Cyber Security Asset Management Settings

Configure the Cyber Security Asset Management Settings to fetch the asset details from your subscribed Qualys Cyber Security Asset Management account.

csam_settings

You can configure the following settings in Cyber Security Asset Management Settings.

Setting	Description
Log User Accounts	Log the user account details when this checkbox is enabled. By default, this checkbox is selected.
Log Open Ports	Log the open port details when this checkbox is enabled. By default, this checkbox is selected.
Log File System Volume	Log the file system volume details when this checkbox is enabled. By default, this checkbox is selected.
Log Network Interfaces	Log the network interface details when this checkbox is enabled. By default, this checkbox is selected.
Log Software (Separate event is created for softwares)	Log the software details when this checkbox is enabled. Separate events are created for software details. By default, this checkbox is selected.
Log Tags	Log the tag details when this checkbox is enabled. By default, this checkbox is selected.
Log Hardware	Log the hardware details when this checkbox is enabled. By default, this checkbox is selected.
Log Operating System	Log the operating system details when this checkbox is enabled. By default, this checkbox is selected.
Log Business App List Data (Separate event is created for Business Apps)	Log the user account details when this checkbox is enabled. Separate events are created for business app details. By default, this checkbox is unselected.
Exclude Unmanaged Assets	Excludes the unmanaged asset details when this checkbox is enabled. By default, this checkbox is unselected.
Page size (max 300)	This allows you to specify the number of records to be fetched in a single API call. The default value for page size is 100 records, and the maximum value is 300.
Extra filters for CSAM API	This allows you provide the extra filters, if any. The filter should be in the following format `{"filters": [{"field": "fieldName", "operator": "operator","value": "Value"},{"field": "fieldName", "operator": "operator","value": "Value"}]}.` `For ex: {"filters": [{"field": "inventory.source", "operator": "EQUALS","value": "IP"},{"field": "operatingSystem", "operator": "EQUALS","value": "Linux"}]}` For more information on supported fields and operators, refer to API User guide.
CSAM Maximum API retry count	Defines the number of times TA can retry the API call after any error occurs. TA stops the data input run after the maximum retry count exceeds and in checkpoint file it stores last seen asset details like last seen asset ID and asset last updated datetime and starts next run according to cron schedule and picks up last seen asset ID and asset last updated datetime from last run and pulls the remaining data.

Event Types for CSAM in Splunk

You can use default event types to search for CSAM data pulled in the Splunk. For more information, refer to Event Types for searching your apps data.