Release 10.26

March  19, 2024

What’s New?

Qualys Vulnerability Management (VM)

API Access Disabled for Prospect/Trial Accounts

With this release, the API at the subscription is disabled for the Prospect/Trial accounts to encourage proper adherence to API guidelines. When the account type is converted from Prospect/Trial to Customer (VMDR purchased), the standard API access is automatically enabled. If your account type is Prospect/Trial and you need API access, we recommend you to connect with your Technical Account Manager(TAM) or Qualys representative. This will help the Qualys team understand the API Integration requirements.
 

Qualys Policy Compliance (PC/SCAP/SCA)

Support for Authentication Technologies

We have extended our support to the following authentication technologies:

 

Support for OS Authentication-Based Technology 

We have extended our support of OS authentication-based technologies to include: 

Microsoft OneDrive

Microsoft OneDrive supports scanner and agent. You can scan, create policies with desired controls, and run reports like authentication, policy, interactive, and so on using Microsoft OneDrive on your Windows asset and check the compliance of your Microsoft OneDrive instances.

Microsoft OneDrive is now available for use at the following places for both scanner and agent:

  • Policy Editor

    When you create or edit a compliance policy, Microsoft OneDrive is now available in the list of supported technologies.

     Creating a new policy using Microsoft OneDrive.

  • Search Controls

    When you search controls, you see Microsoft OneDrive in the list of technologies. Go to Policies > Controls > Search and select Microsoft OneDrive in the list.

    Search window showing Microsoft OneDrive.

  • Authentication Reports

    To display all OS auth-based instance technologies per host, including Microsoft OneDrive, in your authentication report, go to Reports > New > Authentication Report and enable the OS Authentication-based Technology option under the Appendix.

    Enabling OS Authentication-based technology for new Authentication report.

    Scroll down to the Appendix section of your authentication report to view Microsoft OneDrive mentioned under Targets with OS authentication-based technologies.

    Appendix showing Microsoft OneDrive in the authentication report.

  • Option Profile 

    Make sure you have enabled the OS Authentication-based Technology option. Under Scans, select Option Profiles > New > Compliance Profile > Instance Data Collection. Microsoft OneDrive is available under Application and Other Technologies.

    Enabling Microsoft OneDrive under Applications and Other technologies.

  • Scan Results 

    Microsoft OneDrive is now listed under Application technologies found based on OS-level authentication in the Appendix section of a compliance scan result.

    Scan result showing Microsoft OneDrive.

Middleware Asset

If you are using Cloud Agent for Policy Compliance (PC), Microsoft OneDrive is auto-discovered by the Cloud Agent. When a Microsoft OneDrive is detected on a host by an agent scan, it is displayed on the PC > Assets > Middleware Assets.

Microsoft OneDrive displayed on the agent side.

Sample Report

The sample report displays the tracking method and the instances for scanner and agent.

  • Scanner

    You can view the instances of Microsoft OneDrive for scanned hosts in Compliance Reports. The sample report displays the tracking method for the scanner as IP with an instance of Microsoft OneDrive.

    Policy Compliance Report showing Microsoft OneDrive.

  • Agent

    You can view the instances of Microsoft OneDrive for scanned hosts in Compliance Reports. The sample report displays the tracking method for the agent as AGENT with an instance of Microsoft OneDrive.

    Policy Compliance Report showing Microsoft OneDrive for agent.
Microsoft .NET Framework

Microsoft .NET Framework is a software development framework used for executing applications on Windows. With Qualys supporting the .NET Framework, you can scan and create policies with desired controls, run reports like authentication, policy, interactive, and so on your Windows asset, and check the compliance of your Microsoft .NET instances. It supports both scanner and agent.

Microsoft .NET Framework is now available for use at the following places for both scanner and agent:

  • Policy Editor

    When you create or edit a compliance policy, Microsoft .NET Framework is now available in the list of supported technologies.

    Creating a new policy using Microsoft .NET framework.

  • Search Controls

    When you search controls, you see Microsoft .NET Framework in the list of technologies. Go to Policies > Controls > Search and select Microsoft .NET Framework in the list. 

    Search the CIDs using Microsoft .NET framework.

  • Authentication Reports

    To display all OS auth-based instance technologies per host, including Microsoft .NET Framework, in your authentication report, go to Reports > New > Authentication Report and enable the OS Authentication-based Technology option under the Appendix

    Enabling OS Authentication-based technology for new authentication report.

    Scroll down to the Appendix section of your authentication report to see the Microsoft .NET Framework mentioned under Targets with OS authentication-based technologies.

    Appendix showing Microsoft .NET framework.

  • Option Profile 

    Make sure you have enabled the OS Authentication-based Technology option. Under Scans, select Option Profiles > New > Compliance Profile > Instance Data Collection. Microsoft .NET Framework is available under Application and Other Technologies.

    Option profile showing Microsoft .NET framework.

  • Scan Results

    Microsoft .NET Framework is now listed under Application technologies found based on OS-level authentication in the Appendix section of a compliance scan result. 

    Microsoft .NET framework displayed in Scan result under Appendix.

Middleware Assets

If you are using Cloud Agent for Policy Compliance (PC), the Microsoft .NET Framework is auto-discovered by the Cloud Agent. When a Microsoft .NET Framework is detected on a host by an agent scan, it is displayed on the PC > Assets > Middleware Assets.

Displaying .NET framework for agent in the Middleware tab.

Sample Report

The sample report displays the tracking method and the instances for the scanner and agent.

  • Scanner 

    You can view the instances of Microsoft .NET Framework for scanned hosts in Compliance Reports. The sample report displays the tracking method for the scanner as IP with an instance of Microsoft .NET Framework.

    Sample report of policy compliance showing .NET framework instance and tracking method for scanner.

  • Agent

    You can view the instances of Microsoft .NET Framework for scanned hosts in Compliance Reports. The sample report displays the tracking method for the agent as AGENT with an instance of Microsoft .NET Framework.

    Sample report of policy compliance showing .NET framework instance and tracking method for agent.
OS Authentication-Based Instance Technologies

We have extended our support for Mac Apple Safari server to include Apple Safari 17.x.

Apple Safari 17.x

Safari is a web browser developed by Apple. Qualys provides support for Safari till version 17.x. With this support, users can create and run various reports such as authentication, policy, and interactive reports. Furthermore, users can scan and create policies with desired controls and validate the compliance of Apple Safari 17.x instances. This Apple Safari technology is supported for agents and scanners. 

Policy Editor

When you create or edit a compliance policy, Apple Safari 17.x is available in the list of supported technologies.

Creating a new policy using Apple Safari 17.x.

Search Controls

When you search controls, you see Apple Safari 17.x in the list of technologies. Go to Policies > Controls > Search and select Apple Safari 17.x in the list.

Technology Apple Safari 17.x displayed when searching .

Authentication Reports

To display all the new technologies per host, including Apple Safari 17.x, in your authentication report, go to Reports > New > Authentication Report and enable the OS Authentication-based Technology option under the Appendix.

Enabling OS Authentication-based technology for new authentication report.

Scroll down to the Appendix section of your authentication report to see Apple Safari 17.x mentioned under Targets with OS authentication-based technologies.

Appendix displaying Apple Safari 17.x.

Scan Results

Apple Safari is now listed under Application technologies found based on OS-level authentication in the Appendix section of a compliance scan result.

Apple Safari displayed in Scan result under Appendix

Middleware Assets

If you are using Cloud Agent for Policy Compliance (PC), Apple Safari is auto-discovered by the Cloud Agent. When Apple Safari is detected on a host by an agent scan, it is displayed under PC > Assets > Middleware Assets.

Displaying Safari for agent in the Middleware tab.

Sample Report

Sample report displays the tracking method and the instances for both the scanner and agent.

  • Scanner
    You can view the instances of Apple Safari 17.x for scanned hosts in Compliance Reports. The sample report displays the tracking method for the scanner as IP with an instance of Apple Safari 17.x.

    Sample report of policy compliance showing Apple Safari 17.x instance and tracking method for scanner.
  • Agent
    You can view the instances of Apple Safari 17.x for scanned hosts in Compliance Reports. The sample report displays the tracking method for the scanner as AGENT with an instance of Apple Safari 17.x.

    Sample report of policy compliance showing Apple Safari 17.x instance and tracking method for agent.

Issues Addressed

The following issues are fixed with this release:

Component/Category Application
 		 Description
VM - UI General Vulnerability Management The user encountered an issue while searching the Qualys knowledgebase using the exploitability search option, specifically with the cisa-known-exploited-vulnerabilities. Despite searching, no results were being displayed. This issue has been resolved by making the relevant code changes. As a result, the exploitability search option in the knowledgebase now no longer supports cisa-known-exploited-vulnerabilities. Instead, the user can now use cisa-kev exploitability search option to search for relevant information. Additionally, the exploitability search option in the knowledgebase now no longer supports cisa-alert. The cisa-alert reference links for the QIDs and to the corresponding CVEs have been removed.
VM - Scan Schedule Vulnerability Management When a user tried to create a scheduled scan, an error message indicating the title already exists and a new title was to be used for the scan was displayed. The error was displayed even after the user had deleted the associated network entries. The error occurred as the database retained stale entries of previous scheduled scans. The relevant code changes have been made to correct this issue. This has enabled to user to create a scheduled scan with previously used titles.
VM - Knowledge Base Vulnerability Management When the user executed the scan, the exploitability information of the newly created Private QIDs was missing in the scan result/report. The relevant code changes have been made to fix this issue.
VM - User Management Vulnerability Management When the API User logged in, their password expired even though the Password never expires for API access setting was enabled. Relevant changes have been made to fix this issue.
VM - Assets Vulnerability Management When the user tried to replace the old physical appliance with the new one, the scheduled scans were updated with the External Scanner instead of the New Physical Scanner Appliance. To resolve this issue, ensure to enable the Do not remove New Scanner from Business Objects. This is updated in the online help documentation, see Replace Scanner Appliance.
 
VM - AGMS Integration Vulnerability Management While creating a remediation ticket manually, the user was not able to assign the ticket to other users who had access to that particular host. The relevant code changes have been made to fix this issue.
VM - Scan Based Report Vulnerability Management While generating a scan on a large number of IPs and then downloading it in PDF format, the IPs were overwritten under Target distribution across scanner appliances section, and there was inconsistency in the font size in the Host Scanned section. Relevant changes have been made to fix this issue.
VM - SAML Authentication Vulnerability Management When a SAML user session is timed out, they are redirected to the Qualys login page instead of the custom exit page. The relevant code changes have been made to correct this issue, and now, on time out, the SAML user is redirected to their custom exit page.
VM - API General Vulnerability Management Users were unable to list QID details that exceeded the length of 6 digits using the respective API. The relevant code changes have been made to display details of QID to 9 digits.
VM -UI General Vulnerability Management Previously, users were facing the issues of excluding multiple IPs using comma-separated values and the history page displaying duplicate records of those values. The relevant code changes have been made to correct this issue.
PC - UI Policy Compliance The corresponding host records were not updated after purging the asset/agent. Also, asset data in PCUI does not get deleted from the agent asset. This resulted in stale asset data being displayed in the asset index. The relevant code has been modified to fix this issue.
PC -PCRS Policy Compliance When the user generated policy reports in different formats (CSV, PDF, and XML) for the same target asset, they had found a discrepancy in the value between CSV, PDF, and XML for CID 8327. The relevant changes have been made to fix the issue.
PC -Reports Policy Compliance When the user executed the Compliance Scorecard report, there was a performance issue(it was taking 28 hours for 150KB size). The relevant changes have been made to fix the issue.
PC -UI Policy Compliance Previously, the technology description given in the Controls section (Policies Controls > select CID > Quick Actions > Info Technology Included) was not aligned correctly. The relevant code changes have been made, and now the technology description is correctly aligned.