Release 3.17

February 05, 2024

What's New?

CA pill Cloud Agent

New Feature - Change Activation Key from Cloud Agent User Interface

With this new feature, you can change the activation key for single or multiple agents from the Cloud Agent user interface. Earlier, you could change the activation key locally using commands.

Prerequisites

The Change Activation Key permission is required to perform the activation key change.

Change Activation Key option.

To change the activation key, navigate to the Agents tab and select the agent hosts. The Change Activation Key option is available for the agent hosts from the Quick Actions menu.

Apply Custom Logo

You can select 10000 agent hosts simultaneously for the activation key change.

Once the new activation is assigned:

  • Applications activated with the newly assigned activation key are activated for the associated agent hosts.
  • Applications manually activated for the earlier agent host and not associated with the earlier activation key are still activated.
  • The network ID and static tags associated with the newly assigned activation key are linked to the associated agent host.

 This feature will be available only when the Windows and Linux Agent binaries with activation key change support are available. For supported agent versions, refer to the Features by Agent Version section in the Cloud Agent Platform Availability Matrix.

For more information, refer to Cloud Agent Online Help.

New Feature - Add Customized Logo

When the Qualys Cloud Agent is installed on the Windows assets with the Patch Management application activated, the assets receive notifications for the patch updates. You can customize the logo and header for these Patch Management notifications on the assets. 

To upload the custom logo image, click Help > Upload Custom Logo.

Upload Custom Logo option.

In the Upload Custom Logo dialog box, you can either upload an image for a logo or specify the HTTP or HTTPS path from where the image is downloaded.

Upload custom logo window.

If you want to apply the logo change to Patch Notifications on all Assets, select the Apply to all Agents check box.

You can also select single or multiple assets from the Agents tab and apply the logo change to the selected assets. 

 This feature will be available only when the Windows Agent binary with the customized logo feature is available. For supported agent versions, refer to the Features by Agent Version section in the Cloud Agent Platform Availability Matrix.

For more information, refer to Cloud Agent Online Help.

Updated the Default Data Collection Interval for PC Scan

With this release, the default value of the Data Collection Interval field for PC Scan in the configuration profile is updated from 240 to 720 minutes. The PC scan interval range is 240 minutes to 43200 minutes.

PC Scan Interval in Configure Profile Creation.

 Vulnerability Detection and Response

New Feature - Create Rule based Alerts from the Responses tab

From this release, you can now create rule based alerting for resources that might fail certain critical evaluations and thus helps in fixing resource misconfigurations. The Responses tab allows you to trigger alert using alerting tokens in the Rule Query. You are notified about these alerts via the actions you select while creating the alerts. Actions that you can choose are sent as alert messages by Email, PagerDuty, or Post to Slack. email or slack messages. 

The following is an example screenshot of the Rule Manager from the Responses tab:

Response tab in VMDR application.

For more information about rules and actions, refer VMDR Online Help

Added Top Risk Factors in TruRisk Score

The visual representation of the TruRisk Score is enhanced with the Top Risk Factors list. The Top Risk Factors displays the risk criteria of the vulnerability detected on the asset. The following Top Risk Factors are listed based on the priority:

  • CISA Known Exploitable
  • Associated Threat actors
  • Associated Malware 
  • Weaponized Vulns
  • POC Exploity Maturity Vulns
  • Recently Trending 

To view the enhanced TruRisk Score representation from the Vulnerabilities tab, click the Asset Name and go to the TruRisk Score section under Security

The following screenshot represents the Top Risk Factors of an asset, and the list of CISA Known Exploitables in the Vulnerabilties column:

To avoid data discrepancy we recommend you to not edit the Qualys Query Language (QQL) that is displayed when you click a Top Risk Factor. 

The Top Risk Factors displays No risk factors found if an asset has no risk factors. The following screenshot is an example of an asset with no risk factors:

For more information about the Asset Details page, refer, VMDR Online Help

New Tokens

The following tokens are newly added in the Assets tab:

Token Name Description
MiddlewareManifestVersion Find host assets, where Middleware scan is performed using the specific manifest version.
PCManifestVersion Find host assets, where PC scan is performed using the specific manifest version.
SCAManifestVersion Find host assets, where SCA scan is performed using the specific manifest version.
UDCManifestVersion Find host assets, where UDC scan is performed using the specific manifest version.
VMManifestVersion Find host assets, where VM scan is performed using the specific manifest version.

For more information about the search tokens in VMDR, refer VMDR Online Help.

Issues Addressed

Category/Component Application Issue
CA-API Cloud Agent 

We have improved the API response for uninstallation from the assets not tracked by Cloud Agent using API to uninstall Cloud Agents in bulk. The uninstall agent API response now displays a count of 0 for assets that are not tracked by Cloud Agent.


Impacted API- POST: <APIserver name>/qps/rest/2.0/uninstall/am/asset
CA - UI/Documentation Cloud Agent

We have updated the Cloud Agent online help with the details of the In-Memory SQLite Databases option in the configuration profile.

CM-UI Continuous Monitoring

We have fixed an issue where the user experienced a delay in processing to the next step after clicking the IP address in the Host Impacted column in the Alerts tab.

CV - Azure Connector Connector

We have provided a fix for an issue where the customer could not fetch Azure connector data through API calls.

CSAM+GAV-UI Asset View

Previously, when the user created or edited a Purge Rule while selecting the Uninstall the agent option, the value would revert to Reprovision the agent option. We have fixed the flag setting to resolve this issue.

Portal-Administration UI Administration

We have fixed the issue where the Action Logs from the Administration application would not load the data or had latency in data loading.

Portal-Administration UI Administration

We have implemented a security enhancement for tag scoping in Qualys AssetView (AV) and Qualys CyberSecurity Asset Management (CSAM).

This enhancement for AV is available with the following releases: 
- Qualys Cloud Platform 3.17.0.0 
- CSAM 2.17.0.0
- RX 2.28.0
- Patch Management (PM) 2.9.0.0

This implementation ensures that the non-manager users can only access assets the Manager role has explicitly granted, but, a sub-user cannot create a child tag to a tag added to its scope.

The following enhancements are implemented for Sub-Users:

  • A sub-user does not require edit permission to edit a tag created by themselves. However, a delete permission is required to delete the tag. 
  • In AV, the tags listed on the Tag Selector page, are added by the Manager to the sub-user's scope. You can add the tags created by sub-users via the search.
  • In CSAM, the tags listed on the Tag Selector page are added by the Manager to the sub-user's scope. These tags have Show tags in User Scope checkbox selected.

    Tags created by sub-users are listed in the tag list on the Tag Selector page, with Show tags in User Scope checkbox not selected. A sub-user can search these tags by clearing the Show Tags in User Scope checkbox. 

Portal-Adminstration UI Administration

The issue where adding tags using the Qualys Query Language (QQL) would not be listed in the Action Log of the Administration application is now resolved.

PVM-VMDR Vulnerability Management Detection and Response

We have fixed an issue where the VMDR dashboard widget that has trending enabled did not show the vulnerability data for some dates.

PVM-VMDR Vulnerability Management Detection and Response

We have fixed an issue where the Custom QIDs created in the Qualys Custom Assessment and Remediation (CAR) application when used with Group By Vulnerability in the VMDR application, would generate incorrect or no data.

PVM-UI Vulnerability Management Detection and Response

While exporting the QID download type from the VMDR > Vulnerabilities tab, the report listed the KB Severity field though the user selected the Severity option. This issue is now resolved.

PVM-Widget Vulnerability Management Detection and Response

We have fixed an issue where the Vulnerabilities and trending data showed the value as 0 for the Numerical widget.

SAQ - Questionnaire Security Assessment Questionnaire

When the Manager user was editing the Campaign report created by the invitee user, the application crashed, and the Manager user logged out. We have fixed this issue now. This error was caused because even though the Invitee user had a Manager user role to create the reports, the Manager user was not able to access these reports.

VMDR Vulnerability Management Detection and Response

The user encountered an issue, where even though the Non-Running Kernel count for vulnerabilities in the trending widget were excluded, the search result would include the Non-Running Kernel results. We have corrected the database entries and the issue is now resolved.

WAS-API Web Application Scanning

We have fixed an error that the user received while searching the report templates using the following APIs:

  • POST: <APIserver name>/qps/search/was/reporttemplate
  • GET: <APIserver name>/get/was/reporttemplate/<id>
WAS-API Web Application Scanning

We have fixed an issue where the distribution list details were missing in the API response for the scheduled WAS report.

The impacted API-

GET: <APIserver name>/qps/rest/3.0/get/was/report/<id>

WAS-UI Web Application Scanning

We have fixed an issue where the scorecard report did not show the correct severity for detection if the user had updated the severity. This issue is resolved, and the scorecard report now displays the updated severity for the detection.