Enterprise TruRisk™ Platform Release 3.22

September 08, 2025

With this release of the Enterprise TruRisk™ Platform, we are introducing the following new features and enhancements.

AssetView

Asset View Permissions Moved to Global Permissions

We have updated how Asset View permissions are managed in Qualys. These permissions are now consolidated under their respective modules within Global Permissions.

The following table shows where each Asset View permission is now located:

Global Permission Module	Asset View Permissions Moved
Asset Management	Access Asset Management module
	Create Asset
	Delete Asset
	Read Asset
	Update Asset
Connector and Integration	View Integrations
	Manage Integration
	Manage Connectors

You can find these permissions in the Administration module. To view the permissions, navigate to Users > Role Management and click New Role. Then select modules from the Permissions step.

Impact on Existing Users

Users will continue to have the same level of access as before.
No changes are required to your current roles or assignments.

Cloud Agent

Cloud Agent Token Standardization

We have implemented standardized search tokens across all Qualys applications. As part of this enhancement, both common and Cloud Agent-specific tokens are updated with new token names that follow a standard and consistent nomenclature.

The new token format follows the syntax: entity.attribute
For example, in the new token, agent.version, where agent is the entity, and version is the attribute.

Key Enhancements:

Standardized Token Naming: The Cloud Agent tokens now follow the standardized naming convention. The tokens common to all Qualys applications have also been updated.
Search Bar Updates: The user interface displays only the new token names with auto-suggestions. However, we still support the old tokens during the transition period. If you use the old tokens with correct syntax, the Cloud Agent search still works.
Backward Compatibility: The existing Dashboard widgets and Saved Search Queries will continue to support the old tokens in edit mode.
Improved Interoperability: The standardized tokens make it easier to copy and reuse the search query from one application to another, eliminating the need to remember multiple token names for different applications and similar searches.

For the complete list of old and new token names, see Cloud Agent Token Mappings.

Support SwCA for Major Linux Platforms

With this release, we have added support for the Software Composition Analysis (SwCA) to all the major Linux platforms supported by Cloud Agent.

You can leverage the capabilities of SwCA for deep visibility and proactive risk mitigation for the various software components, especially open source libraries, to protect yourself from cyber threats.

This feature is available on Cloud Agent for Linux Intel 6.1 and later versions. The Linux ARM Cloud Agent currently does not support SwCA.

To know about the Linux Intel platforms with SwCA support, refer to the Cloud Agent Platform Availability Matrix.

Enhancements for BSD Platforms

With this release of Enterprise TruRisk™ Platform, we have introduced the following new features for BSD platforms.

Feature Name	Description
Activation Key Change	Use this feature to change the activation key assigned to a Cloud Agent directly from the user interface. Refer Change Activation Key to learn more.
Remote Log Collection	We have now added support for Remote Log Collection to BSD Cloud Agents. You can now download the agent logs for BSD Cloud Agents for troubleshooting directly from the Cloud Agent user interface, without contacting Qualys Support. This feature is available for Cloud Agent for BSD 7.1.0 and later versions. To learn more about Remote Log Collection, refer to Cloud Agent Log Download.
Troubleshooting	Cloud Agent for BSD now supports troubleshooting options such as Restart agent(s) and Debug/trace logs using the API or user interface. Now, you can perform the basic troubleshooting steps on your BSD agents without the help of Qualys support. To learn more about troubleshooting Cloud Agent, refer to the Troubleshooting Options.
On Demand Scan	Cloud Agent for BSD now supports the On Demand Scan from user interface or API. You can now launch on demand scans for your BSD Cloud Agents without updating the configuration files. To learn more about on demand scan, refer to On-demand Scan.

The above mentioned features are supported for Cloud Agent for BSD 7.1.0 and later versions.

Cloud Agent Token Updates

We are introducing the following new token for Cloud Agent user interface.

Token Name Description

agent.swcaConfigName Use this token to search Cloud Agents matching the specified SwCA Configuration Profile name.

Syntax -
agent.swcaConfigName: "<swca_configuration_profile_name>"

Examples -
Search Cloud Agents exactly matching the specified SwCA Configuration Profile name.
Search token — agent.swcaConfigName: `test_swca_profile`
Use the backticks (`...`) to search with exact profile names.

Search Cloud Agents partially matching the specified SwCA Configuration Profile name.
Search token — agent.swcaConfigName: "test"
Use the double quotes ("...") to search with partially matching profile names.

Token Name	Description
agent.swcaConfigName	Use this token to search Cloud Agents matching the specified SwCA Configuration Profile name. Syntax - `agent.swcaConfigName: "<swca_configuration_profile_name>"` Examples - Search Cloud Agents exactly matching the specified SwCA Configuration Profile name. Search token — agent.swcaConfigName: `test_swca_profile` Use the backticks (`...`) to search with exact profile names. Search Cloud Agents partially matching the specified SwCA Configuration Profile name. Search token — `agent.swcaConfigName: "test"` Use the double quotes ("...") to search with partially matching profile names.

Issues Addressed

The following important and notable issues are addressed in the release.

Category/Component	Application	Description
Configuration Profile Assignment	Cloud Agent UI	We fixed an issue where the configuration profiles were not being assigned automatically to the Cloud Agents.
Cloud Agent Self Protection	Cloud Agent UI	We fixed an issue where users could not generate the key to disable the Cloud Agent self-protection.
Asset Tag Creation	Asset Tagging	We fixed an issue where users could create static tags with names exceeding 255 character limit but the dynamic tag creation failed.
Roles and Permissions	Administration	We fixed an issue where unit manager users could not see the tags assigned to sub-users under their scope. Now, we have updated the permissions checks to correctly display the tags assigned to sub users.
Roles and Permissions	Administration	We fixed an issue where the users were getting role discrepancy error in the Administration application even when there was no role discrepancy.
Roles and Permissions	Administration	We fixed an issue where the VMDR application was failing temporarily when user tried to access the asset system information.
Purge Rules	CSAM UI	We fixed an issue where purge rules were not getting executed as per the defined schedule.
CSAM Search	CSAM UI	We fixed an issue where custom attributes in a nested search query generated inconsistent results.
CSAM API	CSAM API	We fixed an issue where the Search Tags API was failing with error code 500. Impacted API: `/qps/rest/2.0/search/am/tag/`
WAS API	WAS API	We fixed an issue where the Update Web Application API could not update the scanner assets in web applications. Impacted API: `/qps/rest/3.0/update/was/webapp/<id>`