Release 3.18
May 29, 2024
What's New?
Cloud Agent |
New Feature - Database Authentication and Assessment
With this new feature, you can configure Cloud Agent to fetch the database authentication credentials using CyberArk Vault and perform database assessment from the Cloud Agent user interface.
With this feature, Cloud Agent fetches the database credentials directly from the vault, automating the database assessment process and enhancing safety.
Database Authentication and Assessment feature is not available by default. To enable it, please contact your Qualys representative.
To configure Cloud Agent for database authentication and assessment, navigate to the Configuration > Assessment tab.
Use the New Assessment option in the Assessment tab to create a new database assessment.
The database authentication and assessment feature is supported for the following versions of Qualys Cloud Agent:
- Cloud Agent for Windows version 5.6 and later
- Cloud Agent for Linux version 6.3 and later
For more information, refer to Cloud Agent Online Help.
Signature Versions in the Cloud Agent User Interface
With this release, the About View dialog box displays the Cloud Agent signatures. This provides information about the signature versions in production for Cloud Agents.
To view the Cloud Agent signature versions:
In the Cloud Agent application, click Help > About.
Click Signature Version Matrix.
Security Assessment Questionnaire |
Time-stamped Templates for Aggregate Template Report
With this release, we have made an update in our reporting system for Aggregate Template Report. To address the challenge of identifying the most recent template with the campaign while creating an Aggregate Template Report. We have now implemented a feature where all templates are appended with time stamps.
Users no longer need to manually track which template is the most recent, simplifying the report creation process.
The user can also view the details of the template, as shown in the following image.
To create an Aggregate Template Report, navigate to Reports > New Report and select Report Type as Aggregate Template Report. Select the required Template from the Target section.
Availability of Time-Stamped Templates in the Templates Tab
With this release, when you start a campaign using a published template from the Library tab, the Template is listed in My Template tab with a time stamp.
The following screenshot shows that you can start a campaign using a published template from the Library tab.
After creating a campaign, you can find its corresponding template in the My Template tab with the timestamp.
You can use this template to create other campaigns as well.
When you modify or update a template on the My Template tab, a new template with a new version is created. You can view the old template as a retired template while creating the Aggregate Template Report.
Increased Character Limit for Creating Questionnaire
With this release, we have updated the character limit to 800 characters for question descriptions when creating a questionnaire.
Vulnerability Detection and Response |
New Feature: Patch Supersedence
Patch Superseded is the newly introduced Excluded Vulnerabilities Filters under the Vulnerabilities tab. If a patch similar to the previously released patch is released, the superseding patch replaces the earlier patch based on the patch-related QIDs. This filter is applicable only for Microsoft Detections.
Benefits
- Since the superseding patch replaces all the previous versions, you have a manageable set of vulnerabilities to patch.
- Endless vulnerability patch cycles can be avoided, thus saving time in patching multiple vulnerabilities individually.
Prerequisites
- VMDR version: 3.16.2
- VMSP should be enabled. Contact Qualys Support or TAM for more information.
- TruRisk should be enabled.
You can exclude the vulnerabilities by selecting the Patch Superseded option from the Filters drop-down.
To view the list of excluded Patch Superseded vulnerabilities, deselect the Patch Superseded from the Filters and use the token - vulnerabilities.hidePatchSuperseded
: True
The Patch Superseded filter is available only for Vulnerability Management widgets in the Unified Dashboard application.
The following screenshot is an example that highlights the vulnerabilities.hidePatchSuperseded
: True
token and the Patch Superseded filter disabled:
For more information about other Excluded Vulnerabilities, refer to VMDR Online Help.
New Token
Token Name | Description |
vulnerabilities.hidePatchSuperseded | Use the boolean value True to generate the list of excluded superseded QIDs and show the latest patches. |
Issues Addressed
The following reported and notable issues have been fixed with this release.
Category/Component | Application | Description |
Cloud Agent UI
|
Cloud Agent
|
The Cloud Agent activation key expired even when no expiry date was set. It was caused by the activation key status not getting updated when the cloud agent was uninstalled using the purge rule. We fixed this issue by retrieving messages from the asset feed pushed by Cloud Agent Platform, HDS, and Cloud Agent UI. These messages are used to change the activation key status and update entries in database tables. |
Cloud Agent UI
|
Cloud Agent
|
The Cloud Agent displayed an agent host's mismatched IP Address and physical location. This was caused by a mismatch between the "Connected from" IP and the actual IP locations. Also, there was a discrepancy in the "Connected from" IP on the Asset Summary and Agent Summary pages. We fixed this issue by fetching the IP address and location for Cloud Agent-tracked assets from the same data source. |
Cloud Agent UI
|
Cloud Agent
|
A Manager user was unable to launch the On Demand Inventory scan and view asset details because proper tags were not added for the Manager user role. Also, the error messages displayed on the user interface were incorrect and did not suggest the correct course of action to the user. We fixed this issue by using proper tags for the user and updating the error messages to display the correct information. |
Cloud Agent UI
|
Cloud Agent
|
Users were unable to see the AWS Bottlerocket Information while using API to fetch the information on the Qualys server. This happened because the order of AWS Bottlerocket was lower than the NONE and ALL options on this server. We fixed this issue by updating the data source for this information. |
VM-API General |
VMDR |
The Qualys API was taking more time to generate responses for sub-user profiles. This was because database search queries for sub-user profiles contained additional conditions. We fixed this issue by optimizing the search queries for sub-user profiles. |
CA-API |
Asset Management |
We faced an issue where the Splunk API timed out while retrieving data from the Qualys server. We fixed this issue by implementing optimal SQL filter queries. |
Shared Portal - Data Discrepancy |
WAS
|
We encountered an issue where depreciated QIDs were displayed on the Web Application Scanning user interface. We fixed this issue by resolving the inconsistency in database tables. |
Asset Tagging Service (ATS), Shared - Portal |
CSAM/GAV
|
We faced an issue where the tagging process was stuck in the re-evaluation state for a long time. This issue was caused by the database connection pool getting exhausted. We fixed this issue by providing a retry mechanism for the re-evaluation process. |
HDS, Shared-Portal |
CSAM/GAV |
We encountered an issue where blank purge rule execution reports were generated. We fixed this issue by optimizing the purge rule for hard and soft deletion. |
AV - Connector API |
Connector |
We had an issue where users could not launch the scheduled EC2 scan for regions without assets. We fixed this issue, and users can now select and launch scans for these regions. |
Portal
|
Portal-VM
|
The "Group by" filter and QQL queries generated the mismatched vulnerability detection counts. We fixed this issue by modifying the "Group by" filter to capture the correct data. |
SAQ UI |
SAQ |
Resolved the issue where attempting to add an Associated Users in the Vendors tab caused the application to crash. This happened in the case of customized. |
WAS UI |
WAS |
The scheduled and on-demand web application reports were failing due to missing data related to half-confirmed and half-potential vulnerabilities included in search lists. We resolved this issue by ensuring the presence of this data when generating reports. |
WAS-API |
WAS |
The WAS Scan Search API was taking more time to generate a response. We have fixed this issue by optimizing SQL queries. |
WAS-API |
WAS |
Get Web Application Details API was showing inconsistent attribute details. This was caused by the use of different crawl spaces while creating and updating a web application. We fixed this issue by updating the Get Application Details API to retrieve information based on the latest crawl space. |
WAS-API |
WAS |
We fixed an issue where WAS-API was denied default proxy configuration with a false error message "Can not set both dnsOverride and proxy" even when dnsOverride was not configured. |