Qualys Cloud Agent Application 2.1

April 14, 2025

New Features

We are introducing the following new features and enhancements with this release of the Cloud Agent user interface.

Platform Name Change Update

We are renaming the Qualys Cloud Platform to the Qualys Enterprise TruRisk Platform. This change highlights Qualys' commitment to empowering CISOs, cybersecurity professionals, and risk stakeholders to effectively measure and mitigate the impact of cyber risk on their organizations.

The Qualys Enterprise TruRisk Platform is the only cybersecurity and risk management solution that enables you to measure, communicate, and eliminate cyber risk across the extended enterprise with precise remediation and mitigation actions.

This update does not affect the platform’s functionality or features. Starting in January 2025, the name change will be implemented in phases across all product interfaces.

For more information, check out this blog.

New Feature — Create a Tag-based AVC Profile

With this release, we are introducing a feature to create tag-based Agent Version Control (AVC) Profiles. You can now create multiple AVC profiles and use different AVC profiles for different agents. You can also set the priority of these AVC profiles.

The tag-based AVC profile offers you the following benefits:

Better control over Cloud Agent versions: Using a tag-based AVC profile, you can implement an asset-level version control process. You can create multiple AVC profiles and assign them separately to different agents using tags added to the profile.
Backup options for an existing AVC profile: A profile with the highest priority is applied to the configured host assets. If you delete this profile, the AVC profile next in priority order is assigned to affected host assets. This creates a backup for the existing profile, preventing the host assets from auto-upgrading to the latest version.
Flexible agent version control system: A subscription-level AVC profile can not be used to implement AVC rules for specific assets. A tag-based profile gives you asset-level control, catering to your exclusive and varying version control requirements.

To create a tag-based AVC profile, navigate to Configuration > Agent Version Control Profile > New AVC Profile.

To learn more about this feature, refer to Tag-based AVC Profiles.

Limitations for Tag-based AVC Profiles

Make note of the following important points, before creating/updating an AVC profile:

A newly created/updated AVC profile takes some time for profile evaluation and implement version control rules. We recommend you wait for 24 hours before enabling the auto-upgrade option in the respective configuration profile.
Sometimes tag-based profiles takes time for evaluation. Hence affected Cloud Agents may fall back to the next available profile and get upgraded to latest released binary version. To avoid this issue, we recommend creating the subscription level profile with lower binary version.
You can not set a tag-based AVC profile as a subscription-level profile. Also, you can not add tags to the subscription-level profile.
If you have configured your Cloud Agents for auto-upgradation and deleted an AVC profile assigned to them, then the respective Agents are upgraded to the latest released Agent binary version.
AVC profiles are assigned based on their priority. If you create an AVC profile, and it has lower priority than the currently assigned profile, then your assets do not follow the version control rules configured in the newly created profile. To learn more about setting up AVC profile priority, refer to Reorder Agent Version Control Profiles.

Support to Assign Cloud Agent Hosts as a CAPS Leader

With this release, we have added support for assigning Cloud Agent hosts present in your network as CAPS leaders while creating a CAPS Configuration profile. This feature allows you to designate Cloud Agent hosts to act as CAPS leaders, resulting in better network traffic monitoring. You can assign up to a hundred Cloud Agent hosts to act as a CAPS leader.

The CAPS leader performs the following important functions in your network:

Passively monitors network traffic.
Sends the asset metadata to Qualys Enterprise TruRisk™ Platform (ETP).
Detects assets present in your network and displays them in the CyberSecurity and Asset Management (CSAM) inventory.

When you assign multiple Cloud Agent hosts as CAPS leaders, the designated CAPS leader candidates randomly elect a leader among them.

To assign a CAPS leader, navigate Configuration > CAPS Configuration. In the Assign CAPS Leader section, add the hosts you want to act as a CAPS leader.

Only the host assets that have CAPS-activated Cloud Agent installed can participate in the CAPS leader election.

To learn more about this feature, refer to Cloud Agent online help.

Role-based Access for Cloud Agent

With this release, we are introducing role-based access for Software Composition Analysis (SwCA), Agent Version Control (AVC), Database Assessment, Vault, and Cloud Agent as Passive Sensor (CAPS) configuration profiles. This helps you control access to the various configuration profiles, preventing any unintended and unauthorized modifications.

You can assign these permissions in the Administration application while creating or editing a user role.

To learn more about this feature, refer to the following sections in Cloud Agent online help:

Permission Controls for SwCA Profile
Permission Controls for AVC Profile
Permission Controls for CAPS Configuration
Permission Controls for Database Assessment
Permission Controls for Vault Configuration

Expiration Time for Log Download Requests

We have introduced an option to automatically archive Cloud Agent Log Download requests after they exceed the expiration time. Based on the status of log download request the following are the expiration times:

Processing: The log download requests with Processing status, are archived after 3 days.
Completed: The log download requests with Completed status, are archived after 7 days.