Release 3.17
February 05, 2024
What's New?
Cloud Agent
New Feature - Change Activation Key from Cloud Agent User Interface
With this new feature, you can change the activation key for single or multiple agents from the Cloud Agent user interface. Earlier, you could change the activation key locally using commands.
Prerequisites
The Change Activation Key permission is required to perform the activation key change.
To change the activation key, navigate to the Agents tab and select the agent hosts. The Change Activation Key option is available for the agent hosts from the Quick Actions menu.
You can select 10000 agent hosts simultaneously for the activation key change.
Once the new activation is assigned:
- Applications activated with the newly assigned activation key are activated for the associated agent hosts.
- Applications manually activated for the earlier agent host and not associated with the earlier activation key are still activated.
- The network ID and static tags associated with the newly assigned activation key are linked to the associated agent host.
This feature will be available only when the Windows and Linux Agent binaries with activation key change support are available. For supported agent versions, refer to the Features by Agent Version section in the Cloud Agent Platform Availability Matrix.
For more information, refer to Cloud Agent Online Help.
New Feature - Add Customized Logo
When the Qualys Cloud Agent is installed on the Windows assets with the Patch Management application activated, the assets receive notifications for the patch updates. You can customize the logo and header for these Patch Management notifications on the assets.
To upload the custom logo image, click Help > Upload Custom Logo.
In the Upload Custom Logo dialog box, you can either upload an image for a logo or specify the HTTP or HTTPS path from where the image is downloaded.
If you want to apply the logo change to Patch Notifications on all Assets, select the Apply to all Agents check box.
You can also select single or multiple assets from the Agents tab and apply the logo change to the selected assets.
This feature will be available only when the Windows Agent binary with the customized logo feature is available. For supported agent versions, refer to the Features by Agent Version section in the Cloud Agent Platform Availability Matrix.
For more information, refer to Cloud Agent Online Help.
Updated the Default Data Collection Interval for PC Scan
With this release, the default value of the Data Collection Interval field for PC Scan in the configuration profile is updated from 240 to 720 minutes. The PC scan interval range is 240 minutes to 43200 minutes.
Vulnerability Detection and Response
New Feature - Create Rule based Alerts from the Responses tab
From this release, you can now create rule based alerting for resources that might fail certain critical evaluations and thus helps in fixing resource misconfigurations. The Responses tab allows you to trigger alert using alerting tokens in the Rule Query. You are notified about these alerts via the actions you select while creating the alerts. Actions that you can choose are sent as alert messages by Email, PagerDuty, or Post to Slack. email or slack messages.
The following is an example screenshot of the Rule Manager from the Responses tab:
For more information about rules and actions, refer VMDR Online Help.
Added Top Risk Factors in TruRisk Score
The visual representation of the TruRisk Score is enhanced with the Top Risk Factors list. The Top Risk Factors displays the risk criteria of the vulnerability detected on the asset. The following Top Risk Factors are listed based on the priority:
- CISA Known Exploitable
- Associated Threat actors
- Associated Malware
- Weaponized Vulns
- POC Exploity Maturity Vulns
- Recently Trending
To view the enhanced TruRisk Score representation from the Vulnerabilities tab, click the Asset Name and go to the TruRisk Score section under Security.
The following screenshot represents the Top Risk Factors of an asset, and the list of CISA Known Exploitables in the Vulnerabilties column:
To avoid data discrepancy we recommend you to not edit the Qualys Query Language (QQL) that is displayed when you click a Top Risk Factor.
The Top Risk Factors displays No risk factors found if an asset has no risk factors. The following screenshot is an example of an asset with no risk factors:
For more information about the Asset Details page, refer, VMDR Online Help.
New Tokens
The following tokens are newly added in the Assets tab:
| Token Name | Description |
| MiddlewareManifestVersion | Find host assets, where Middleware scan is performed using the specific manifest version. |
| PCManifestVersion | Find host assets, where PC scan is performed using the specific manifest version. |
| SCAManifestVersion | Find host assets, where SCA scan is performed using the specific manifest version. |
| UDCManifestVersion | Find host assets, where UDC scan is performed using the specific manifest version. |
| VMManifestVersion | Find host assets, where VM scan is performed using the specific manifest version. |
For more information about the search tokens in VMDR, refer VMDR Online Help.
Issues Addressed
| Category/Component | Application | Issue |
| CA-API | Cloud Agent |
We have improved the API response for uninstallation from the assets not tracked by Cloud Agent using API to uninstall Cloud Agents in bulk. The uninstall agent API response now displays a count of 0 for assets that are not tracked by Cloud Agent. Impacted API- POST: <APIserver name>/qps/rest/2.0/uninstall/am/asset |
| CA - UI/Documentation | Cloud Agent |
We have updated the Cloud Agent online help with the details of the In-Memory SQLite Databases option in the configuration profile. |
| CM-UI | Continuous Monitoring |
We have fixed an issue where the user experienced a delay in processing to the next step after clicking the IP address in the Host Impacted column in the Alerts tab. |
| CV - Azure Connector | Connector |
We have provided a fix for an issue where the customer could not fetch Azure connector data through API calls. |
| CSAM+GAV-UI | Asset View |
Previously, when the user created or edited a Purge Rule while selecting the Uninstall the agent option, the value would revert to Reprovision the agent option. We have fixed the flag setting to resolve this issue. |
| Portal-Administration UI | Administration |
We have fixed the issue where the Action Logs from the Administration application would not load the data or had latency in data loading. |
| Portal-Administration UI | Administration |
We have implemented a security enhancement for tag scoping in Qualys AssetView (AV) and Qualys CyberSecurity Asset Management (CSAM). This enhancement for AV is available with the following releases: This implementation ensures that the non-manager users can only access assets the Manager role has explicitly granted, but, a sub-user cannot create a child tag to a tag added to its scope. The following enhancements are implemented for Sub-Users:
|
| Portal-Adminstration UI | Administration |
The issue where adding tags using the Qualys Query Language (QQL) would not be listed in the Action Log of the Administration application is now resolved. |
| PVM-VMDR | Vulnerability Management Detection and Response |
We have fixed an issue where the VMDR dashboard widget that has trending enabled did not show the vulnerability data for some dates. |
| PVM-VMDR | Vulnerability Management Detection and Response |
We have fixed an issue where the Custom QIDs created in the Qualys Custom Assessment and Remediation (CAR) application when used with Group By Vulnerability in the VMDR application, would generate incorrect or no data. |
| PVM-UI | Vulnerability Management Detection and Response |
While exporting the QID download type from the VMDR > Vulnerabilities tab, the report listed the KB Severity field though the user selected the Severity option. This issue is now resolved. |
| PVM-Widget | Vulnerability Management Detection and Response |
We have fixed an issue where the Vulnerabilities and trending data showed the value as 0 for the Numerical widget. |
| SAQ - Questionnaire | Security Assessment Questionnaire |
When the Manager user was editing the Campaign report created by the invitee user, the application crashed, and the Manager user logged out. We have fixed this issue now. This error was caused because even though the Invitee user had a Manager user role to create the reports, the Manager user was not able to access these reports. |
| VMDR | Vulnerability Management Detection and Response |
The user encountered an issue, where even though the Non-Running Kernel count for vulnerabilities in the trending widget were excluded, the search result would include the Non-Running Kernel results. We have corrected the database entries and the issue is now resolved. |
| WAS-API | Web Application Scanning |
We have fixed an error that the user received while searching the report templates using the following APIs:
|
| WAS-API | Web Application Scanning |
We have fixed an issue where the distribution list details were missing in the API response for the scheduled WAS report. The impacted API- GET: <APIserver name>/qps/rest/3.0/get/was/report/<id> |
| WAS-UI | Web Application Scanning |
We have fixed an issue where the scorecard report did not show the correct severity for detection if the user had updated the severity. This issue is resolved, and the scorecard report now displays the updated severity for the detection. |