Enterprise TruRisk Management Release 1.2.0
March 04, 2025
Support for New Connectors
We are expanding our connector ecosystem with four new API integrations and one new Generic CSV integration.
Microsoft Defender for Endpoints
The Microsoft Defender for Endpoints (MDE) connector collects asset and vulnerability data from Microsoft's security platform. This API integration provides visibility into Windows endpoint security findings and fetches its host assets. Learn more about the MDE Connector.
AWS Inspector
This connector integrates AWS Inspector's automated security assessment service. The API integration imports findings about vulnerabilities, and host assets in AWS environments. Learn more about the AWS Inspector Connector.
CrowdStrike Exposure Management
Supporting CrowdStrike's container-based solution, this on-premise API connector integrates vulnerability findings and host assets from CrowdStrike Falcon. Learn more about the CrowdStrike OnPrem Connector.
BitSight
The BitSight connector imports security ratings and findings from BitSight's security ratings platform. This API integration fetches vulnerability and patching cadence findings from BitSight while also mapping its security ratings with Qualys TruRisk Scores. Learn more about the BitSight Connector.
Amazon S3 Bucket
This connector enables integration of vulnerability data from custom sources through CSV files stored in Amazon S3 buckets.
The new connectors automatically fetch vulnerability and host assets data from their respective platforms. This data flows directly into the ETM application, enabling comprehensive risk prioritization across your security ecosystem. Learn more about the AWS S3 Connector.
Custom Attributes
We have introduced a new feature of Custom Attributes allowing you to define and manage Custom Attributes for findings within Qualys ETM. This enhancement provides enhanced flexibility to create calculated fields for findings in ETM.
Benefits
- Customization
Write your own formula to calculate custom attributes for each finding.
- Efficient Reporting and Filtering
Flexibility in using custom attributes as QQL tokens for creating dashboard widgets and filtering all findings.
- Coordinated workflows
The presence of custom attributes facilitates the seamless integration of ETM workflows with other systems using ETM Finding APIs. To learn more about ETM APIs, refer ETM API User guide.
- Enhanced Data Visibility
Custom attributes provide better visibility into high risk findings, allowing you the ability to generate alerts automatically.
You can view details of custom attributes in Findings Details page.
For more details, refer to ETM Online help.
Purge Findings
With this release, we have introduced the purge Findings. It is designed to facilitate the routine removal of outdated information, notably findings that are no longer relevant in your environment. In fast-paced, dynamic settings such as cloud environments, data can quickly become outdated, and this feature helps ensure your data stays accurate and reliable.
Benefits
- Enhanced Data Accuracy
Regular purging helps maintain fresh and accurate data in your subscription, reducing the presence of stale findings that can lead to unresolved vulnerabilities, subsequently affecting security scores, remediation performance, and overall trust in data.
- Flexible Frequency
We recommend a purging schedule ranging from monthly to quarterly, depending on the size and dynamics of your environment, striking a balance between data accuracy and the effort required.
You can create a purge rule to automate the process. You can either purge on-demand or schedule a daily purge rule. To access this feature, navigate to Risk Management > Finding Rules > Purge > Create Rule.
For more details, refer to ETM Online help.
Support for CSAM and VMDR QQL Search Tokens for Assets
With this release, we have extended support for CSAM and VMDR QQL search tokens for assets. The following are the categories for which we have introduced tokens.
- Asset Inventory and Passive Sensor
Use these tokens to view asset inventory by CSAM and passive sensors.
- AWS EC2
Use these tokens for searching your AWS EC2 assets.
- Microsoft Azure
Use these tokens for searching Microsoft Azure assets.
- Google Cloud Platform
Use these tokens for searching Google Cloud Platform assets.
- Oracle Cloud Infrastructure
Use these tokens for searching Oracle Cloud Infrastructure (OCI) assets.
- IBM Cloud
Use these tokens for searching IBM Cloud assets.
- Alibaba
Use these tokens for searching Alibaba assets.
- Passive Sensor Only
Use these tokens for searching assets identified by Passive Sensor only.
For more details on these tokens, refer to Search Tokens for Findings.
New Tokens for Findings Tab
|
Name |
Description |
Example |
|---|---|---|
|
finding.custom finding.custom finding.custom finding.custom finding.custom |
Provide a numeric value to search for findings with a specific value or within a range of values. |
|
|
finding.epssScore |
Use the token as an integer value to help you search findings based on a EPSS score. |
|
|
finding.ruleName Note: This token is designed for use in the Rule Query field when creating an alert. |
Use the token to view the findings using rule name. |
|
|
finding.id Note: This token is designed for use in the Rule Query field when creating an alert. |
Use an integer as token value to help you search findings based on a rule ID. |
|
For more details on these tokens, refer to Search Tokens for Findings.
New Tokens for Business Entities
|
Name |
Description |
Example |
|---|---|---|
|
businessEntity.
|
Use business values provided at the time of business creation to find the business entity. |
|
|
businessEntity. |
Use currency code as AUD, CAD, EUR, INR, JPY, SGD, or USD to find the business entity. |
|
|
businessEntity. |
Use values within quotes or backticks to find the business entity using name. |
|
|
businessEntity. |
Use risk appetite values as a token to find the business entity. While defining the business entity, you can assign values from 0 to 1000. |
|
|
businessEntity. |
Use values within quotes or backticks to find the business entity using business title. |
|
|
businessEntity. |
Use TruRisk score to find the business entity. |
|
For more details on these tokens, refer to Search Tokens for Business Entities.
New Tokens for Purge Rule
|
Name |
Description |
Example |
|---|---|---|
|
name
|
Use this token to search for purge rules by name. |
|
|
enabled |
Select the token value as TRUE or FALSE to view the list of rules that are enabled for purging the findings. |
|
For more details on these tokens, refer to Search Tokens for Purge Findings.
New Default Dashboard
With this release, we have introduced a default dashboard designed to enhance your user experience. A predefined dashboard that allows new users to quickly start view finding. As you become more familiar with the platform you have the option to create your own custom dashboards tailored to your specific needs and requirements.
Integration with Qualys Applications: PC, SCA, and WAS
ETM now supports integration with other Qualys applications, including PC (Policy Compliance), SCA (Security Configuration Assessment), and WAS (Web Application Scanning). You can view findings from these applications in the ETM Findings tab.
The Risk Management tab provides a comprehensive overview of findings, list of findings with details categorized as Vulnerabilities and Misconfigurations.
You can identify and monitor vulnerabilities and misconfigurations, with the ability to take necessary actions for threat mitigation in Findings.
Access detailed information such as Summary QDS details, including the highest contributing CVEs, associated malware and threat actors, exploitability, additional insights, and detection details (exploitability, patches, malware, sources).
You can search for Vulnerabilities and Misconfiguration in integrated applications and utilize the Group By option to organize data effectively. For instance, selecting Group By Vendors Product Name allows you to click values in the detection Count column to see a list of assets with the corresponding vendors.
For more details, refer to the Discover and Manage Security Risks section from ETM Online Help.
Support for Venn Chart in ETM Dashboard Widget
With this release, you can use a Venn diagram representation for your widgets. A Venn diagram is a powerful tool for representing findings. It visually illustrates relationships between different elements, highlighting overlaps, gaps, and inter-dependencies within complex data.
New Group By Option for Vulnerabilities and Misconfigurations
When you have findings ready, you can organize them further into logical groupings. We offer several Group by options like Detection age, CVE Protocol, and so on. With this release, you can group your findings by using Type Detected for Vulnerability and Sub Type for Misconfigurations.
Enter a search query for Vulnerabilities and and get the results of your findings. Then choose a Type Detected as Group by option from the drop-down.
Enter a search query for Misconfigurations and and get the results of your findings. Then choose a Sub Type as Group by option from the drop-down.
API Features and Enhancements
With this release, we have introduced ETM Report APIs designed for asynchronous operations. For detailed information on APIs, refer to the ETM API Release Notes.