File Integrity Monitoring Release 4.6

May 05, 2025

Retrieve Network Assets using Tags

You can now retrieve your network assets using tags into your FIM asset inventory. Previously, retrieving assets required manually entering a QQL query. This improvement simplifies your workflow by eliminating the need to define a query for asset retrieval.

As part of this improvement, the Scan Based Assets tab is now renamed to Network Devices to better reflect its purpose.

To fetch network assets, navigate to the Assets > Network Devices tab and click Add Assets to select your desired tags. You can add all tags that are in your scope.

For more information on network assets, refer to FIM Online Help.

New Cards to Easily Visualize FIM Non-compliant Assets

We have now introduced two summary count cards under the Assets > Real Time Assets tab. These cards give you a quick insight into assets that are non-compliant without manually filtering or searching through the list.

Non-compliant assets refer to those assets that are non-communicating and have a bad agent health status.

You can click on each card to view a detailed list of the affected assets.

  • Non-Communicating: Displays the number of assets that have not communicated with the Qualys Enterprise TruRisk™ Platform in the last seven days.
  • Bad Agent Health Status: Displays the number of assets that are FIM activated but currently not functioning as expected.

real-time assets page with summary count cards.

Support for Auth ID Client Management from UI

We have extended our support for OpenID Connect Authentication Client Management capabilities from UI. This update allows for secure authentication and authorization of API access directly from the user interface. Our API interactions are now authenticated with enhanced security measures.

ID tokens are generated and validated with utmost security. This seamless integration requires minimal changes to the existing infrastructure, allowing to maintain the highest level of security for APIs.

Access Control

Manager users can create two types of clients based on access requirements:

  • User Level Clients: These are associated directly to individual user accounts, making them ideal for scenarios where user-specific access tracking and control are required. The token generated by user level client becomes invalid if the user is deactivated.
  • Subscription Level Clients: These are independent of user identities and offer broader access within the subscription. The token generated by a subscription level client continues to function even if the user is deactivated.

    Currently, the tokens generated through subscription level clients are not supported by FIM APIs.

Non-manager users can create only User Level Clients, ensuring limited access control.

With the Auth ID Client Management from UI, you can:

  • Manage authentication and authorization processes more intuitively, providing a smoother user experience.
  • Easily handle API access permissions directly from the UI, simplifying the process of granting and revoking access when needed.
  • Maintain your existing workflows with minimal changes, enabling you to continue your tasks without the need to learn new processes extensively.

To access the client management tab, navigate to your profile icon, located at the top-right corner, and click View Profile > Auth Id Client Management tab.

For client creation, select either User Level or Subscription Level from the available options, and then click New Client.

Only users with manager privileges can view and access the Subscription Level tab.

While creating a client, you can select all modules at once or individual modules as required. You can also set various permissions including global permissions, dashboard permissions, tagging permissions, as well as API access. Depending upon these permissions a user can access the modules and its features that are assigned to the client.

Based on the permissions you select:

  • If the API Access permission is not enabled under Global Permissions > Access, the API returns a response with this message:

    User does not have permission to access API module

  • If the FIM Access permission under File Integrity Monitoring > FIM Permissions is not enabled, the API returns a response with this message:

    User does not have permission to access FIM module

Once you click Create, a Client ID and Client Secret Key are automatically generated. The Client Secret Key is displayed only once. Make sure to copy and store it securely. This key is essential for generating JWT access tokens and cannot be retrieved later. For more information, refer to JWT Token Generation.

Issues Addressed

The following reported and notable issues are fixed in this release.

Category/Component Issue
FIM Reporting We fixed an issue where the event details associated with assets were not displayed in the downloaded report for a unit manager. Now, the report includes all relevant event details.
Correlation Rule We fixed the issue where selecting a Rule Query from Saved Searches caused an error during Correlation rule creation. Now, the error is no longer displayed.
FIM Reporting We fixed an issue where downloading a CSV report from the Assets > Real Time Assets tab using QQL filters resulted in a blank file. The report now correctly includes the expected data based on the applied filters.
FIM Incident We fixed the issue where incidents created through correlation rules did not capture all events linked to a specific profile. Now, all relevant events are correctly captured.
FIM Reporting We fixed an issue where downloading a report with a large number of events showed a Gateway Time-out error. Now, the report downloads successfully, even when it contains many events.