Release 3.2.0.0

October 03, 2024

What's New?

CyberSecurity Asset Management

The following are the new features available with the CSAM subscription.

EASM Configuration Profile Enhancements

The following enhancements are made to the EASM configuration profile:

Provision to Import or Export the EASM Profile Configuration to JSON File
Autocomplete Suggestions for Organization and Domain/Subdomain Seeds
Vertical Enumeration for EASM Discovery

Provision to Import or Export the EASM Profile Configuration to JSON File

You can now import and export the existing EASM profile configuration to a JSON file, which also includes the Include and Exclude seed data. This enhancement expedites the EASM profile configuration process and is convenient from a storage and sharing perspective.

The maximum JSON file size supported is <= 10 MB.

Import an existing EASM Profile Configuration from a JSON file

You can import the EASM configuration from a JSON by clicking Import from the Manage Configurations page. After you import the EASM profile configuration, you can make further changes to the imported EASM profile.

Import EASM Profile Configuration from JSON file.

Export the EASM Profile Configuration to a JSON file

You can export the existing EASM configuration to a JSON file by selecting the Export EASM Configuration option from the menu on the EASM profile tile. Later, you can use the exported JSON file to create another EASM profile.

Export EASM Profile Configuration to JSON file.

You can also export the EASM profile configuration from the View EASM Profile page.

Export EASM Profile Configuration from the View EASM Profile Page.

Autocomplete Suggestions for Organization and Domain/Subdomain Seeds

We introduced the functionality to search and autocomplete the values entered in Organization, Domain/Subdomain seeds while creating the EASM profile.

When you type the first three characters in the value field next to the Organization or Domain/Subdomain seed, the top 5 matching suggestions are auto-populated. As a result, you can configure the EASM profile quickly.

Search and Autocomplete functionality.

Vertical Enumeration for EASM Discovery

Before this release, you could only add the primary domain to the Include filter. With this release, you can add a subdomain to the Include filter. With Vertical Enumeration, you can find the sibling subdomains of the subdomains you add to the Include filter.

Upon entering the subdomain and selecting the Vertical Enumeration checkbox, the primary domain for the subdomain is also identified.

Suppose you enter the subdomain and don't select the Vertical Enumeration checkbox: The validation is not done after you click Check Catalog, and the status will not be shown as Validated.
Suppose you enter the subdomain and select the Vertical Enumeration checkbox: The validation is done only if the primary domain of the subdomain you entered is available in the catalog. If so, the status will be shown as Validated when you click Check Catalog.

Search and Autocomplete functionality.

Exclude Assets from Inventory

With this release, you can exclude assets from multiple EASM configuration profiles without triggering the EASM discovery. You can also exclude private IPs.

When you exclude assets from the Inventory page, assets are removed or excluded from the selected EASM configuration profiles without triggering an EASM discovery update.

Earlier, in the case of a single EASM configuration profile, after selecting assets for exclusion, you were redirected to the Edit EASM Configuration page. With this release, this redirection is no longer required.

You can exclude a maximum of 10 K assets through one IP exclusion action. While excluding multiple assets through one IP exclusion action, if the exclusion limit is exceeded, only the 10 K assets are excluded, and you can exclude the remaining assets through another asset exclusion action.

Exclude an Individual Asset Exclude an individual asset.

Exclude multiple Assets Exclude multiple assets.

Time Filter Selection While Creating Technology Debt Report

We have introduced a time filter selection for the Technology Debt report. While generating the Technology Debt Report from the Reports tab, you can select the required time filter option from the Time Filter Selection list.

Time Filter Selection - Create Technology Debt Report.

Example: The time filter option Last 30 Days, and the report schedule is selected as Schedule. The report includes the technology debt data for the last 30 days from your selected Start Date.

Report Schedule.

Enhanced External Attack Surface (v3) Dashboard

The following new tiles are introduced to the External Attack Surface (v3) dashboard:

CDN Assets: Shows the asset count with the CDN hosting category.
Expired Certs: Shows the expired certificates count.
Self Signed Certs: Shows the self-signed certificates count.
DNS Sinkholes: Shows assets tagged with the DNS SINKHOLE tag.
Unresolved DNS: Shows the count of unresolved domains
EASM Confidence High: Shows the count of assets with a High attribution confidence score.
EASM Confidence Medium: Shows the count of assets with a Medium attribution confidence score.
EASM Confidence Low: Shows the count of assets with a Low attribution confidence score.
External Vulnerabilities: Shows the count of vulnerabilities detected by the EASM lightweight scan.
Confirmed External Vulnerabilities: Shows the count of vulnerabilities with Confirmed type.
Potential External Vulnerabilities: Shows the count of vulnerabilities with Potential type.

EASM V3 dashboard.

Also, you can see the following pie chart widgets:

Unresolved Domain by Registrar: Shows the consolidated view of the unresolved domains based on whoIs.registrar.
Certificate Expiration: Shows the consolidated view of certificates based on the status of the certificates, such as expired certificates or certificates that will expire in 30, 60, or 90 days.

EASM V3 dashboard pie chart widgets.

API Enhancement

With this release, we have introduced a new Unresolved Domains Count API that fetches the total count of the unresolved domains. For more information, see CSAM 3.2.0.0 API Release Notes.

QQL Tokens (New or Enhanced)

Refer to the following table to learn more about new or enhanced tokens for CSAM.

Token Description

caps.leader

This new token is available from the Dashboard and Inventory > Assets tab.

Use this QQL token to find assets detected by the cap leader using the agent uuid you specify.

asset.riskScore

While creating dynamic tags, the asset.riskScore QQL token will now be visible to limited users. This is because this QQL is now deprecated and is in the withdrawal phase. Also, you cannot create tags using this token in combination with other QQL tokens.
Refer to the following example: asset.riskScore >500 and operatingSystem:"Windows".

There will be no impact on the existing tags created using the asset.riskScore QQL token.

CyberSecurity Asset Management and Global AssetView

The following are the new features available with the CSAM and GAV subscriptions.

Automated Technology Debt Report Enhancements

The following enhancements are made to the Automated Technology Debt Report that you can generate from the Dashboard tab.

Automated Tech Debt Report from Dashboard tab.

Provision to Select the Time Filter
Provision to Close the Generate Report Banner
Trending Widget in the Technology Debt Report

Provision to Select the Time Filter

You can now provide the time filter while generating the Technology Debt Report. It enables you to customize your Technology Debt report according to the time filter you provide. You can do it by selecting the required time filter from the Assets Last Discovered in list on the Technology Debt Report Generation page. Some examples of the available options are Today, Last 24 Hours, and Last 7 Days. You can also provide a specific range.

These selections are made as per the UTC time zone, and the time zone can't be changed.

Time filter introduced while generating the Tech Debt Report.

Provision to Close the Generate Report Banner

When Qualys introduces a new automated report, and you contact the Technical Account Manager (TAM) to enable you with this report generation, you can see the banner with the Generate Report option on the Dashboard tab.

With this release, we enhanced this banner so that you can choose to close it if you don't want to generate the report immediately. Before this release, there was no provision to close this banner.

Banner close.

After you close the banner, it is displayed again after 30 days. However, it is displayed again if Qualys introduces a new report within 30 days. Also, if you select the Don't show again checkbox, the banner is displayed only when a new report is introduced.

Banner closure warning.

If you close the banner, you can still generate the report from the Notifications menu.

Report Generation from the Notifications menu.

Trending Widget in the Technology Debt Report

The Technology Debt report PDF report now includes the trending widget for assets discovered in the last 30 days. The trending widget shows precalculated data for the 'Last 90 days trend for assets discovered over last 30 days'.

The trending widget is shown in the report only when the Super User generates the Technology report without including any tags.

Trending widget.

You can't see the trending widget on the report immediately after generating it, as the trending counts are collected according to the weekly pre-set schedule, and the weekly scheduled job might not have been triggered for execution. Also, you might see fewer points between 1 and 13 on the trending widget.

Agent Identification Log

With this release, you can now view the Agent Identification log for agents that are merged using the Agent Provisioning rules. To view the Agent Identification Log, click the Summary tab on the Asset Details page. Upon clicking the Identification Log link on the Cloud Agent tile, you can view the Agent Identification Log pop-up that shows the details mentioned earlier.

With the help of this log, you can understand the details such as:

The sequence of rules
The contributing identification attributes for those rules
The details of whether the match of the identification attributes is found or not. Examples: No Match Found, Many Matches Found, or Single Match Found.

Asset Identification Log.

Issues Addressed

The following reported and notable customer issues have been fixed in this release.

Component/Category	Description
CSAM+GAV - Asset Mapper	We fixed the issue of assets not reporting to the platform, although the latest checked-in date was shown on the UI.
CSAM+GAV - Asset Mapper	We fixed the issue where the Last System Boot information was not shown on the Asset Details > System Information tab.
CSAM+GAV - Asset Mapper	We fixed the issue where the BIOS Serial Number for Juniper OS was not displayed on the Asset Details > System Information tab.
CSAM+GAV - EASM Discovery	We fixed the issue of several unrelated assets discovered after the EASM scan, though the Subsidiaries Enumeration checkbox was cleared while creating the EASM configuration profile. Now, if the Horizontal Domain Enumeration and Subsidiaries Enumeration checkboxes are cleared, the assets from the subdomain enumeration are correctly discovered.
CSAM+GAV - EASM UI	We fixed the issue where, for a multiple EASM profile account, the EASM Summary Report generated for one profile contained the seed value information of a different profile.
CSAM+GAV - EASM Discovery	We fixed the issue where the EASM configuration profile-related data was not deleted upon the CSAM trial subscription expiration, and the account was moved to a Free account.
CSAM+GAV - EASM UI	We fixed the issue where, on the Vulnerabilities tab of EASM, using Lightweight Scan data, the Group By Last Fixed filter did not show the correct result.
CSAM+GAV - Dashboard	We have fixed the issue for the EASM dashboard template where the redirection did not work correctly upon clicking the count from the CSAM or EASM widgets. Now, with the introduction of the new External Attack Surface Management (v3) template, upon clicking the count on the widget that belongs to CSAM, you are redirected to the Inventory tab with the CSAM toggle selected. Upon clicking the count on the widget that belongs to EASM, you are redirected to the Inventory tab with the EASM toggle selected.
CSAM+GAV - Alerting	We fixed the issue where the alert notifications configured to notify the new asset on the third-party host were not getting sent.
CSAM+GAV - Asset Mapper	We fixed the issue where the lifecycle information was not correctly displayed on the Asset Details > System Information tab for some assets, like the OS and hardware details.
CSAM+GAV - Asset Mapper	We fixed the tags removal issue observed for some assets tagged based on Custom Attributes and Keys and Values defined on Assets.
CSAM+GAV-UI	We fixed the issue where the "synced inventory data" from the CSAM and GAV Home page was not updated despite scanning all the cloud agent assets.
CSAM+GAV-Feature Request	We fixed the issue where the Mac Address details were not displayed on the Asset Details > Network Information tab.
Shared - Portal	We fixed the data sorting issue that was not working as expected for vulnerabilities on the Software Composition Analysis tab of the Asset Details page. The sorting now works as expected for the QID and Detected Date columns.
AV - Azure	We fixed the discrepancy in asset counts on CSAM and Connector user interfaces for Azure connectors by updating dates filed in the asset index for every connector run.