1. home icon for breadcrumbs >
  2. ETM Integration with Other Qualys Apps >
  3. ETM Integration with CSAM

ETM Integration With CSAM

Qualys CyberSecurity Asset Management is a comprehensive solution that enables organizations to discover, inventory, and monitor all assets across their IT environment, providing visibility into security gaps and compliance issues. CSAM is the solution that combines native scanning, agent scanning, and passive discovery and complements with API-based third-party connectors to provide the most comprehensive asset attack surface coverage.

Prerequisite

CSAM must be enabled for your subscription for implementing the CSAM integration with ETM,

How Does the Integration Work?

The integration process follows these steps:

  1. Contact your TAM or support to enable your subscription for CSAM
  2. Run baseline for CSAM to ingest existing CSAM data in ETM.

    The ETM automatically ingests findings from CSAM into as misconfigurations.

    Failed postures from your CSAM environment is displayed in ETM with their respective risk scores, allowing for precise identification of security issues that require remediation.

The integration ensures data synchronization between systems for current security posture information in ETM for effective risk management.

View Assets and Findings in ETM

After completing the integration, you can view and manage CSAM findings within the ETM interface.

  1. Navigate to Risk Management > Findings > Misconfigurations to access the consolidated view of security posture findings.
  2. To filter specifically for CSAM findings, use the QQL query syntax:
    finding.vendorProductName:'CSAM'.

    View PC misconfiguations.

  3. To view details about misconfiguration, click View  Details from Quick Action menu of the selected configuration.

    You can view various details in different tabs.

    Summary

    The Summary page has different details, such as Basic Details, Description, and asset Information, such as Identification and Activity. The Basic Details include details such as the Finding ID and the Type Detected. Information about Sources is available, along with the last-detected and first-detected dates, instances, and technology used. 

    View PC misconfiguations summary.

    QDS Details 

    The Qualys Detection Score (QDS) Details includes Contributing Factors for Qualys Detection Score and Additional Insights such as Highest Contributing QVS, Highest Contributing CVE, Lifecycle Information and so on.

    View PC misconfiguations QDS Details.

    Additional Details

    The Additional Details page lists Control/Rule Details like Reference ID, Misconfiguration Type, sub type, Severity, Control URL and so on. Policy Details section displays Policy Name, Policy URL, Decription, Evaluated On, Created By and so on.

    View PC misconfiguations additional details.

    Sources

    The Sources page displays details such as Aggregated Records and Source Records, including Connector Name, Connector ID, Source Policy URL, Source Asset ID, Policy Name, Technology, and Technology Category.

    View sources in details.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.