CyberSecurity Asset Management/Global AssetView Release 3.5.0.0
May 16, 2025
|
CyberSecurity Asset Management |
The following are the new features and updates available with the CSAM subscription.
Ability to View Databases Details
We have introduced the ability to view detailed information into your database instances and servers. A new Database tab is added under Inventory to view Instances and Database Servers related information.
Instances: This section provides a comprehensive view of your database instances. You can view more details into an instance by clicking View Details from the Quick Actions menu.
Database Servers: This section provides a detailed information of the database assets. It includes the Instances column, which precisely provide the number of database instances running on each server.
You can click the instance number to view the detailed information of the Instances on the Asset Details page.
Ability to Update Basic Business Information
You can now edit the basic business information of an asset from the Asset Details > Inventory > Business Information page.
To update the Basic Information, click the icon.
Trigger Criteria for Alerts
You can now specify the alert Trigger Criteria when creating a rule for monitoring critical events. This feature provides you precise control over when and how alerts are generated. The system automatically executes your selected action whenever the trigger criteria are satisfied.
By configuring alerts to trigger only when specific conditions are met, you can reduce total number of notifications you receive for each alert and focus on critical events. Additionally, multiple alerts from the same asset can be grouped into a single notification, making it easier to track issues without sorting through hundreds of alerts.
To create a new rule, navigate to Responses > Rule Manager. For more information, refer to the CSAM Online Help.
The following trigger criteria are available to select:
- Single Match: The system generates an alert each time it detects an event that matches your rule query.
- Time-Window Count Match: The system generates alerts based on the number of events returned by the search query in a fixed time interval. For example, an alert is sent when three matching events are found within a 15-minute window.
- Time-Window Scheduled Match: The system generates alerts for matching events that occur during a scheduled time. The rule is triggered when an event matching your search criteria is found during the time specified in the schedule. For example, alerts are sent when all matching events occur within the scheduled window between 9 AM and 5 PM.
For Time-Window Count Match and Time-Window Scheduled Match, you can aggregate alerts using an aggregate group. That means you can group related alerts together instead of receiving them separately. Currently, Asset ID is supported as an aggregate group.
Ability to View EASM Profile History
You can now view and manage the EASM profile modification history. This feature enables you to track changes, revert to previous configurations, and analyze historical records of configuration changes as needed.
To access the profile history, navigate to Configuration > EASM Configuration and click More Options > View EASM Profile History on a profile.
The Version History window displays a detailed list of all modified versions of the profile, including the Current Version. The current version page has an Edit option to modify the configuration.
The system displays a maximum of 10 versions for an EASM profile.
You can click any version in the list to view its configuration details from that specific date and time. Clicking Restore & Edit enables you to restore and edit a previous version.
When you click Update after updating the profile configuration, it becomes the current active profile configuration. You can also click Save as Default to save the profile as default.
For more information, refer to the CSAM Online Help.
Information on Registrant Country and Expiration Date of Domains
You can now view domain details, such as the country of the registrant and the expiration date for both resolved and unresolved domains on the Inventory > EASM > Domains tab. This enhancement provides greater visibility into the ownership and validity of a domain. You can strengthen your external attack surface management by comparing the registrant information with known threat indicators.
This new enhancement enables you to:
- Group domains by Registrant Country and Expiration Date using the Group By drop-down list.
- Filter both Resolved and Unresolved Domains using QQL filters for Registrant Country and Expiration Date.
- Create dashboards using QQL filters and Group By options to monitor domain information easily.
We have enhanced the Asset and Domain APIs to support filtering domains by registrant country and expiration date. For more details, refer to CSAM 3.5.0.0 API Release Notes.
ETM Asset Classification in CSAM
All assets retrieved from the Qualys Enterprise TruRisk Management (ETM) connector are now automatically classified as managed and displayed under CSAM Inventory > Assets > Managed.
This enhancement is only available if you have Qualys Enterprise TruRisk Management (ETM) subscriptions.
Enhanced EASM Summary Report
EASM Summary Report allows you to understand and have visibility into your organization's entire external attack surface. In this release, we have updated the report to include the following enhancements:
- Personalized EASM Summary Reports with Custom Names
- Unresolved Domains and Subdomain Count Cards
- Enhanced Risk Visualization
- Typosquatted Domain Information
Personalized EASM Summary Reports with Custom Names
You can now personalize the EASM Summary report for specific stakeholders by adding a user's or organization's name to the report. This custom name is displayed prominently on the cover page of the report.
We have added a new Report Generated For field to support this enhancement. While creating a new report, enter a name in the Report Generated For field on the Basic Details page.
Unresolved Domain and Subdomain Count Cards
You can now view the total count of Unresolved Domains and Subdomains on the External Attack Surface Summary section. This provides quick visibility into domain resolutions.
We have added a table that displays the top 10 assets with the vulnerabilities listed below. This helps you quickly identify the assets with the highest risk.
- Risky Open Ports on your internet-facing assets
- Database Open Ports on your internet-facing assets
- Certificate Posture of your internet-facing assets
The image below shows an example of the table displaying the Risky Open Ports on your internet-facing assets.
Typosquatted Domain Information
You can now view your organization's typosquatted or look-a-like domain information in the EASM Summary report. The following new sections are added:
- Typosquatted Domains: This section displays typosquatted domains that use common spelling mistakes of real domains.
- Top Typosquatted Domains With TLD Swap: This section displays typosquatted domains that have been generated using (Top-level Domain)TLD swap.
- Top WHOIS Registrant Countries of Typosquatted Domains: This section displays which countries have the most typosquatted domains registered.
The Typosquatted Domains Discovery option should be turned on for the logged-in user’s EASM profile.
EASM Scan Access Control Enhancement
Only a user with the manager role can enable or disable the EASM Scan option while creating or updating the EASM profile. This enhancement ensures that only users with the right level of access can enable EASM scanning.
Before this release, the EASM Scan option was available to all users, including sub-users. However, only the manager user's name was displayed in the VMDR module > Scans tab when the scan was initiated.
Users who previously had EASM scanning enabled will continue to retain its functionality.
This enhancement is also available through the EASM APIs. For more information, refer to the CSAM 3.5.0.0 API Release Notes.
Detection of Open Ports and Software with EASM Lightweight Scan
The EASM Lightweight scan now detects open ports and identifies the software running on external-facing assets. The assets, along with their associated open ports and software details, are listed under the Inventory > Assets tab.
The Discovery Source for these assets is shown as EASM VM Scan. You can view the Discovery Sources on the following tabs:
- Inventory > Assets > Asset Details > Inventory > Open Ports and Installed Software
- Inventory > Assets > Asset Details > Security > External Attack Surface > Open Ports and Software
Introduction of the EASM Rule for Asset Identification
In this release, we have introduced a new system-generated rule called EASM Rules. This rule identifies EASM assets based on their primary IP address. These identified assets can be viewed on the Inventory > EASM > Assets tab.
This rule is view-only; you cannot edit, delete, or reorder it.
To view the rule, navigate to Configuration > Asset Identification Rules > EASM Rules.
|
CyberSecurity Asset Management and Global AssetView |
The following are the new features and updates available with the CSAM and GAV subscription.
Ability to Remove Static Asset Tags in Bulk
You can now remove static tags from multiple assets in a single operation. This simplifies removing tags from large numbers of assets that can be time-consuming.
• Only Static tags can be removed in bulk.
• Tags can be removed from a maximum of 10,000 assets in a single operation.
To remove static tags from assets, go to Inventory > Assets, select the assets, and click Actions > Remove Tags.
The Select Tags window displays the tags depending on the scope of the logged-in user.
The number of tags you can remove in a single operation varies according to the number of selected assets. Refer to the following table for more details:
Selected Assets | Permissible Number of removable tags |
---|---|
5000 to 10000 | 1 |
3000 to 4999 | 2 |
1000 to 2999 | 3 |
500 to 999 | 10 |
200 to 499 | 20 |
Improvement in Agent Provisioning Rules
When only Hostname is selected as a primary attribute for merging agents, it may create an issue with environments that have sub-domains. Specifically, different agents that share identical hostnames could be incorrectly merged.
To prevent incorrect merging of agents, we have introduced a Confirmation window that is displayed when you select only the Hostname as the primary attribute while editing the Agent Provisioning Rule. This window prompts you to confirm whether you want to proceed with merging based solely on Hostname.
Agent Provisioning Rule Feature Now Available to all Users
The Agent Provisioning Rule feature, which was previously accessible only upon request, is now available to all users. This feature enhances agent management by enabling the automatic merging of assets that share a common identification attribute, such as hostname, IP address, or another unique identifier.
For more details on Agent Provisioning Rule, refer to CSAM and GAV Online Help.
Enhancement in Trending Widget Data Range
Widgets now display trending data for up to 365 days. This enables you to perform thorough trend analyses and tailor your data view to meet your specific requirements.
You can use the settings icon to customize the duration of the trending data.
Trending values are calculated dynamically based on when the widget was created. Widgets older than 365 days will only show data from the past 365 days. Newer widgets will show data starting from the day they were created.
Filter AWS Assets by Tag Name or Tag Value
You can now group AWS assets by Tags Name or Tags Value.
Ability to Purge Assets Not Scanned by VM
With this release, you can configure the Asset Purge Rule to remove assets that are not scanned by VM. To support this, set the attribute to lastVMScanDate and select IS NULL as the operator for the Time-Based Criteria.
To configure the rule, navigate to Rules > Asset Purge Rules.
Purging assets that are not scanned by VM can only be configured using the Time-based Criteria.
Enhanced AIX Asset Identification with LPAR ID
You can now view the Logical Partitions (LPAR) ID to identify and manage AIX assets in your inventory. The LPAR ID is displayed on the Asset Inventory > Asset Details > System Information > Specification page.
We have enhanced the Asset APIs to add support for filtering assets using the LPAR ID. For more details, refer to CSAM 3.5.0.0 API Release Notes.
Support for Auth ID Client Management from UI
With this release, we have extended our support for OpenID Connect Authentication Client Management capabilities from UI. This update allows for secure authentication and authorization of API access directly from the user interface. Our API interactions are now authenticated with enhanced security measures.
ID tokens are generated and validated with utmost security. This seamless integration requires minimal changes to the existing infrastructure, allowing to maintain the highest level of security for APIs.
With the Auth ID Client Management from UI, you can:
- Manage authentication and authorization processes more intuitively, providing a smoother user experience.
- Easily handle API access permissions directly from the UI, simplifying the process of granting and revoking access when needed.
- Maintain your existing workflows with minimal changes, enabling you to continue your tasks without the need to learn new processes extensively.
Access Control
We have provided role-based access control to create User Level and Subscription Level clients.
Manager users can create two types of clients based on access requirements:
- User Level Clients: These clients are associated directly to individual user accounts, making them ideal for scenarios where user-specific access control is required. Users can access APIs and CSAM functionalities that are provided in this client.
The token generated through the User Level client becomes invalid if the user is deactivated. - Subscription Level Clients: These are independent of user identities and offer broader access within the subscription. It means that the token generated through this client is tied to the subscription rather than an individual user.
The token generated for a subscription level client continues to function even if the user is deactivated.Currently, the Subscription Level clients are not supported by CSAM APIs.
Non-manager users are restricted to creating only User Level Clients, ensuring limited access control.
To access the client management tab, navigate to your profile icon, located at the top-right corner, and click View Profile > Auth Id Client Management tab.
For client creation, select either User Level or Subscription Level from the available options, and then click New Client.
Only users with manager privileges can view and access the Subscription Level tab.
While creating a client, you can select all modules at once or individual modules as required. You can also set various permissions including global permissions, dashboard permissions, tagging permissions, as well as API access. Depending upon these permissions a user can access the modules and its features that are assigned to the client.
Based on the permissions you select:
- If the API Access permission is not enabled under Global Permissions > Access, the API returns a response with this message:
User does not have permission to access API module
- If the AI Access permission under CyberSecurity Asset Management > AI Permissions is not enabled, the API returns a response with this message:
User does not have permission to access CSAM/GAV module
In the case of EASM APIs, if you do not have the required EASM permission, the API returns a response with this message:
User don't have permission to call an API

Once you click Create, a Client ID and Client Secret Key are automatically generated. The Client Secret Key is displayed only once. Make sure to copy and store it securely. This key is essential for generating JWT access tokens and cannot be retrieved later. For more information, refer to CSAM 3.5.0.0 API Release Notes.
New QQL Tokens
The following sections provide the new QQL tokens.
New Tokens in CSAM and GAV
Token | Tab | Description |
---|---|---|
aws.tags.key | Inventory > Assets | Search a specific AWS asset using the asset tag key. |
aws.tags.value | Inventory > Assets | Search a specific AWS asset using the asset tag value. |
asset.lparID | Inventory > Assets | Search assets that are associated with the LPAR ID. |
asset.lastInventoryDate | Inventory > Assets and Reports | Search assets with last the inventory date. |
New Tokens in CSAM
Token | Tab | Description |
---|---|---|
database.instance. name |
Inventory > Database Instances | Search the database instances based on the instance name. |
database.instance.id | Inventory > Database Instances | Search the database instances based on the instance ID. |
database.instance. technology |
Inventory > Database Instances | Search the database instances based on the technology of the database. |
database.instance. firstseen |
Inventory > Database Instances | Search the database instances based on the first occurrence of the instance. |
database.instance. lastseen |
Inventory > Database Instances | Search the database instances based on the last occurrence of the instance. |
QQL Token Change
Refer to the following table to learn the QQL tokens that are changed from this release.
Before CSAM 3.5.0.0 Release | With CSAM 3.5.0.0 Release |
---|---|
asset:(wasUrl | asset.wasUrl: |
Issues Addressed
The following reported and notable customer issues are fixed in this release:
Component/Category | Description |
---|---|
CSAM - Reporting | We fixed the issue where the Asset Open Port report was being generated for scanner assets, which do not have open ports, causing the report to fail. The system will now skip report generation when the asset is a scanner and the report type is Asset Open Port. |
CSAM - Reporting | We fixed the issue where the Last Synced Date for Agent column was not displayed in the AWS Details and Azure Details report. |
CSAM+GAV - Asset Details | We fixed the issue where uninstalled applications continued to appear under installed software. |