Policy Audit Release 1.4

October 23, 2025

Upgrade to Policy Audit - Update

All users are to be upgraded from Policy Compliance to Policy Audit by default on 18th January 2026.

With Policy Audit, you can handle complex audits more effectively through continuous monitoring, risk-based insights, and (with the add-on) automated remediation workflows, all within a single platform.

As part of this transition, when you log into your Policy Compliance, you will see a prompt explaining the upgrade to Policy Audit and the What's New section listing the features of Policy Audit.

Pre notification displayed when logging into Policy Compliance.

If you are already using Policy Audit, you will see a prompt with the What’s New section and a reminder of the maximum time available to switch back to Policy Compliance is until 18th January 2026.

Pre notification displayed when logging into Policy Audit.

For more information and updates on the transition, refer to our blog for updates.

Improved Merging of Agent and Scan Data

With this release, we have introduced a new option Agent Correlation Identifier to address the issue of duplicate records being created during compliance scans, especially for databases. On selecting this option, merging of agent and scan data is ensured, thereby, avoiding duplicate host entries.

Previously, it was observed that duplicate records were being created for the same host when running compliance scans. This was because agent merging was only supported for Unix and Windows authentication records and did not apply to databases.

To enable Agent Correlation Identifier for your account, navigate to Assets > Setup Asset Tracking & Data MergingUnique Asset Identifiers > Select Accept Agentless Tracking Identifier.

Agent Correlation Identifier Setup to be enabled.

To access the Agent Correlation Identifier, navigate to Scans > Option Profiles > New > Compliance Profile > Additional.

Agent Correlation identifier when creating a new Compliance Profile.

 It is preferred to add the same ports as mentioned in the Cloud Agent Configuration Profile. You can view the ports in the Configuration Profile of Cloud Agent (Cloud Agent > Configuration Profiles > New Profile > Agent Scan Merge in the left pane > Enable the Agent Scan Merge).

A maximum of 5 ports can be entered. If more than 5 ports are entered, an error is displayed.

Error message displayed when you enter more than 5 ports.

You can even edit an existing compliance profile to enable the Agent Correlation Identifier, by navigating to Scans > Option Profiles > for a compliance profile, select Quick Actions > Edit > Additional.

Agent Correlation identifier when editing the Compliance Profile.

To view the existing Agent Correlation Identifier details for a compliance profile, navigate to, Scans > Option Profiles > for a compliance profile, select Quick Actions > Info > Additional.

Agent correlation identifier in the info window.

By default, the correlation uses ports 10001 to 10005. You can enable the Agent Correlation Identifier checkbox to edit these ports.

View Source for Host in Posture Tab

With this release, we have added a new column Source in the Posture tab. This column identifies whether the scanned host was a scanner or an agent. This enhancement provides clarity when multiple scan sources are associated with the same host.

Previously, when a host had the same Host ID with different scan sources (agent and scanner), the system updated the Last Scanned Date for all controls whenever any scan was performed. This created confusion, as the updated date did not correspond to the scan type they initiated. There had no direct way to identify whether a control was evaluated by an agent or scanner.

Thus, the addition of the Source column helps clear this confusion by identifying the type of scan sources (agent or scanner). To view the Source column, navigate to the Posture tab. The Agent icon. indicates agent and the Scanner icon. indicated scanner.

Source column displayed on the Posture tab.

You can also view the Source column in the downloaded version of the host details. To download a particular authentication report, navigate to  Posture > Download.

Downloaded Excel sheet displaying the Source column.

To enable the Source column for your account, contact Qualys Support or Technical Account Manager (TAM)

Timeframe Selection of Report Template in CSV Format 

With this release, we have introduced Timeframe Selection for compliance policy report templates downloaded in CSV format. When creating or editing a template, you can now specify a timeframe so that reports (in CSV format) include only hosts scanned within that period.

Previously, reports in CSV formats often included outdated data, such as legacy technologies, non-evaluated policy controls, and decommissioned databases, which were no longer relevant. This enhancement ensures more accurate and up-to-date reporting by allowing you to filter results based on the selected timeframe.

You can add a timeframe for CSV format reports by navigating to the Timeframe Selection section, go to Reports > TemplatesNew > Policy Template > Layout > Timeframe Selection.

Create new Report template displaying with the last updated time frame.

Similarly, you can add a timeframe for CSV format report for an existing report template, by navigating to Reports > Templates > Select the report template > Quick Actions > Edit > Layout > Timeframe Selection.

Edit report template displaying the last updated time frame.

You can also view the timeframe details for a report templates by navigating to Reports > Templates > Select the report template > Quick Actions > Info > Display Setting

Report template displaying the last updated time frame.

Support for New Authentication Technologies 

With this release, we have added support for the following new technologies:

Oracle Directory Server

With this release, Oracle Directory Server 11.1.1.7 technology is supported for Policy Audit authenticated scans using scanners and agents. This technology is now available for use at the following places, at both the scanner and the agent:

  • Policy Editor
    When you create or edit a policy compliance, Oracle Directory Server is now available in the list of supported technologies.

    Select the technology while creating policy.
  • Search Controls
    When you search controls, you see Oracle Directory Server in the list of technologies. Go to Policies > Controls > search and select Oracle Directory Server in the list.

    Oracle Directory Server option under Technologies.
  • Authentication Report
    To display all OS authentication-based instance technologies per host, including Oracle Directory Server, in your authentication report, go to Reports > New > Compliance Report >  Authentication Report and under Appendix, enable OS Authentication-based Technology option.

    OS Authentication based Technology option under Display and Filter.

    Scroll down to the Appendix section of your authentication report to view Oracle Directory Server mentioned under Targets with OS authentication-based technologies.

    Oracle directory server ption in the Appendix section of the report.
  • Option Profile
    Make sure you have enabled the OS Authentication-based Technology option. Under Scans, select Option Profiles > New > Compliance Profile > Instance Data Collection. Oracle Directory Server Enterprise is available under Application and Other Technologies.

    Oracle directory server option.
  • Scan Results
    Oracle Directory Server is now listed under Application technologies found based on OS-level authentication in the Appendix section of a compliance scan result.
    Appendix section displaying Oracle Directory Server was found for these hosts.

Middleware Asset
If you are using Cloud Agent for Policy Compliance (PC), the Cloud Agent auto-discovers Oracle Directory Server. When an agent scan detects an Oracle Directory on a host, it is displayed on the PC > Assets > Middleware Assets.

Sample Report

The sample report displays the tracking method and the instances for the scanner and the agent.

  • Scanner
    In Compliance Reports, you can view the instances of Oracle Directory Server for scanned hosts. The sample report displays the scanner's tracking method as IP with an instance of Oracle Directory Server.

    Scanner report displaying the technology.
  • Agent
    In Compliance Reports, you can view the instances of Oracle Directory Server for scanned hosts. The sample report displays the tracking method for the agent as AGENT with an instance of Oracle Directory Server.

    Agent report displaying the technology

Confluent Kafka

With this release, Confluent Kafka 7.x technology is supported for Policy Audit authenticated scans using scanners and agents. This technology is now available for use at the following places, at both the scanner and the agent:

  • Policy Editor
    When you create or edit a policy compliance, Confluent Kafka is now available in the list of supported technologies.

    Create new policy using Confluent kafka.
  • Search Controls
    When you search controls, you see Confluent Kafka in the list of technologies. Go to Policies > Controls > search and select Confluent Kafka in the list.

    Select Confluent kafka as the technlogy to search.
  • Authentication Report
    To display all OS authentication-based instance technologies per host, including Confluent, in your authentication report, go to Reports > New > Compliance Report > Authentication Report and under Appendix, enable OS Authentication-based Technology option.



    Scroll down to the Appendix section of your authentication report to view Confluent mentioned under Targets with OS authentication-based technologies.

    Display of appendix section for the technology.
  • Option Profile
    Make sure you have enabled the OS Authentication-based Technology option. Under Scans, select Option Profiles > New > Compliance Profile > Instance Data Collection. Confluent is available under Application and Other Technologies.

    Select Option Profile as Confluent.
  • Scan Results
    Confluent is now listed under Application technologies found based on OS-level authentication in the Appendix section of a compliance scan result.

    Scan result section of Confluent.

Middleware Asset
If you are using Cloud Agent for Policy Audit (PA), the Cloud Agent auto-discovers Confluent. When an agent scan detects a Confluent on a host, it is displayed on the PC > Assets > Middleware Assets.

Select the middleware asset.

Sample Report

The sample report displays the tracking method and the instances for the scanner and the agent.

  • Scanner
    In Compliance Reports, you can view the instances of Confluent for scanned hosts. The sample report displays the scanner's tracking method as IP with an instance of Confluent.

    Scanner Compliance report shows the tracking methos as IP.
  • Agent
    In Compliance Reports, you can view the instances of Confluent for scanned hosts. The sample report displays the tracking method for the agent as AGENT with an instance of Confluent.

    Agent Compliance report shows the tracking methos as agent.

Red Hat Enterprise Linux 10.x

With this release, Red Hat Enterprise Linux 10.x technology is supported for Policy Audit authenticated scans using scanners. This technology is now available for use at the following places, at both the scanner and the agent:

  • Policy Editor
    When you create or edit a policy compliance, Red Hat Enterprise Linux 10.xis now available in the list of supported technologies.

    Select RedHat to create new policy.
  • Search Controls
    When you search controls, you see Red Hat Enterprise Linux 10.x in the list of technologies. Go to Policies > Controls > search and select Red Hat Enterprise Linux 10.x in the list.

    Select Red Hat Enterprise under search technology.
  • Authentication Report
    To display all OS authentication in your authentication report,  go to Reports > New > Compliance Reports. Click Run to generate the authentication report.,

    Generate authentication report.
  • Scan Results

    Red Hat Enterprise Linux 10.x is now listed under Application technologies found based on OS-level authentication in the Appendix section of a compliance scan result.


     
  • Sample Report
    In Compliance Reports, you can view the instances of Red Hat Enterprise Linux 10.x for scanned hosts. 

    Compliance Report.

Script Based UDC Support for Windows 2008 Server

We have added Script based User Defined Control (UDC) technology support for Windows 2008 Server. You can now create a new UDC where you can select and use  Windows 2008 Server under Control Technologies.

The basic flow to create a User Defined Control (UDC) for Windows 2008 Server using the new control technology support is as follows:

  1.  Navigate to Policies > Controls. Here, we provide many controls for you to choose from and create your own UDCs.
  2.  Click New > Controls > UDC
     The New Control window is displayed.
  3.  In the left pane, select Windows Control Types.
  4.  Select Script Result Check (Agent Only) control type from Windows Control Types list.

    Select Script Result Check from Windows control types.

    Script Result Check window is displayed.
  5.  Under Control Information, select Windows 2008 Server from the list and provide the mandatory information.

    Select Windows2008 Server under Control Information.
  6.  Click Create.
    Script based UDC for Windows 2008 Server is created.

Support for New Operators in asset.compliance.score Token

With this release, we have added support for the operators >, >=, <, and <= for the QQL token asset.compliance.score. These operators were previously not available for this token.

For example, 

asset.compliance.score:80 - The search result displays findings with this compliance score.

asset.compliance.score > 60.55 - The search result displays list of assets that have compliance score field value higher than 60.55

asset.compliance.score >= 60.55 - The search result displays list assets that have compliance score field value higher than or equal to 60.55

asset.compliance.score < 60.55 - The search result displays list of assets that have compliance score field value less than 60.55

asset.compliance.score <= 60.55 - The search result displays list of assets that have compliance score field value less than or equal to 60.55

The description for the QQL token has also been updated to include examples for all supported operators. This enhancement allows you to perform more operations using the asset.compliance.score token.

Asset Compliance Score QQL token updated with new operators.

Issues Addressed

The following reported and notable customer issues are fixed in this release:

Component/Category Application
 		 Description
PA / PC - Reports Policy Compliance When users generated the Policy Compliance Report for PA/PC and SCA accounts, the data for non-SCA controls (6399) was not displayed in the report, even though it was available in the Posture tab. Relevant code changes have been made to fix the issue, and now, consistent data is visible in both the report and the Posture tab.
PA / PC - Middleware Policy Audit / Policy Compliance When the user performed a middleware scan where no technologies were detected via the agent, the COMPLIANCE tag was not included in the scan results. Relevant code changes have been made to fix the issue. After the fix, scan processing continues even when the COMPLIANCE tag is missing in middleware scans.
PA / PC - Middleware Policy Audit / Policy Compliance When the user scanned newer middleware technologies such as IBM WebSphere Liberty 24, it is observed that these were not registered in the internal lookup table used for identifying technologies eligible for deletion. Due to this, the data deletion process could not happen for these technologies. Relevant code changes have been made to fix the issue.