CyberSecurity Asset Management/Global AssetView Release 3.6.1.0

September 30, 2025

CSAM pill.

CyberSecurity Asset Management

The following are the new features and updates available with the CSAM subscription.

Tag-based Scoping for EASM Lightweight Scan

The EASM lightweight scan can now be configured to perform the scan on selective assets. Instead of scanning all your EASM assets, you can limit the scan scope by including or excluding assets using asset tags. 

To configure this limitation, navigate to an EASM profile > Enable EASM Scan, and select the tags to include or exclude assets from the scan.

add tags screen.

API Support:
This limitation can also be configured and managed through EASM Profile APIs. For more information, refer to CSAM 3.6.1 API Release Notes.

Domain Security Finding Status

You can now view the specific statuses of domain security findings detected in your domains during DNS resolution. These statuses provide information on the progress of detection and remediation of findings. 

A finding can go through the following statuses:

  • New: The finding is detected for the first time.
  • Active: The finding is detected again.
  • Fixed: The finding is remediated.
  • Reopened: A fixed finding is detected again.

You can view these statuses under the Detection column on the EASM > Domain Security tab.

Domain Security tab with detection status.

New Custom Script Tag Rule for Asset Tagging

CSAM can now automatically apply dynamic tags to assets based on the output of custom script execution in the Custom Assessment and Remediation (CAR) application. Once a custom script is executed on multiple assets, CSAM automatically tags those assets. To configure automatic tagging, use the new Custom Script tag rule to define queries based on:

  • Script ID: A unique identifier of the script.
  • Script Return Code: A specific code included in the script output.

You can use the new script.id and script.returnCode tokens to define a query. For more information on these tokens, refer to the New QQL Tokens in CSAM.

This Custom Script tag rule is available to use only with the Custom Assessment and Remediation (CAR) subscription.

To configure this tag rule, navigate to Tags > Create New and select the Dynamic tag type. From the Tag Rule list, select Custom Script

Custom script ta rule.

Example:
Create a rule to tag assets when the custom script with ID 123 executes and the script output returns code 5. The query can be: script.id:123 and script.returnCode:5

Custom script rule tag query.

New Trigger Criteria for Alerts

The system can now trigger alerts based on the new Time-Window or Count-Based Match (Whichever Occurs First) criteria. This trigger criteria generates alerts in either of the following cases:

  • Specified number of matching events occur within the given time window.
  • At least one matching event occurs before the time window ends.

Example: If you configure the rule for 5 matching events within 15 minutes, the alert triggers as soon as 5 matching events occur within that time window. If at least 1 matching event occurs, the alert still triggers when the 15-minute time window ends.

You can configure this criterion while creating a new rule for alert generation.

New trigger criteria option.

 

CSAM and GAV pill.

CyberSecurity Asset Management and Global AssetView

The following are the new features and updates available with the CSAM and GAV subscription.

Purge Oracle Cloud Infrastructure (OCI) Assets

You can now purge OCI assets from your CSAM Inventory. You can purge assets on demand or create an asset purge rule to remove all OCI assets automatically.

Purge OCI Assets on Demand:

Use Quick Actions > Purge Assets from the Inventory > Assets tab to purge the OCI asset.

Purge OCI asset screen.

Purge asset using the Asset Purge Rule:

Create or edit an asset purge rule to remove Oracle Cloud Infrastructure (OCI) assets. Select OCI as the cloud provider under Add Cloud Provider Metadata-Based Criteria.

OCI asset selection on the asset purge rule creation.

IPv6 Address Visibility for Cloud Assets

You can now view the IPv6 addresses of your cloud assets. This includes both private and public IPv6 addresses of the asset.

Navigate to the Asset Details page for any cloud asset and under Inventory, select the Information tab. On this tab, you can view the newly added attributes: Private IPv6 Address and Public IPv6 Address.

GCP asset information showing private and public IPv6 addresses, for example.

New QQL Tokens in CSAM

The following sections provide the new QQL tokens introduced in this release:

Token  Tab  Description
script.id: Custom Script tag rule Use this token to provide the script ID in the Custom Script tag rule.

Example:

script.id: 123
script.returnCode: Custom Script tag rule Use this token to provide the script return code in the Custom Script tag rule.

Example:

script.returnCode: 5
asset.adDomain: Inventory > Assets Use this token to search assets using the active directory domain.

Example:

asset.adDomain: `Domain.local.com`
domain.security:(lastFixedDate: EASM > Domain > Domain Security Use this token to search domain security findings based on their last fixed date.

Example:

domain.security:(lastFixedDate: `2025-07-29`)
domain.security:(status: EASM > Domain > Domain Security Use this token to search domain security findings based on their remediation status.

Accepted Values:

  • NEW
  • ACTIVE
  • FIXED
  • REOPENED

Example:

domain.security:(status: ACTIVE)

Issues Addressed

The following reported and notable customer issues are fixed in this release:

Component/Category Description
CSAM - Web Applications We fixed an issue where Web application details did not appear in the CSAM > Web Applications > Application Details window.
CSAM+GAV - Asset Activation We fixed the warning message shown when attempting to activate unsupported asset types from the CSAM > Inventory > Assets tab.
CSAM - EASM Open Ports We fixed an issue where the total number of open ports on the EASM > Open Ports tab did not match the count displayed under EASM > Inventory > Asset tab.
CSAM - EASM Discovery We fixed an issue where assets identified as Citrix Gateway in Shodan were not getting discovered as an application or software-based service in EASM.
API-based Scan We fixed an issue where assets discovered through API-based scans did not display the source in the Inventory > Assets tab under the Source column.
CSAM - EASM Asset Details Report We fixed an issue where an incorrect EASM asset count was displayed in the EASM Asset Details report.
CSAM - EASM Vulnerability Report We fixed an issue in the EASM Vulnerability report where the result column exceeded the cell limit due to large text. The report now automatically splits large text across multiple columns.
CSAM+GAV - Dashboard Widgets We fixed an issue where the Dashboard widgets displayed all types of software instead of listing the selected software.
CSAM+GAV - System Information We fixed an issue where processor information was not displaying for Red Hat systems running on IBM z hardware in the Asset Details > System Information > Processors section.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.