Release 3.20
February 14, 2025
What's New?
With this version of Qualys Cloud Platform, we are introducing the following new features and enhancements.
Platform Name Change Update
We are renaming the Qualys Cloud Platform to the Qualys Enterprise TruRisk Platform. This change highlights Qualys' commitment to empowering CISOs, cybersecurity professionals, and risk stakeholders to effectively measure and mitigate the impact of cyber risk on their organizations.
The Qualys Enterprise TruRisk Platform is the only cybersecurity and risk management solution that enables you to measure, communicate, and eliminate cyber risk across the extended enterprise with precise remediation and mitigation actions.
This update does not affect the platform’s functionality or features. Starting in January 2025, the name change will be implemented in phases across all product interfaces.
For more information, check out this blog.
 |
Cloud Agent |
Confirmation Message for SwCA Activation
With this release, while activating the SwCA for multiple Cloud Agents, a confirmation message is displayed that highlights the impact of SwCA activation, and provides recommendation for SwCA activation.
This enhancement allows you to make an informed decision regarding SwCA activation on your assets and prevents accidentally activating SwCA for selected Cloud Agents leading to increased resource utilization.
Revamped Cloud Agent Configuration Profile
With this release, we are making the new configuration profile available with significant enhancements, such as, an integrated Application Configuration page, enhanced host assignment, and revamped Blackout Windows as Reduced Activity Period.
For details, refer to the Cloud Agent Application 2.0 Release Notes.
 |
Web Malware Detection |
Support for Authenticated Malware Scan
With this release, we support authenticated malware scans. You can use server based authentication while performing malware scans in Web Malware Detection (MDS).
A new setting - Authentication, is added in the site creation workflow to enable authentication record and provide credentials.
If the asset is enabled for malware monitoring from Web Application Scanning (WAS) and has server authentication set, the malware scan uses the credentials defined in WAS.
If the asset has server authentication set in WAS and MDS, the authentication is performed with the authentication set in the MDS.
 |
Security Assessment Questionnaire |
Enhancement in Template Settings for Risk Evaluation
With this release, we have enhancements to the risk evaluation process, by specifically addressing how Not Applicable (N/A) questions are treated in the risk analysis questionnaire. Now you can add a new score label NA and its value as -1. You can skip the answers of the questions with this negative score. It does not contribute to total score. This is applicable to Single-select, Multi-select, Yes/No, and Drop-down type of questions. If more than one answer is selected in Multiselect, and one of the answers is NA, only that answer is skipped. For other types of questions, the entire question is skipped.
For existing Template, you can edit the template and add this new field for such questions. For XML or Excel templates, add this field in your sample, before importing the Questionnaire.
Key Updates
- N/A Question Disregard
The system now disregards questions answered as N/A in the final risk score calculation. This ensures that such responses do not influence the overall risk evaluation.
- Refined Scoring Model
The scoring mechanism is updated to reflect only the applicable questions. Questions answered N/A will not contribute to the total score, providing a more accurate assessment of risk based on relevant responses.
- Response Weight Adjustments
The previous model, which equated weights of N/A responses with other options, has been revised. Now, N/A responses will no longer carry a weight that affects the evaluation, allowing for clear differentiation between applicable and inapplicable responses.
- Enhanced User Experience
The questionnaire interface will now better indicate which questions are deemed applicable to the specific service provider, improving usability and relevance of the risk assessment process.
Enhancement in User Creation Functionality
With this release, we have improved the user creation process. You can now add new users with .health and .io domains. For example, valid email formats include user@example.health, or user@example.io.
Issues Addressed
The following important and notable issues were fixed in this release:
| Category/Component | Application | Description |
|---|---|---|
| Shared Portal | CSAM | We fixed an issue where the newly created dynamic tag sets were not evaluated even after enabling the option to evaluate the tag set rule. |
| Administration Logs | Administration | We have added flag base implementation to address an issue where the timeout error was generated while loading the action logs in the Administration application. |
| Shared Portal | CSAM | We fixed an issue where an unknown policy was being evaluated for the assets in the CyberSecurity Asset Management application. |
| Shared Portal | Administration | We fixed an issue where the entire user list was not downloaded from the administration due to the export user records limit application by setting up pagination for user data. |
| Shared Portal | Administration | We fixed an issue where the customized CSV list separator created for one user was applied to all users in the subscription. |
| WAS UI | WAS | We fixed an issue where the users with edit tag permissions could not add tags to their assets from the new WAS user interface. |
| Shared Portal | Administration | We fixed an issue where there was a discrepancy in the user role count generated by the Administration application. |
| Shared Portal | Cloud Agent | We fixed an issue where the vulnerabilities reported by Cloud Agent were not displayed in the Cloud Agent CSV report. |
| CSAM UI | CSAM | We fixed an issue where the last modified date for the EC2 instances was not getting updated even after updating the asset metadata by implementing a solution to update the last modified date for terminated assets. |
| Shared Portal | WAS | we fixed an issue where the users with edit permissions can not edit the web applications from the new Web Application Scanning UI. |
| Shared Portal | CSAM | We fixed an issue where the users could not launch the Cloud Perimeter Scan using tags for more than 1000 assets by making suitable code changes to handle more than 1000 assets. |
| WAS | WAS UI | We fixed an issue where the web application catalog count displayed during update request processing was inconsistent with that displayed after the request was completed. |
| WAS | WAS UI | We fixed an issue in which the CSV report generated by the web applications contained unidentified characters, rendering it unreadable. |
| Shared Portal | CSAM API | We have added a partial indexing flag to address an issue where the asset management API was taking more time to generate a response. Impacted API: /qps/rest/2.0/update/am/asset
|
| SAQ UI | SAQ | We addressed an issue where users could not see the Compliance Score percentage when the Risk Rating was 0.0%. If both the questionnaire score and the template score were '0', the risk rating column displays '-'. In such cases, the Compliance Score should display 100%. We have improved the algorithm's logic to resolve this problem. |