Qualys Cloud Agent for Windows 5.6
June 03, 2024
New Features
Database Authentication and Assessment
With this feature, the Cloud Agent can be configured to fetch the authentication credentials for the database instances through the CyberArk vault for database assessment. This is applicable only for policy compliance control assessment.
CyberArk is the external software through which Cloud Agent fetches the credentials of the MSSQL Server database.
You can configure the database assessment options using the Cloud Agent user interface. With this configuration, the database credentials are directly fetched from the vault, and the database assessment is launched.
For database authentication using CyberArk, Qualys is currently supporting the following combination:
Windows Platform | Vault (On-Prem) |
PVWA | SDK | Credential Provider |
---|---|---|---|---|
All Windows platforms with SQL support | 13.2.4 | 9.10 | 13.0.0.6 | 13.0.2 |
The Qualys Windows Cloud Agent currently supports SQL Server databases for DB Assessment, specifically SQL Server versions 2014, 2016, 2019, and 2022, and utilizes CyberArk Vault for secure credential management.
Required Application Version | Qualys Cloud Platform 3.18.0.0 |
Enhancements for Patch Management
System Reboot for Patch Job
With the system reboot feature, you can create a job with the System Reboot pre-action, which will automatically reboot the assets in the Pending Manual Reboot status.
Earlier, when the patch job was executed with the Suppress Reboot option enabled, its status changed to Pending Manual Reboot. In this scenario, no other job can be executed on such an asset until it is rebooted manually, creating a bottleneck for job execution.
You can also schedule the system reboot job based on your patch deployment schedule. This is a high-priority task that is executed before other tasks after patch deployment.
Required Application Version | Qualys Patch Management 2.10.0.0 |
While creating a system reboot job, no other pre-action, post-action, or patch should be selected.
Enhancements for Endpoint Detection and Response
IP-Based Exclusion for Quarantined Host
With this enhancement, you can add IP addresses to be excluded while quarantining an asset. Earlier, this feature allowed only process-based exclusion.
This feature enables the user to set IP addresses that a quarantined asset can access and perform the following actions:
- Access the network share set on the excluded IPs.
- Take remote access for the excluded IPs.
Required Application Version | Qualys Endpoint Detection and Response 3.3.0 |
Behavior Changes
There are no behavior changes in this release.
Platform Coverage Support
There is no new platform coverage added in this release.
Issues Addressed
The following reported and notable issues have been fixed in this release.
Reported Issue | Description |
---|---|
CRM-122462 | Fixed an issue where the Cloud Agent server was rebooting when the self-protection feature was enabled for Cloud Agent. |
CRM-119829 | Fixed an issue with circular logging for Qualys Cloud Agent minidump files. Now, Cloud Agent retains only 10 minidump files. |
CRM-105046 | Fixed an issue where proxy keys were getting deleted after upgrading Cloud Agent for the Azure-based Windows server. |
CRM-116127 | Fixed an issue where Qualys Cloud Agent was collecting incorrect data for Policy Compliance CID 2398. |
CRM-121313 | Fixed an issue where the Cloud Agent service was stopping during the upgrade due to an unstable database file. |
Known Issues, Limitations, and Workarounds
There are no known issues and limitations available for this release.