CyberSecurity Asset Management/Global AssetView Release 3.6.0.0

August 19, 2025

CyberSecurity Asset Management

The following are the new features and updates available with the CSAM subscription.

New Tag Rule with IPv6 Support

We have introduced the Network Addresses tag rule to support tagging assets automatically based on IPv4, IPv6, DNS, or NetBIOS criteria. This rule applies the tag based on the selected criteria to the discovered assets.

Additionally, we have added support for tagging assets with IPv6 addresses. You can configure this by selecting the IPv6 criteria under the Network Addresses rule and providing the appropriate IPv6 values.

New network addresses tag rule selected.

Enhanced Domain Security

You can now view missing or misconfigured DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) records that may expose your organization to external threats such as spoofing and phishing. This information is available in the new Domain Security tab under Inventory > EASM > Domains.

Each finding is assigned a QDS score (pre-defined by Qualys) to help you assess risk levels and prioritize remediation for domains that require immediate action.

Domain Security tab.

To view the Domain Security tab, ensure that the Domain Security toggle is turned on for the EASM Profile.

Domain Security toggle switch.

For more information, refer to CSAM Online Help.

API Support:
We have added API support for managing this feature. For more information, refer to CSAM 3.6 API Release Notes.

Domain Security Findings Report

You can now generate a report that lists all findings related to domains within your organization. Using this report, you can review missing or misconfigured SPF and DKIM records and take corrective action to strengthen your domain security.

To generate this report, navigate to the Reports tab and click Create Report. Select the Domain Security report under Externally Exposed Asset Details.

domain security report.

EASM Lightweight Scan on IPv6 Assets

The EASM Lightweight scan can now detect vulnerabilities on assets with IPv6 addresses. With the detected vulnerabilities, you can identify and assess security threats across your IPv6 assets.

To enable the EASM Lightweight scan, ensure that the Enable EASM Scan toggle is enabled for your EASM profile. This toggle can only be enabled by a manager user.

enable EASM Scan toggle switch.

Once the scan is completed, the Inventory > EASM > Vulnerabilities tab displays all the vulnerabilities.

For more information, refer to CSAM Online Help.

To configure EASM Lightweight scan for IPv6 assets, contact your Technical Account Manager (TAM).

New Publicly Unavailable Status for Software Lifecycle

Software with missing lifecycle information is now displayed with the Publicly Unavailable status. This helps you identify software for which no vendor details are available.

You can view this status in the Lifecycle column on the Inventory > Software tab.

Publicly unavailable lifecycle status on Assets tab.

You can also view the lifecycle information for a specific software of an asset by navigating to Asset Details > Installed Software > Application and selecting the required software.

Publicly Unavailable status on Asset Details page.

API Support:
Asset APIs can now fetch assets with the Publicly Unavailable software lifecycle status. For more information, refer to CSAM 3.6 API Release Notes.

Business Entity is now Business Apps

We have renamed the Business Entity tab to Business Apps to better reflect its function and align with the management and organization of your business applications within CSAM.

You can access this Business Apps tab at Inventory > CSAM > Business Apps.

Business Apps tab.

CyberSecurity Asset Management and Global AssetView

The following are the new features and updates available with the CSAM and GAV subscription.

Tag Management Enhancements

We have introduced several enhancements to the tag management workflow to improve the organization and management of tags on the Tags tab.

Assign Parent TagAssign Parent Tag

You can assign or replace a parent tag by using options from the Quick Actions and Actions menu. Earlier, each tag had to be edited to assign or replace the associated parent tag.

You can add a static tag as a parent to dynamic and system tags. However, you cannot add a dynamic or system tag as a parent to static tags.

Add Parent:
Use this option to assign a parent tag to any tag.

Add Parent tag option.

Change parent tag:
Use this option to assign a parent tag to multiple tags in bulk from the Actions menu.

You can assign a parent tag to a maximum of 20 tags at once. If you select more than 20 tags, the system considers only the first 20 tags.

Change parent tag option.

Preview tag detailsPreview tag details

You can now view tag details quickly without navigating away from the Tags tab. When you click a tag, a new Tag Details pane opens. This window provides the tag information, such as the number of associated Assets and Basic Information.

Pane showing tag details.

Customize tag colors with hex codes and swatchesCustomize tag colors with hex codes and swatches

We have enhanced the tag color picker with the following new options to give you more flexibility when setting a tag color:

Hex Code Input: You can enter a specific hex code to define your required color.
Color Swatches: Select from a predefined set of commonly used colors.

color picker for tags.

New QQL Tokens in CSAM

The following sections provide the new QQL tokens.

Token	Tab	Description
dns:(type:	EASM > Domains > Typosquatted and Resolved	Use this token to filter domains based on the DNS record type. The types are: A, AAAA, CNAME, MX, NS, SOA, SRV, and TXT. Example: dns:(type:`AAAA`)
dns:(source:	EASM > Domains > Typosquatted and Resolved	Use this token to filter domains based on the DNS source. The sources are: Cloudflare DNS, DNS Database, Geo DNS, Google DNS, and Quad DNS. Example: dns:(source:`Google DNS`)
dns:(value:	EASM > Domains > Typosquatted and Resolved	Use this token to filter domains based on the DNS IP address. Example: dns:(value:`<Enter IP address here>`)
domain.security:(firstDetected:	EASM > Domains > Domain Security	Use this token to filter the domain security findings based on their first detected date. Example: `domain.security:(firstDetected:'2025-07-29')`
domain.security:(lastDetected:	EASM > Domains > Domain Security	Use this token to filter the domain security findings based on their last detected date. Example: `domain.security:(lastDetected:'2025-07-29')`
domain.security:(identifier:	EASM > Domains > Domain Security	Use this token to filter the domain security findings based on the identifier of an SPF or DKIM record. Example: domain.security:(identifier:`tdcomplete.com`)
domain.security:(findingType:	EASM > Domains > Domain Security	Use this token to filter the domain security findings based on the finding type. The finding types are SPF and DKIM. Example: domain.security:(findingType:`SPF`)
domain.security:(title:	EASM > Domains > Domain Security	Use this token to filter the domain security findings based on the detection title. Example: domain.security:(title:`Multiple SPF record`)
domain.security:(detectionScore:	EASM > Domains > Domain Security	Use this token to filter the domain security findings based on their QDS score. Example: domain.security:(detectionScore:`90`)

Issues Addressed

The following reported and notable customer issues are fixed in this release:

Component/Category	Description
CSAM+GAV - QQL Token	We fixed an issue where the application crashed when typing the Openports token.
CSAM - Assets missing Agent count	We fixed an issue where the CSAM home page displays an incorrect Assets Missing Agent count. We update the associated QQL token to show the correct count.
CSAM - Widget	We fixed an issue where the non-Manager user could not create a widget using the query on the CSAM Inventory tab.
CSAM - Tags	We fixed an issue where attempting to delete a tag from the Quick Actions menu on the Tags tab did not successfully delete the tag.