilitates understanding which assets belong to your organization or domain because it clearly distinguishes between the true and false positives encountered in some situations of EASM discoveries.

The attribution score logs include the rules and the execution details based on which the attribution score is marked as High, Medium, or Low.

When you view the asset details of an EASM asset, you can see the Attribution Confidence from the External Attack Surface tab. You can see the attribution confidence score logs upon clicking the Confidence category, which is High, Medium, or Low. For more information, refer to the Online Help.

Attribution Confidence Score Logs.

Simple List Support for CSAM and EASM Dashboard Widget

Before this release, only Grouped and Multi-Grouped options were available for a Table type for CSAM and EASM widgets. With this release, we introduced a Simple List option. You can create the CSAM and EASM widgets in a Simple List format.

You can create widgets to obtain the required assets, software, ports, and vulnerability details in a list format. The following screen captures show the widget creation to acquire the required asset details.

Create Widget step 1.

Apart from normal widget creation options, you can select to view a list of top 10, 25, or 50 records.

Widget Creation Step 2.

If you click any records from the widget added to the dashboard, you are navigated to the respective CSAM tab.

Widget creation step 3.

Provision to Edit the Existing On-demand Reports

With this release, you can edit the existing on-demand reports. When you go to the Reports tab, you can see the newly introduced option, Edit and Run Now, from the Quick Actions menu.

edit and run now option.

The Edit and Run Now option is not greyed out or available for usage only if you have Edit access and have created the report you want to edit.

The Edit and Run Now option is grayed out or unavailable to use for the following conditions:

The report type is Scheduled.
The report template type is Interactive Report Details.
The other report statuses except FAILED, INCOMPLETE, and COMPLETED.

You can edit the report schedule from the Schedules tab if you have Edit access. However, you can do that only for the reports you created that are in the Active or Pause state.

Edit Schedules.

EASM Vulnerability Details Report Enhancements

With this release, the EASM Vulnerability Details report is enhanced by introducing the CVE and QID options. When you select CVE, the report includes the CVE details for the QIDs. Additionally, a new section, Vulnerability Information, is introduced.

EASM Vulnerability Details.

You can select the CVE or QID, expand the Vulnerability Information and Host Information sections, and select the required checkboxes to include the respective columns in your report.

Example: CVE option selected

Host Information and Vulnerability Information checkboxes.

Host Information Section Changes

The following new checkboxes are added: Org/Subsidiary, ISP, ASN, Resolved Domain, Primary Domain, Subdomain, First Discovery Date, Last Discovery Date, First EASM Scan Date, and Last EASM Scan Date.
The sequence of the existing checkboxes is shuffled.
The following checkboxes are removed from the Host Information Section: QID, Title, Severity, Last Detected, Protocol, Port, Results, QDS Severity, Operating System, Threat, and First Detected.

Host Information before and after.

API Enhancement

You can use the newly introduced API to get the list of unresolved domains discovered by EASM. Earlier, this support was available only through the CSAM UI. For more information, see CSAM 3.1.0.0 API Release Notes.

QQL Tokens (New or Enhanced)

Refer to the following table to learn more about new or enhanced tokens for CSAM.

The following new tokens are available from the Inventory > Assets tab.

Token	Description
sensors.firstEasmVmScanDate	Use this QQL token to find instances based on the first EASM VM scan date. You can specify a date range or specific date.
sensors.lastEasmVmScanDate	Use this QQL token to find instances based on the last EASM VM scan date. You can specify a date range or specific date.

The instance:(lastEasmScanDateQQL token has been renamed to the instance:(lastEasmVmScanDate. This QQL token is available from the Inventory > Certificates tab.

CyberSecurity Asset Management and Global AssetView

The following are the new features available with the CSAM and GAV subscriptions.

Enhancements to Agent Provisioning Rule

The Agent Provisioning Rule has been renamed as Agent Provisioning Rules. As the name suggests, you can edit and create a set of Agent Provisioning Rules by defining multiple conditions and selecting the required identification attributes. The rules run sequentially, and the assets are merged based on the match found.

Agent Provisioning Rules.

We also introduced conflict resolution when multiple matches are found with the final condition. When the Apply default rule checkbox is selected, the following criteria are considered for conflict resolution, enabling the assets to merge: The most recent update, the trustworthiness of its source, and the pre-defined weightage on the same asset identified by other conditions.

Edit Agent Provisioning Rules.

Visibility to CPE Details for Operating System, Hardware, and Software

You can now view the CPE details for the Operating System, Hardware, and Software from the System Information and Installed Software tabs on the Asset Details page.

cpe details - System Information tab.

Important to Know!

If the CPE values for the matching Operating Systems, Hardware, and Software are available in our catalog, the CPE details are shown. Otherwise, they are not shown.
If the current CPE value is not available, only for the Operating Systems and Software, the previous and next CPE information is visible after hovering over the info text icon.

cpe details on the Installed Software tab.

QQL Tokens (New or Enhanced)

Refer to the following table to learn about new or enhanced tokens for CSAM and GAV.

The following tokens are available from the tag creation wizard (Dynamic tag > Asset Inventory rule).

Token	Description
software:(discoverySources	Use this QQL token to find software detected from a specific discovery source. (Active Directory, BMC Helix, CMDB, Cloud Agent, EASM, ICS OCA, IP Scanner, OCA, Passive Sensor, ServiceNow, Unknown, and Webhook).
openPorts:(discoverySources	Use this QQL token to find open ports detected from a specific discovery source. (Active Directory, BMC Helix, CMDB, Cloud Agent, EASM, ICS OCA, IP Scanner, OCA, Passive Sensor, ServiceNow, Unknown, and Webhook).

Issues Addressed

The following reported and notable customer issues have been fixed in this release.

Component/Category	Description
CSAM+GAV - Inventory Report Download	We have fixed the issue where, in the report downloaded from the Inventory tab, no data was shown in the "Inventory Created On" and "Inventory Last Updated On" columns.
CSAM+GAV - Alerting	We have fixed the issue where, at times, the email alerts were not sent to the users when the rules were created with some specific rule queries.
CSAM+GAV - Dashboard	We have fixed the discrepancy between the count shown on the widget and the Inventory tab (for EASM) for some of the widgets from the pre-built External Attack Surface Management(v2) dashboard. Also, we fixed the issue wherein when the user navigated from the widget to the Inventory tab (for EASM), the QQL created for the widget was not shown on the Inventory tab.
CSAM+GAV - Reporting	We have fixed the issue observed in the case of a GAV user. While creating the report for Installed Software from the Asset Details page, the user was navigated to CSAM despite not having the CSAM subscription. Also, the report generation wasn't successful.
CSAM+GAV - Asset Mapper	We have fixed the issue where the complete hardware name was not shown from the Asset Summary tab on the Asset Details page.
CSAM+GAV - Asset Mapper	We fixed the issue, wherein while the QQL query was entered to find the instances with Cisco hardware, the instances with non-Cisco hardware were also shown in the QQL query result.
CSAM+GAV - Asset Mapper	We fixed the issue where the QIDs were not identified as ignored through the remediation policy for some of the assets.
CSAM+GAV - Asset Mapper	We fixed the issue where, after running scans on the Cisco Network assets that show the detection of QID, the asset serial number information for some of the assets was not shown.
CSAM+GAV - Asset Mapper	Like the CSAM Full subscription, custom attribute support is now available for the CSAM trial subscription.