Qualys Cloud Agent Application Release 2.2

Limited Customer Release

June 02, 2025

New Feature — Manifest Version Control

Overview

Manifest Version Control (MVC) gives organizations greater control over the Vulnerability Management (VM) manifests used by Qualys Cloud Agents. With this feature, you can delay or prevent the automatic assignment of newly published manifests, allowing time for validation in test environments before assigning them to production systems.

This capability helps reduce the risk of operational disruptions caused by unforeseen issues in newly released manifests and supports more controlled, reliable security operations at scale.

Importance of Manifest Version Control

VM manifests define the vulnerability signatures used by Qualys Cloud Agents. While it is important to have the latest threat data available, automatic assignment of newly published manifests can introduce a risk if the new manifest has unexpected interaction with specific environments. 

Though published manifest are thoroughly tested and rarely cause any issues, the Manifest Version Control acts as a safeguard by allowing time to validate new manifests before assigning them to your critical assets.

Benefits of Manifest Version Control

The manifest version control offers the following benefits:

• Reduce Operational Risk: Validating new manifests before assigning them to critical assets avoids any unforeseen and unintended impact.
• Controlled Manifest Assignment: Manifest version control supports staggering manifest assignments across environments using time delays. You can delay the manifest assignment till the new manifest is validated.
• Consistent Scanning Behavior: Using validated manifests across your assets brings uniformity and consistency in scan behavior.
• Rapid Mitigation: With manifest version control, you can delay the assignment of problematic manifests for up to 48 hours, allowing you time to remediate the issues.

Steps to Create Manifest Version Control Profile

Perform the following steps to create a new manifest version control profile:

1. Navigate to Configurations > Version Control Profiles > Manifest Version Control tab in the Cloud Agent user interface.
   
   
2. Click New MVC Profile. The profile configuration window opens.
   
   
3. Enter the profile name and description and configure the following settings:
    

   Prevent Manifest Update

   Select the Prevent manifest update checkbox to prevent the newly published manifest from being assigned to your Cloud Agent. You can specify Cloud Agents by adding tags in your manifest version control profile.

   We recommend using this option only for validation purposes. Once you validate the newly published manifest in your test environment, disable this option for affected Cloud Agents to download and assign the latest available manifest.

   If you want your Cloud Agent to download the latest manifest immediately after you disable this option, ensure that:

   • Time delay for manifest assignment is set to zero (0)
     
     OR
   • Disable the Prevent manifest update option after the time delay interval is passed.
     For example, If you have set the time delay of five hours in the manifest version control profile, disable the Prevent manifest update option after five hours, so that the affected Cloud Agents get the latest manifest immediately.

   Delay Manifest Assignment

   In the Time Delay field, select the time interval in hours to delay the new manifest assignment for your Cloud Agent. By default, the Time Delay is set to 0 hours. Meaning, Cloud Agents are assigned the new manifest immediately after it is published. You can set a maximum of 48 hours of time delay for the manifest assignment.

   For example, if you select the Time Delay as five (5) hours, manifests published in the last five hours are not assigned to Cloud Agents associated with the MVC profile. However, the manifests published before 5 hours are assigned to the affected Cloud Agents.

Manage Manifest Version Control Profiles

You can use the Quick Actions menu to View, Edit, or Delete a manifest version control profile.

To access the Quick Actions menu, select a manifest version control profile and click the down arrow.

Reorder MVC Profiles

The MVC profiles are assigned based on their priority. To change the profile priority, click Reorder in the Manifest Version Control tab and reorder the profiles in the Reorder MVC Profile window.