Home >
Release 3.18

Release 3.18

May 29, 2024

What's New?

Cloud Agent

New Feature - Database Authentication and Assessment

With this new feature, you can configure Cloud Agent to fetch the database authentication credentials using CyberArk Vault and perform database assessment from the Cloud Agent user interface.

With this feature, Cloud Agent fetches the database credentials directly from the vault, automating the database assessment process and enhancing safety.

Database Authentication and Assessment feature is not available by default. To enable it, please contact your Qualys representative.

To configure Cloud Agent for database authentication and assessment, navigate to the Configuration > Assessment tab.

Use the New Assessment option in the Assessment tab to create a new database assessment.

create new database assessment.

The database authentication and assessment feature is supported for the following versions of Qualys Cloud Agent:

Cloud Agent for Windows version 5.6 and later
Cloud Agent for Linux version 6.3 and later

For more information, refer to Cloud Agent Online Help.

Signature Versions in the Cloud Agent User Interface

With this release, the About View dialog box displays the Cloud Agent signatures. This provides information about the signature versions in production for Cloud Agents.

To view the Cloud Agent signature versions:

In the Cloud Agent application, click Help > About.

About View dialog box.

Click Signature Version Matrix.

Signature Version Matrix.

Security Assessment Questionnaire

Time-stamped Templates for Aggregate Template Report

With this release, we have made an update in our reporting system for Aggregate Template Report. To address the challenge of identifying the most recent template with the campaign while creating an Aggregate Template Report. We have now implemented a feature where all templates are appended with time stamps.

Users no longer need to manually track which template is the most recent, simplifying the report creation process.

Select latest template.

The user can also view the details of the template, as shown in the following image.

View selected Template details.

To create an Aggregate Template Report, navigate to Reports > New Report and select Report Type as Aggregate Template Report. Select the required Template from the Target section.

Availability of Time-Stamped Templates in the Templates Tab

With this release, when you start a campaign using a published template from the Library tab, the Template is listed in My Template tab with a time stamp.

The following screenshot shows that you can start a campaign using a published template from the Library tab.

After creating a campaign, you can find its corresponding template in the My Template tab with the timestamp.

View the updated template.

You can use this template to create other campaigns as well.

When you modify or update a template on the My Template tab, a new template with a new version is created. You can view the old template as a retired template while creating the Aggregate Template Report.

Increased Character Limit for Creating Questionnaire

With this release, we have updated the character limit to 800 characters for question descriptions when creating a questionnaire.

provide question.

Vulnerability Detection and Response

New Feature: Patch Supersedence

Patch Superseded is the newly introduced Excluded Vulnerabilities Filters under the Vulnerabilities tab. If a patch similar to the previously released patch is released, the superseding patch replaces the earlier patch based on the patch-related QIDs. This filter is applicable only for Microsoft Detections.

Benefits

Since the superseding patch replaces all the previous versions, you have a manageable set of vulnerabilities to patch.
Endless vulnerability patch cycles can be avoided, thus saving time in patching multiple vulnerabilities individually.

Prerequisites

VMDR version: 3.16.2
VMSP should be enabled. Contact Qualys Support or TAM for more information.
TruRisk should be enabled.

You can exclude the vulnerabilities by selecting the Patch Superseded option from the Filters drop-down.

To view the list of excluded Patch Superseded vulnerabilities, deselect the Patch Superseded from the Filters and use the token - vulnerabilities.hidePatchSuperseded: True

The Patch Superseded filter is available only for Vulnerability Management widgets in the Unified Dashboard application.

The following screenshot is an example that highlights the vulnerabilities.hidePatchSuperseded: True token and the Patch Superseded filter disabled:

Patch Superseded Filter in the Filters drop-down of Vulnerabilities tab.

For more information about other Excluded Vulnerabilities, refer to VMDR Online Help.

New Token

Token Name	Description
vulnerabilities.hidePatchSuperseded	Use the boolean value True to generate the list of excluded superseded QIDs and show the latest patches.

Issues Addressed

The following reported and notable issues have been fixed with this release.

Category/Component	Application	Description
Cloud Agent UI	Cloud Agent	The Cloud Agent activation key expired even when no expiry date was set. It was caused by the activation key status not getting updated when the cloud agent was uninstalled using the purge rule. We fixed this issue by retrieving messages from the asset feed pushed by Cloud Agent Platform, HDS, and Cloud Agent UI. These messages are used to change the activation key status and update entries in database tables.
Cloud Agent UI	Cloud Agent	The Cloud Agent displayed an agent host's mismatched IP Address and physical location. This was caused by a mismatch between the "Connected from" IP and the actual IP locations. Also, there was a discrepancy in the "Connected from" IP on the Asset Summary and Agent Summary pages. We fixed this issue by fetching the IP address and location for Cloud Agent-tracked assets from the same data source.
Cloud Agent UI	Cloud Agent	A Manager user was unable to launch the On Demand Inventory scan and view asset details because proper tags were not added for the Manager user role. Also, the error messages displayed on the user interface were incorrect and did not suggest the correct course of action to the user. We fixed this issue by using proper tags for the user and updating the error messages to display the correct information.
Cloud Agent UI	Cloud Agent	Users were unable to see the AWS Bottlerocket Information while using API to fetch the information on the Qualys server. This happened because the order of AWS Bottlerocket was lower than the NONE and ALL options on this server. We fixed this issue by updating the data source for this information.
VM-API General	VMDR	The Qualys API was taking more time to generate responses for sub-user profiles. This was because database search queries for sub-user profiles contained additional conditions. We fixed this issue by optimizing the search queries for sub-user profiles.
CA-API	Asset Management	We faced an issue where the Splunk API timed out while retrieving data from the Qualys server. We fixed this issue by implementing optimal SQL filter queries.
Shared Portal - Data Discrepancy	WAS	We encountered an issue where depreciated QIDs were displayed on the Web Application Scanning user interface. We fixed this issue by resolving the inconsistency in database tables.
Asset Tagging Service (ATS), Shared - Portal	CSAM/GAV	We faced an issue where the tagging process was stuck in the re-evaluation state for a long time. This issue was caused by the database connection pool getting exhausted. We fixed this issue by providing a retry mechanism for the re-evaluation process.
HDS, Shared-Portal	CSAM/GAV	We encountered an issue where blank purge rule execution reports were generated. We fixed this issue by optimizing the purge rule for hard and soft deletion.
AV - Connector API	Connector	We had an issue where users could not launch the scheduled EC2 scan for regions without assets. We fixed this issue, and users can now select and launch scans for these regions.
Portal	Portal-VM	The "Group by" filter and QQL queries generated the mismatched vulnerability detection counts. We fixed this issue by modifying the "Group by" filter to capture the correct data.
SAQ UI	SAQ	Resolved the issue where attempting to add an Associated Users in the Vendors tab caused the application to crash. This happened in the case of customized.
WAS UI	WAS	The scheduled and on-demand web application reports were failing due to missing data related to half-confirmed and half-potential vulnerabilities included in search lists. We resolved this issue by ensuring the presence of this data when generating reports.
WAS-API	WAS	The WAS Scan Search API was taking more time to generate a response. We have fixed this issue by optimizing SQL queries.
WAS-API	WAS	Get Web Application Details API was showing inconsistent attribute details. This was caused by the use of different crawl spaces while creating and updating a web application. We fixed this issue by updating the Get Application Details API to retrieve information based on the latest crawl space.
WAS-API	WAS	We fixed an issue where WAS-API was denied default proxy configuration with a false error message "Can not set both dnsOverride and proxy" even when dnsOverride was not configured.