Custom Assessment and Remediation Release 2.5.1

May 12, 2025

Tag-based User Scoping in CAR

We have introduced the Tag-based User Scoping feature, that restricts a user to execute scripts only on the assets that are in their scope. The user with manager role can define the scope of other users by assigning the required tags to different assets and then adding those tags to the user's scope. 

By default, the manager user has access to all assets and tags.

To define the user scope, navigate to Administration > Users > User Management and edit the user. In the User Edit window, click the Roles And Scopes tab. From there, a manager user can create, select, and remove the required tags from the user's scope.

See the image below that shows the Edit Scope section where the manager user has added tags for a user.

Edit scope of a user.

For more information on Tag-based User Scoping, refer to CAR Online Help.

The Tag-based User Scoping feature is enabled based on customer request. Contact Qualys Technical Support to get it enabled.

API Support for Tag-based User Scoping

The Tag-based User Scoping feature is also supported through CAR APIs. For more information, refer to the Tag-based User Scoping in CAR APIs.

Custom Remediation for Failed Controls in Policy Audit/Policy Compliance

You can now remediate any Policy Audit/Policy Compliance control that is failing in PA/PC scan. For this we have introduced a new script type - Control ID Remediation in CAR.

You can create the remediation script by navigating to Scripts > Create > New Script and selecting the script type as Control ID Remediation. You must provide the control ID and the asset technology from the Policy Audit/Policy Compliance in the script.

control ID remediation script details.

Once the script is executed, the control will be remediated and it will pass in the next PA/PC scan.

For more information, refer to the CAR Online Help.

API Support for Control ID Remediation Script

We have added support for the new script type through CAR APIs. For more information, refer to Support for Control ID Remediation through APIs.

CAR Features based on License Types

From this release, CAR features are available based on different Qualys modules/product licenses. The following table provides which features you can access with each type of license. 

License Type Available CAR Features

Policy Audit/Policy Compliance
  • Create Custom QIDs and Custom Scripts
  • View all scripts in the library except the script contents

Policy Audit/Policy Compliance and Policy Audit Fix/PC Remediation
  • Create all types of scripts
  • PC Remediation/Policy Audit Fix category scripts are available to view script content and import

You can select the license according to your requirements. Contact the Qualys Technical Support for more information.

Issue Addressed

The following issue is fixed in this release:

Component/Category Description
Asset Jobs We fixed an issue where the job details page was not showing the list of assets with Pending or Failed jobs, even though the Jobs tab showed the number of pending assets.

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.