File Integrity Monitoring Release 4.8.1

September 01, 2025

Implementation of QQL Token Standardization

We have now implemented Qualys Query Language (QQL) token standardization across all Qualys applications. As part of this enhancement, both common and FIM-specific tokens are updated with new token names that follow a standard, consistent nomenclature. 

The new token format follows the syntax: entity.attribute
For example, in the new token, event.action, event is the entity, and action is the attribute. 

Key Enhancements:

  • Standardized Token Naming: The tokens, such as events, incidents, assets, configuration, correlation, and activity, now adhere to a standardized naming convention. The tokens common to all Qualys applications have also been updated.
  • Search Bar Updates: Only the new tokens are displayed in the auto-suggestion in the search bars within the UI. However, if you type the old token name manually, the QQL query still works. The old tokens will not be visible in the auto-suggestions on the UI.
  • Backward Compatibility: The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens in edit mode.
  • Improved Interoperability: The standardized tokens make it easier to copy and reuse the search query from one application to another, eliminating the need to remember multiple token names for different applications and similar searches.

For the complete list of old and new token mappings, see FIM Online Help.

API Updates:
You can now use the new standardized token in the FIM APIs to filter the response as required. For more information, refer to Enhanced APIs with New QQL Search Tokens.

File Integrity Monitoring on FreeBSD

FIM now supports monitoring files and directories on the FreeBSD operating system. Detected changes are displayed as events on the Events > All Events > Host Based tab. You can use the following QQL token to filter the FreeBSD events: 

asset.operatingSystem: FreeBSD

Prerequisites

Before you enable FIM on FreeBSD, make sure you have:

  • FreeBSD: Version 13 or higher
  • Cloud Agent: Version 7.1.0-x or higher

FIM on FreeBSD will be available to use once the supported Cloud Agent version is available.

Limitations
  • File read events are not recorded.
  • The commands used to perform actions on files are not displayed on the event details page.

Issues Addressed

The following reported and notable issues are fixed in this release:

Category/Component Description
FIM Events We fixed an issue where Windows events were not generating on time due to system processing issues.
FIM Profile Rule We fixed an issue where an error message was incorrectly shown even when entering a valid path while creating a Registry Value rule in a monitoring profile.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.