Qualys Cloud Agent for Linux Intel 7.0
October 21, 2024
New Features
With this release of Qualys Cloud Agent for Linux Intel, we bring you the following new features and enhancements.
Activation of New Qualys Application - Mitigation
With this release, Qualys Cloud Agent for Linux supports the new Qualys application - Mitigation. With the Mitigation application, you can now mitigate vulnerabilities on Linux assets using actions and scripts, creating mitigation jobs.
Despite Patch Management being the core capability in vulnerability management, the Mitigation application plays a key role, as patching might not always be feasible considering the required downtime, or the patch might not be available in the case of zero-day vulnerabilities.
The mitigation job only minimizes the risk associated with a vulnerability and does not patch it. Hence, the vulnerability displays the Active status even after mitigation.
The security and IT teams can use Mitigation capability to enhance cyber-security resilience by addressing critical vulnerabilities without deploying a patch. This enables organizations to significantly lower their vulnerability exposure and streamline their response to cyber threats.
You can not add the assets while configuring the mitigation job.
For more information, refer to Qualys Mitigation Online Help.
|
Required Application Version |
Patch Management 3.0.0 Qualys Cloud Platform 3.19.0.1 Vulnerability Management Detection and Response 0.10.0 |
Cloud Agent Log Compression
The Cloud Agent for Linux now supports compressing log files to optimize disk space utilization. You can set the LogCompression parameter using the Cloud Agent configuration tool to enable or disable log file compression. Log compression considerably reduces the size of log files and reduces the disk usage on the host asset.
When enabled, Cloud Agent compresses the log file when it is rolled over and keeps the five most recent archived zip files, each with 10 MB of log data. When Cloud Agent accumulates more logs, the oldest scan logs are deleted, and space for new logs is created.
Log compression can compress the logs generated by the following applications:
- Scan logs
- Endpoint Protection Platform (EPP)
- Endpoint Detection and Response (EDR)
- File Integrity Monitoring (FIM)
- Patch Management (PM)
- Extended Detection and Response (XDR)
- Custom Assessment and Remediation (CAR)
- Mitigation
Using Log Compression, you can not compress the logs generated by peripheral agent binaries such as qualys-beats-xdr.log and edr-script.log.
Cloud Agent Binary Download from Qualys CDN
With this release, we are moving the Cloud Agent binaries to the Qualys Content Delivery Network (CDN). The Cloud Agent, with self-patching enabled, now downloads the latest available version from the CDN server, streamlining the binary download.
Earlier, Cloud Agent generated a URL using the binary ID and then downloaded the available Cloud Agent version from Cloud Agent Service (CAS). If the CDN server is not reachable, Cloud Agent downloads the latest available Cloud Agent version using the mirror URL directed to CAS.
The self-patch events are given high priority for the first three download attempts. If the binary download fails, the following attempts are given low priority, and the download is postponed until all the queued high-priority events are executed.
Cloud Agent Enhancements
Enhanced Database Authentication and Assessment
Vault Connection for Database Assessment Profile
With this enhancement, a new option is provided on the Cloud Agent user interface to create the vault connection for your database assessment profile. The vault connection includes details such as vault connection name, secret manager type, and vault credentials. Once configured, you can use this connection in assessment profiles.
You can use one common vault connection for multiple database assessment profiles.
New Secret Managers for CyberArk Vault
This feature also introduces the new secret manager types, the central credential provider (CCP) and credential provider (CP).
You can use the CP and CCP under the following conditions:
- Use the CCP when the database credentials are managed through a common system for all the agent hosts in your subscription
- Use the CP when the database credentials are managed by the Cloud Agent host itself.
Enhanced Cloud Agent Health Check Tool
With this release of Cloud Agent, we have enhanced the Cloud Agent Health Check Tool to support the following new functionalities.
Cloud Agent Health Check Support for Agents Installed in Alternate Folder
With this enhancement, you can now launch the Cloud Agent Health Check Tool for the agents installed in the alternate folder (/opt). Prior to this release, you could launch the tool only for the agents installed in the default installation folder (/usr/local/).
Run the following command to launch the Cloud Agent Health Check tool for agents installed in the alternate folder.
/usr/local/qualys/cloud-agent/bin/qualys-healthcheck-tool /opt
Patch Management Checks for Cloud Agent Health Status
This feature allows you to evaluate the Patch Management (PM) checks for Cloud Agent. To do so, provide the runPatch parameter in the Cloud Agent Health Check Tool execution command.
/usr/local/qualys/cloud-agent/bin/qualys-healthcheck-tool /usr/local runPatch
If you want to skip these checks, use No in the command.
/usr/local/qualys/cloud-agent/bin/qualys-healthcheck-tool /usr/local No
With this command, the following PM checks are performed on Cloud Agents:
| PM Check | Description |
|---|---|
| Installed Query Check | Check installed packages on the system |
| Available Query Check | Check available packages on the system |
| History Query Check | Detailed information on Cloud Agent's patch management activities. |
| Update Query Check | Check available packages on a machine with only update information. |
| Repolist Query Check | Check all the repositories configured on the system along with the number of packages available in each repository. |
| Repolist Expiry Check | Check the repositories with verbose details containing repository names and expiration status. |
Reflect Network Connectivity Failure in Cloud Agent Health Check Report
The Cloud Agent Health Check tool now detects Cloud Agent connectivity with the Qualys Cloud Platform—direct connectivity and connectivity using a proxy.
The following table presents possible connectivity scenarios and corresponding Cloud Agent health status.
| Cloud Agent Health Status | Description |
|---|---|
| GOOD | The direct connection attempt to the Cloud Platform is enabled, and both proxy and direct connection (without proxy) with the Cloud Platform are successful. |
| BAD | The direct connection attempt to Cloud Platform is enabled and, both the proxy and the direct connection fail. |
| BAD | The direct connection attempt to the Cloud Platform is disabled, and both the proxy and direct connection attempts fail. |
Reduced Proxy Connection Attempts for Cloud Agent Health Check
With this release, the Cloud Agent now makes a single attempt to connect to each configured proxy server while launching the Cloud Agent Health Check Tool, as opposed to the previous three attempts. This decrease in retry attempts enables the Cloud Agent to swiftly move to the next configured proxy, thereby ensuring a faster connection to the Qualys Cloud Platform.
To learn more about the Cloud Agent Health Check tool, refer to Cloud Agent for Linux 6.3 Release Notes.
Reduced Scan Processing Time for Inactive Agents
With this enhancement, we are providing support for the acceptable time duration (in days) for Cloud Agent inactivity. We have defined this acceptable time as 30 days. When a Cloud Agent is active again after the specified time, it performs a complete host asset scan and uploads the host metadata to Qualys Cloud Platform.
Earlier, the Cloud Agent first uploaded the pending delta to archive it and then initiated a new scan on the host asset. With the improved data-uploading workflow, reactivated Cloud Agent does not need to scan the host asset twice. This reduces the size of the payload being uploaded to Qualys Cloud Platform and the scan processing time.
Patch Management Enhancements
Package Level Status for Patch Deployment Jobs
With this enhancement, we are providing you package-level status for your patch deployment jobs with respective sub-codes. It gives you details of the patch deployment job status and helps you understand the reason for failure. It also displays the patches that were skipped during the deployment job.
As the status is mapped at the package level, it directly points to one of the many packages used in the deployment job that caused failure. By default, this feature is disabled.
| Required Application Version | Patch Management 3.0.0 |
Behavior Changes
There are no behavior changes in this release.
Platform Coverage Support
There is no new platform coverage support added for this release.
Issues Addressed
The following notable and important issues are fixed in this release.
| Issue | Description |
|---|---|
| CRM-122013 | We fixed an issue where the FIM events were generated for the excluded users and processes by updating the values for AUID and audit username fields in the filter queries. |
Known Issues, Limitations, and Workaround
There are no known issues or limitations noticed for this release.