Release 3.1

February 12, 2024

What's New?

Qualys Policy Compliance Integration with EDR

We have introduced Qualys Policy Compliance (PC) integration with EDR lists the CIDs, Control Statement, and MITRE Technique ID that failed the Qualys Policy Compliance assessment due to endpoint misconfiguration. The following screenshot is an example of the System Misconfiguration tab:

System Misconfiguration Tab in Risks and Exploits section of Incidents details.

Fileless Attack Protection option in Behavioral Scan

Use the Fileless Attack Protection from the Behavioral Scan to discover and block fileless attacks at the pre-execution stage. The Fileless Attack Protection is supported only for the Windows Operating System.

The following screenshot is an example of the Fileless Attack Protection option:

Fileless Attack Protection option in Behavioral Scan.

For more information about Behavioral Scan, refer to EDR Online Help.

The Incidents tab is Renamed to Detections

From this release, we have renamed the Incidents tab to Detections. The Incidents and Alerts tabs are under the Detections tab. All the malicious incidents are listed under the Incidents tab. The Alerts tab lists the detection name, severity score, and the remediation action that can be performed on these malware families. For token information, refer to Incidents Search Tokens and Alerts Search Tokens in EDR Online Help. 

The following combined screenshot is an example of the Detections tab with column names highlighted for Incidents and Alerts :

Incidents tab with Incidents and Alerts sub-tabs.

Verdict Change for Severity Score on Incident Page

If Qualys Threat Intelligence changes the severity score due to the verdict change, the previous and new scores are displayed. The adjusted score is observed on the Incidents page under the Detections tab. 

The following screenshot is an example of an Incident's severity score changed from 6 to 7:

Severity Score change in the Severity Score column of the Incidents page under the Detections tab.

Last Quarantine and Last UnQuarantine Time Columns added in Simple List Table Type

From this release, we have introduced the Last Quarantine Time and Last UnQuarantine Time columns. These columns are listed only for the Table widget for the Simple List Table Type. The Last Quarantine Time implies the time the assets were last isolated from the network. The Last UnQuarantine Time is when the assets were last removed from quarantine. 

The following screenshot is an example of the Last Quarantine and Last Unquarantine Time selected in the Columns to Display field in the Table widget of Simple List Table Type:

Last Quarantine and Last Unquarantine Time in the Column to Display field of Simple Table List.

Activity Log and Quarantined Items Introduced under the Responses tab

The newly added Activity Log lists all the remediation activities, and Quarantined Items lists all the Quarantined assets. The tabs list Vulnerability Management Detection and Response (VMDR) or EDR as the Source for the remediation activities and Quarantined assets. Suppose the Source is listed VMDR in the Activity Log or Quarantined Items tabs; it implies that the remediation activities and quarantined assets are based on the Actions and Rule Manager created under the Responses tab of the VMDR application. 

You can create only one quarantine action for each customer and one rule for each Quarantine asset.

The following screenshot is an example of the Activity Log that displays VMDR and EDR as the Source:

For more information, refer to Activity Log and Quarantined Items in the EDR online help.