Connector 2.9

May 13, 2025

Connector 2.9 introduces updates to FlexScan techniques. 

Amazon Web Services

Snapshot-based Scan Secrets Detection Integration 

With this release, we have enhanced the visibility of exposed secrets across AWS instances and strengthened risk prioritization through enriched insights. You can enable Secrets detection while configuring your Snapshot scan deployment on AWS. The scan discovers the secrets in your AWS workloads and passes it on to your Instance inventory which is then aligned with IAM Insights to provide you with enriched TruRiskTM Insight analysis.

To discover your exposed secrets, you must

1. Navigate to Create or Edit menu of the connector, select the Enable Secret Detection option under Zero-touch Snapshot Based Scan.
   
   
2. Launch a Snapshot-based scan, and open any resulting instance from the scan to find the Secrets tab for that instance.
   You can also search "instance.hasSecrets: yes" in the QQL search bar and open any resulting Instance.

Enhanced Handling of Suspended AWS Accounts and Connector Cleanup

Previously, when an AWS account was suspended or terminated, its associated connector appeared in an error state without being disabled. Now, AWS accounts that are terminated or suspended result in the detachment and disabling of the respective member connectors.

You can use the aws.account.status token to view the connectors that are detached and disabled as part of this cleanup.

You can find the Account Status in the Connector Details page.

Common Cloud Updates

AMI Images Scanning in Connectors

Connector Snapshot-based scan now extends its vulnerability management capabilities to include Amazon Machine Images (AMIs), allowing organizations to assess security posture before runtime deployment. This supports proactive hardening of golden images and minimizes exposure in production environments.

This feature will be available after QFlow version 1.15.1 is deployed.

Benefits

Inventory Support for AMIs

• Automatically discover and list AMIs and Azure Images using existing cloud connectors.

• Display AMIs under the Inventory section alongside other cloud resources.

Vulnerability Scanning for AMIs

• AMIs are scanned using Snapshot-based techniques similar to virtual machines.

• Vulnerability findings are displayed per AMI.

To enable Image Scanning for AMIs images,

1. Navigate to Create or Edit menu of the connector, select the Enable AMI Scanning option under Zero-touch Snapshot Based Scan.
   
2. Deploy your AWS Snapshot-scan CloudFormation template with AMI scanning enabled.
3. Navigate to the TotalCloud inventory > Choose AWS> Select AMI Images.
4. View the scan findings by clicking on any image and analyzing the detailed image information.

Zero-Touch Cloud Perimeter Scan for GCP

Building on previous capabilities for AWS and Azure, Zero-Touch Cloud Perimeter Scan is now extended to GCP environments. This enhancement provides automated vulnerability scanning of internet-facing (public) assets in Google Cloud Platform without the need for manual asset discovery or configuration.

Feature Summary

• Automatic scanning of public-facing GCP assets, such as VMs (currently, Load Balancers are not supported).

• No manual setup required for asset discovery—leverages cloud connector data.

• Full integration with VMDR, providing visibility and reporting for GCP perimeter risks.

To enable Cloud Perimeter Scan for GCP,

1. Create or edit a GCP connector and select the Cloud Perimeter Scan checkbox from the Tags and Activation step.
   
2. Next, configure the Scan Settings if you are creating a new connector. Otherwise, save and run your connector.