Release 3.4.0.0

March 03, 2025

What's New?

CSAM pill.

CyberSecurity Asset Management

The following are the new features available with the CSAM subscription.

EASM Configuration Profile Enhancements

With this release, we made the following enhancements to the EASM Profile Configuration:

Import Seed Values in Bulk from CSV File While Configuring EASM Profile

Before this release, you could only manually provide the Include and Exclude seed values while creating or modifying the EASM profile configuration. With this release, you can also import Include and Exclude seed values in bulk by importing a CSV file. This user-friendly enhancement fastens and eases the configuration of the EASM profile. 

First, click the Download Template link and download the template for the seed type. From this standard template, you can learn how to provide the seed value details. Then you can upload the CSV file with the required values for the respective Include or Exclude seed type. 

Edit EASM Profile Snippet

Upload Seed Type values using a CSV file.

Important to Know!

  • You can import the CSV file for the Domains, Subdomains, Organizations, IP/Netblocks, and ASN Include and Exclude seed types.
  • You can't provide a string of semicolon-separated or comma-separated seed values. Also, you can't upload an empty or incorrect CSV file.
    An example of an incorrect CSV file: You want to import the CSV file for the Domain seed type and upload the CSV file for the Organization seed type instead.

Insight Into the User-defined, Catalog, and Enumerated Data for Seed Values

Before this release, you could see the list of Organizations and Domains for which the data will be available after subsequent syncs. The data included:

  • A list of domains and organizations available in the EASM catalog DB.
  • A list of organizations and primary domains in WHOIS DB and catalog entries, as well as catalog organizations and their corresponding catalog and WHOIS domain. 

Organizations and Primary Domains details.

With this release, we enhanced this experience further. Upon clicking Review, you can gain insight into the Inclusions and Exclusions you added to the EASM profile.

You can see the user-defined seed values and the respective EASM catalog data. Pagination support is provided to view all the data records. Also, you can download the details in the CSV, HTML, and XML format. For more information, refer to the Online Help.

Inclusion and Exclusion details  for EASM profile.

Enhancement to Exclude Seed Section

With this release, we enhanced the Exclude seed section of the EASM Profile Configuration. Refer to the following EASM Configuration snippet. You can now click the Add Add icon. icon to view the Exclude filters, select the required filter, and then provide the seed values while creating or modifying the EASM Configuration profile. For more information, refer to the Online Help.

Exclude Seed Section.

EASM Lightweight Scan IP Address Management

With this release, we made a provision to run an EASM lightweight scan on the VM-activated public IP addresses on which the VMDR scan never happened. We introduced a Settings tab under the Configuration tab to complete the required steps to initiate the EASM lightweight scan on such IP addresses. 

To initiate the EASM lightweight scan, you must remove the required IP addresses from the VM container and Certificate View. Upon clicking the Internet Facing IPs tab, you can view a list of such VM-activated IP addresses. Then, you can select the required IPs and click Remove IPs from the Actions list. The IP removal request is submitted successfully, and the IPs are removed from the VM and Certificate View.

Remove IPs from VM and Certificate View.

You can see the summary or logs of removed IP addresses from the Deleted IPs tab.

Deleted IPs from VM and Certificate View.

Visibility into Business Entities and Associated Asset Details

With this release, we enhanced the CSAM UI to show the business entities and information about the associated assets. A new tab, Business Entities, is introduced under the Inventory tab. This enhancement is supported for the CSAM trial and full subscriptions.

Business Entities details.

The business entity listing shown on the Business Entities tab includes details, such as the business entity name, owned by, supported by, and the number of assets associated with the respective business entity. These details are extracted using the APIs. The API or CMDB API sources that extracted the business entity details are shown under the Source column. For more information, refer to the Online Help.

Super Administrators can view the business entities information. However, sub-users can also view this information if the newly introduced View Business Entities permission is granted to them. Note that roles and permissions can be granted from the Administration utility.

View Business Entities permission. 

 

CSAM and GAV pill.

CyberSecurity Asset Management and Global AssetView

The following are the new features available with the CSAM and GAV subscriptions.

Bulk Asset Activation by Rule

Before this release, you could activate a maximum of 10K assets at a time from the Inventory > Assets tab. 

We have further simplified and automated this activation process. You can activate assets in bulk by creating a QQL-based or tag-based rule, and the assets will be activated after the rule is executed.

 This feature is supported only for the AGMS-Enabled CSAM and GAV subscriptions and is available for the Superuser subscription only. 

You can create the asset activation rule from the newly introduced Asset Activation Workflow tab under the Configuration tab. For more information, refer to the Online Help.

Asset Activation Workflow.

Visibility into Out-of-Scope Tags

Before this release, the sub-users couldn't view the details of tags that were outside their scope, that is, tags created by other users. This resulted in tag creep. Thus, it was often observed that they created identical tags, which led to tag duplication.

With this release, we made a provision enabling the sub-users to view and use the tag details, regardless of whether they created them. This results in reduced tag duplication, improved performance, and streamlined tag management. It also allows sub-users to collaborate more effectively using these tags without compromising the integrity of the original user's scope. 

 Sub-users cannot add such tags to an asset.

To enable the sub-users to view and use the tags, they must be granted the View All Tags permission from the Administration utility. 

View All Tags Permission.

After this permission is granted to the sub-users, they can:

  • View the details of tags created by other users but cannot edit, delete, or mark them as favorites.
  • Use the tags created by other users to create dashboards, generate reports, and so on. 

Before this release, such tags displayed a lock symbol, and the sub-users couldn't view the tag details.

 The Symbol for Sub-user created tag. symbol is also introduced for tags created by the sub-user. This visual indication helps the sub-users differentiate between self-created and other tags.

See the following screenshot to see the enhanced and intuitive representation.

tags in scope and tags out of scope.

New QQL Tokens

Refer to the following table to learn more about new QQL tokens for CSAM and GAV.

Token  Tab  Description

asset.isolated

Inventory>Assets

 

Find the assets that are isolated from your network. The supported values are True and False. 

This QQL token is supported for CSAM and GAV.

domain.ip

Inventory> Domains>Typosquatted Domains

Dashboard

Find the associated domains based on the IPv4 or IPv6 address value that is provided.

This QQL token is supported only for CSAM.

QQL Syntax Format Change

With this release, the QQL token syntax is changed for the QQL tokens mentioned in the subsequent table. 
Example: 
The QQL token syntax before CSAM 3.4.0.0 release: asset:(assetID:
The QQL token syntax from CSAM  3.4.0.0 release: asset.assetID:

asset:(assetID:

asset:(created:

asset:(criticalityScore:

asset:(domain:

asset:(isp:

asset:(lastBoot:

asset:(lastLoggedOnUser:

asset:(lastUpdated:

asset:(netbiosName:

asset:(org.name:

asset:(supportGroup:

asset:(riskscore:

asset:(supportGroup:

asset:(subdomain:

asset:(name:

asset:(hostID:


-  When you form a QQL query to find the required results, combining the QQL token with old and new syntax is not supported. 

Example of correct QQL query: asset.criticalityScore:5 and asset.assetID:12345
Example of an incorrect QQL query: asset:(criticalityScore: 5) and asset.assetID:12345

-  Although the existing widgets or reports will work with the old token syntax when you edit those widgets or reports, make sure you change the old token syntax to the new one, as the old syntax will be deprecated soon.

QQL Token Change

Refer to the following table to learn the QQL tokens that are changed from this release. 

Before CSAM 3.4.0.0 Release

With CSAM 3.4.0.0 Release

asset:(provider: provider:
asset:(tags.name: tags.name:
asset:(operatingSystem: operatingSystem:
asset:(operatingSystem.category1: operatingSystem.category1:
asset:(operatingSystem.category2: operatingSystem.category2:
asset:(interfaces.address: interfaces:(address:
asset:(interfaces.hostname: interfaces:(hostname:
asset:(activatedForModules: sensors.activatedForModules:
asset:(hardware.category1: hardware.category1:
asset:(hardware.category2: hardware.category2:

Issues Addressed

The following reported and notable customer issues have been fixed in this release.

Component/Category Description

CSAM+GAV-UI

We fixed the issue, where the TecDebt report format was shown as CSV instead of PDF from the Basic Details page of the Report Details.

CSAM+GAV - EASM Discovery

We fixed the issue of secondary domains and secondary full names of subsidiaries not getting enumerated.

CSAM+GAV - EASM Discovery

We fixed the issues where some of the ESAM assets were not shown on the UI though they didn't fall under the excluded ESAM domain and IPs.

CSAM+GAV - EASM Discovery

We fixed the issue where the asset activation for over 1000 unmanaged EASM assets from the EASM inventory page failed, although the assets were not agent, IPv6, OCI, or scanner assets.

CSAM+GAV-UI

We fixed the issue where upon clicking the EOL software details from a widget, the user was getting navigated to CSAM but wasn't getting redirected to the Inventory > Software tab. As a result, the 404 error was observed.

CSAM+GAV - EASM Discovery

We fixed the count discrepancy issue between the asset count shown on the Open Ports on Exposed Assets widget from the EASM default dashboard and the asset count shown on the Inventory > Open Ports tab for EASM assets.

CSAM+GAV-UI

We fixed the issue where the GPU details were not shown from the System Information tab on the Asset Details page, though the QID 45649 was present.

CSAM+GAV - Geo Location

We fixed the issue where the location of an asset located in a particular geographical location was not reflected in the widget from the Asset Summary tab of the Asset Details page.

CSAM+GAV - EASM Discovery

We fixed the issue where a few of the EASM assets were still visible despite three discoveries being run.

CSAM+GAV-UI

We fixed the data fluctuation issue after every refresh from the GAV Inventory.

CSAM+GAV - EASM UI

We fixed the issue where the vulnerabilities grouped by a Vendor Product Name didn't show the results upon clicking the vulnerability counts. 

CSAM+GAV - Asset Mapper

We fixed the issue where the software installation path was not shown for a few software. Additionally, no value was shown under the Software Installation column in the Software report.

CSAM+GAV - Inventory Report Download

We fixed the issue where the user couldn't download 30K software report records because the limit was 10K by enhancing this limit to 50K.

CSAM+GAV - Asset Mapper

We fixed the issue by adding support to the software (name:Microsoft Edge). As a result, the user can now access the Microsoft Edge plugin data, too, which was not the case earlier.  

CSAM+GAV-Feature Request

We fixed the issue of the DNS Hostname detected by the Cloud agent getting overridden by the EC2 Connector. However, if the DNS Hostname needs to be shown based on the user's need, the flag-based provision is made for it. For more information, contact TAM.