What's New in CAR

This topic gives you an overview of CAR releases. For more information, refer to Custom Assessment and Remediation Release Notes.

CAR Release 2.5

The CAR 2.5 release includes the following updates:

  • Enhanced Detection Logic for Custom QIDs:
    Custom QIDs can now be detected using script output (via regex/pattern matching) instead of exit codes.
  • Lab Asset Tags:
    Introduced lab asset tags for easier script execution and testing on lab assets.
  • Improved Script Testing Flow:
    You can now select lab asset tags to add assets in bulk for script testing instead of manual selection of assets.
  • API Enhancements:
    CAR APIs are updated to support new lab asset tags and Custom QID detection features. For more details, refer to Custom Assessment and Remediation 2.5 API Release Notes.

Release 2.5 | Release 2.5 API

CAR Release 2.4.1

The CAR 2.4.1 release includes the following updates:

  • Delete Invalid Asset Jobs:
    Asset jobs with MANIFEST_EXPIRED or MANIFEST_ASSIGNMENT_FAILED statuses can now be deleted individually or in bulk.
  • Filter Asset Jobs by Execution Status:
    Asset jobs can be filtered by Execution Passed or Execution Failed status on the asset details page.
  • Filter Jobs by Script Category:
    Jobs can now be filtered by Script Category in the Jobs tab.
  • Search Token Improvement:
    Search queries containing colons (for example, IPv6 addresses) are now supported by enclosing the value in single quotes ('), backticks (`), or double quotes (").
  • API Enhancements:
    Introduced a new API to delete invalid asset jobs and added new parameters to the Scripts and configuration-based APIs. For more details, refer to Custom Assessment and Remediation 2.4.1 API Release Notes.


Release 2.4.1 | Release 2.4.1 API

CAR Release 2.4

The CAR 2.4 release includes the following updates:

  • New Reports Tab:
    A new Reports tab allows users to generate and download reports (CSV format) for any job. Reports are available for 30 days.
  • Exit Code Description:
    Descriptions can now be added to exit codes in custom QID scripts, improving clarity and searchability.
  • Asset Job Tab Token:
    The return.code.description token has been added for searching jobs on the Assets Job tab.
  • Enhanced Script Creation:
    The script creation process has been optimized, allowing Manager users to create custom QID and parameterized scripts with customizable parameters. 
  • Enhanced Parameterized Script Creation:
    Parameterized script creation is improved with the ability to import predefined scripts and enter parameters within the Script Details page, and a new Add Parameter Value tab for adding parameter values when importing from the library.
  • Enhanced User Interface (UI 4.0) of the Qualys Enterprise TruRisk™ Platform:
    Introduced the new and improved UI for CAR.
  • API Enhancements:
    Added new APIs to streamline report management, including fetching, generating, downloading, and deleting reports for the reporting feature. For more details, refer to Custom Assessment and Remediation 2.4 API Release Notes.


Release 2.4 | Release 2.4 API

CAR Release 2.3

The CAR 2.3 release includes the following updates:

  • New User Role - Library Script Importer (Read-Only):
    This new role allows users to import detection scripts and add parameters, streamlining administrative tasks without granting full editing access. Users with this role only see importable detection scripts in the Library.
  • Enhanced Data Retention:
    Job and Asset Job metadata retention has been extended from 7 days to 90 days, aligning with the CAR Data Retention Policy. Users can view the output of the latest 5 jobs per script.
  • Update in Auto Deprecation:
    Scripts unused for six months will no longer be automatically deprecated, giving users more control over script management.
  • New Token for Scripts and Library Tabs:
    The mode: token (with values "Parameterized" or "Standard") has been added to filter scripts by type.
  • Library Tab UI Improvement:
    The Library tab UI has been redesigned with better navigation, organization, and categorization of scripts (e.g., PC Remediation, AD Security Posture, QID without Patch) for easier browsing.
  • API Enhancements:
    The 'thresholdTimeUnit' field has been removed from script-based APIs.  The 'threshold' input parameter now requires values to be provided in seconds. For more details, refer to Custom Assessment and Remediation 2.3 API Release Notes.


Release 2.3 | Release 2.3 API

CAR Release 2.2.1

The CAR 2.2.1 release includes the following updates:

  • Parameterized Scripts:
    New parameterized scripts are available in the Script Library, allowing Manager users to customize script parameters to meet specific needs, even after the script has been run.
  • Removal of End Date from Script Scheduling:
    The End Date field has been removed from script scheduling, allowing for indefinite script runs. Scripts can be deprecated when no longer needed.
  • Issue Addressed:
    A bug causing errors when selecting assets while editing existing schedules has been fixed.
  • API Enhancements:
    Two new APIs have been added: Get Script Parameters and Update Script Parameters. For more details, refer to Custom Assessment and Remediation 2.2.1 API Release Notes.


Release 2.2.1 | Release 2.2.1 API

CAR Release 2.2

The CAR 2.2 release includes the following updates:

  • View Script Details on Job Page:
    You can now view script details (such as platform, type, language, description, and category) directly from the Jobs page by selecting a job and clicking View Script Details in the Quick Actions menu.
  • Sync Script with GitHub in Edit Flow:
    Approved scripts imported from GitHub can now be synced, allowing changes made on GitHub to automatically update the script on the Qualys Enterprise TruRisk™ Platform. This is enabled/disabled via a toggle in the Edit Script flow.
  • View Custom QIDs on Scripts Tab:
    A new Custom QID column has been added to the Scripts tab to display the Custom QID numbers.
  • Lab Asset Enhancement:
    The maximum number of non-production assets for script testing has been increased from 10 to 100.
  • Test/Run Now Enhancement:
    When using Test or Run Now, the IP address is now displayed along with the agent name.
  • Custom QID Return Codes Enhancement:
    The number of allowed return codes for Custom QID Scripts has been increased from two to multiple, allowing for more scenarios.
  • API Enhancements:
    Three new APIs have been introduced: Create Custom QID, Update Custom QID, and Search Custom QID. For more details, refer to Custom Assessment and Remediation 2.2 API Release Notes.


Release 2.2 | Release 2.2 API

CAR Release 2.1

The CAR 2.1 release includes the following updates:

  • Introduced a New Configuration Tab:
    A new tab called Configuration is introduced to specify the list of restricted commands, assets, and assets tags suiting your environment.
  • Schedule System Reboot After CAR Script Execution:
    Introducing the ability to initiate planned reboots for schedules after script execution. With the reboot functionality, you can now easily configure/set asset reboots during schedule creation.
  • Import Custom QID Scripts from the Library:
    With this release, you can now import custom QID scripts from Library to Scripts. Once you import the script you can add tags and assets to the imported script.
  • Hourly Schedule:
    Added an hourly recurrence option for scheduling script executions, allowing for execution every 1 to 23 hours.
  • New Job Search Token:
    A new correlationId token is added to search for jobs using their alphanumeric correlation ID.
  • Enhancement - Immediate Script Rerun:
    The previous 5-minute wait time between script executions is removed, allowing scripts to be rerun immediately.
  • API Enhancements:
    Introduced 11 new APIs and updated two existing APIs. For more details, refer to Custom Assessment and Remediation 2.1 API Release Notes.


Release 2.1 | Release 2.1 API

CAR Release 2.0.1

The CAR 2.0.1 release includes the following updates:

  • New Fields for Custom QID Script:
    Added two optional text fields for QID Details:
    • Impact: Describes potential consequences of exploitation.
    • Solution: Suggests a verified fix for the issue.
  • New Scheduling Option for Custom QID Scripts:
    Introduced "Save and Create a Schedule" option to create and schedule scripts simultaneously, saving time.
  • Increased Script Creation Limit:
    Maximum scripts per subscription increased from 2000 to 5000.


Release 2.0.1

Previous Release Notes

If you want to refer to the previous releases release notes that were in the PDF format, refer to the Release Notes page. 

©2025 Qualys, Inc. All rights reserved. Privacy Policy.