Release 3.3.0.0

December 04, 2024

What's New?

CyberSecurity Asset Management

The following are the new features available with the CSAM subscription.

Typosquatted Domains

You can now view the typosquatted or look-a-like domains for the domain and organization seed values you provide while creating or editing your EASM Profile.

 The prerequisite to get the typosquatted domain inventory is the EASM Profile Level Changes. 

With the help of the typosquatted domain details, organizations can take proactive measures to protect their brands and domain names.

You can view the typosquatted domains when you turn on the EASM toggle and then navigate to Inventory > Domains > Typosquatted Domains tab. As shown in the following screenshot, you can also exclude the defamatory domains from the typosqatted domains inventory by selecting the Defamatory checkbox. For more information, refer to the Online Help. 

EASM Profile Level Changes to Get the Typosquatted Domain Details

To get the typosquatted domains in the inventory, you must turn on the Typosqatted Domains Discovery toggle while creating or editing the EASM profile. Also, if you want to view the defamatory domains, you need to clear the Exclude Defamatory Domains checkbox. You get the typosqauatted domain data after the EASM discovery. For more information, refer to the Online Help. 

Example: Edit EASM Profile

Additionally, you can add the Typosqatted domains widget to your dashboard, which makes the data handy and helps you make informed decisions. For more information, refer to the Online Help.

Typosqatted Domains Report

We introduced the Typosquatted Domains report under the Externally Exposed Asset Details Reports. You can select the typosquatted domain details you want to include in the report, and the report download format is CSV.

Purge EASM Assets

You can purge individual or multiple managed and unmanaged assets discovered by the EASM inventory source from the Inventory > Assets tab.

Purge an Individual EASM Asset

Purge Multiple EASM Assets

Important to Know!

• When you choose to purge the assets with the CSAM toggle turned on, the assets and associated asset data are removed from your account after purging.
• When you purge the assets with the EASM toggle turned on, you can choose to exclude the IP addresses from all the EASM profiles.

Moreover, with the newly introduced Add EASM Based Criteria to the purge rule creation workflow, you can also purge the EASM assets by creating the asset purge rule. For more information, refer to the Online Help. 

EASM Purge Rule Setting on EASM Profile Configuration Page

A new optional setting, the EASM Purge Rule, has been added to the EASM Profile page. This setting enables you to automate the purging of assets that are not discovered in the EASM discovery.

To accomplish it, you need to:

• Turn on the EASM Purge Rule toggle.
• Specify the count of EASM discoveries that should be run before purging the assets that are not discovered in those EASM discoveries. The supported range for this count is 0-10, and the default EASM discovery count is 3.

Example: If you provide this count as 4 and the asset is not discovered through 4 EASM discoveries, it gets deleted from the CSAM account.

See the following snippet of the EASM Profile page that highlights the EASM Purge Rule optional setting. 

EASM Bulk Exclusion Limit Removed

Before this release, you were allowed to add a maximum of 250 domains in the exclude filter of the EASM profile. With this release, this limit has been removed, and you can add as many domains as you want to the exclude filter.

Exclude CDN assets from EASM Lightweight Scan

You can now exclude the CDN assets from the EASM Lightweight Scan. A new checkbox, Exclude CDN Assets, has been added under the Optional Settings on the EASM profile page. By default, this checkbox is selected, which means that the CDN assets get excluded from the EASM Lightweight Scan. Upon clearing this checkbox, the CDN assets get included in the EASM Lightweight Scan. 

Refer to the following snippet of the EASM Profile page that highlights the Exclude CDN Assets optional setting.

FedRAMP Report Enhancements

The FedRAMP report has been enhanced. The following screenshots show the changes made to the Software Information and Host Information sections on the Report Display page.

Changes to the Software Information SectionChanges to the Software Information Section

Changes to the Host Information SectionChanges to the Host Information Section

With CSAM 3.3.0.0: FedRAMP Report Software Information and Host Information sections

Before CSAM 3.3.0.0: FedRAMP Report Software Information and Host Information sections 

New API - Download Reports

Before this release, you could download the report only using the CSAM UI. However, with this release, you can now download the reports with the COMPLETED status using the newly introduced Download Reports API. For more information, refer to the CSAM 3.3.0.0 API Release Notes.

CyberSecurity Asset Management and Global AssetView

The following are the new features available with the CSAM and GAV subscriptions.

Software Components Detected Through Snapshot Scan

You can now view the software components detected through Snapshot Scan (Snapshot SwCA Scan). You can find the assets discovered through the Snapshot Based Scan by selecting the inventory source as Snapshot Based Scan. 

When you go to the respective asset's Asset Details page, you can view the software components and vulnerability details on the Software Composition Analysis (SCA) tab.

You can view components on the Installed Software tab.

You can view the asset discovery method on the Summary tab.

Enhanced Multiple Asset Activation Limit 

With this release, the maximum asset activation limit for activating multiple assets through a single asset activation request has been increased from 1000 to 10000. For more information, refer to the Online Help. 

New QQL Tokens

Refer to the following table to learn more about new QQL tokens for CSAM. 

Token	Tab	Description
scan:(type	Inventory>Assets Reports Dashboard	Find assets from a certain scan type. The supported values are: API Based Scan, Azure VM Scan, Cloud Agent Deep Scan, Cloud Agent PC Scan, Cloud Agent SwCA Scan, Cloud Agent VM Scan, Cloud Perimeter Scan, EC2 VM Scan, GCP VM Scan, ML Authentication VM Scan, ML VM Scan, Snapshot Based Scan, Snapshot Based SwCA Scan, and Unknown Scan.
scan:(firstScanDate	Inventory>Assets Reports Dashboard	Find assets based on their first scan date.
scan:(lastScanDate	Inventory>Assets Reports Dashboard	Find assets based on their last scan date.
whoIs:(registrantCountry	Inventory> Domains>Typosquatted Domains Dashboard	Find EASM assets using the Registrant Country.
whoIs:(expirationDate	Inventory> Domains>Typosquatted Domains Dashboard	Find all the assets with the specified whoIs expiration date.
permutation.category	Inventory> Domains>Typosquatted Domains Dashboard	Find the typosquatted domains with the specified permutation category.
permutation.name	Inventory> Domains>Typosquatted Domains Dashboard	Find the typosquatted domains with the specified permutation name.
permutation.types	Inventory> Domains>Typosquatted Domains Dashboard	Find the typosquatted domains with the specified permutation type.

Refer to the following table to learn more about new QQL tokens for CSAM and GAV

Token	Tab	Description
caps.dnsSuffix	Inventory>Assets Reports Dashboard	Find assets that are scanned by CAPS with the specified DNS Suffix.

Refer to the following table to learn more about the QQL tokens that are updated for CSAM and GAV

Token	Tab	Description
inventory:(source	Inventory>Assets Reports Dashboard	The API Based Scan source has been added to this QQL token.

Issues Addressed

The following reported and notable customer issues have been fixed in this release.

Component/Category	Description
CSAM+GAV - Asset Mapper	Description
CSAM+GAV - Asset Mapper	Description
CSAM+GAV - Asset Mapper	Description