Release 10.29
August 01, 2024
What’s New?
Qualys Vulnerability Management (VM)
User Experience (UX) Optimization
To improve/enhance user interactions with the Qualys Cloud Platform, the following changes are implemented in this release:
Scan Report
With this release, we have highlighted the titles of the THREAT, RESULTS, and Detection Logic sections with background color in the Scan report for the PDF format. This enhances the section's readability and identification. These sections help you to understand how Qualys Cloud Platform detects and flags the QIDs.
KnowledgeBase Information Page - Detection Logic
With this release, we have highlighted the title of Detection Logic in the KnowledgeBase Info page (VM > KnowledgeBase > KnowledgeBase > Select a QID > Quick Actions > Info > Details tab) with a background color. This enhances the section's readability and identification. This section of the report helps to understand the detection logic used to identify or flag a QID.
Enhanced Welcome Email Template
Earlier, when you subscribed to a Qualys product trial, the welcome email displayed the product name as Qualys Cloud Platform. With this enhancement, you can now view the specific product name in the Welcome email template for which you have signed up for a trial account subscription.
Home Page Enhancement for Trial Account Users
With this release, when you subscribe to a trial account for a specific Qualys product, you are redirected to a product-specific trial account instead of VMDR after logging in from your login page. You must complete the trial account creation process by changing your password and creating a new password. When you log in with your new password, you are redirected to your product home page. This helps you to access your trial account subscription page directly.
You are redirected to the trial accounts of specific Qualys products such as Global IT Asset Inventory (ITSM/CSAM), Patch Management (PM), Security Assessment Questionnaire (SAQ), TotalCloud, Web Application Scanning (WAS), Certificate View (CV), and Endpoint Detection and Response (EDR).
Redirecting URL for Login Page
With this release, we have introduced the following new login pages that can be viewed after you enter the URL manually:
- Private Cloud Platform (PCP) users: You are redirected to PCP home page /fo/user_login.php from /qglogin/index.html.
- Shared Cloud Platform (SCP) users: You are redirected to SCP home page/qglogin/index.html from /fo/user_login.php.
When the session times out for both PCP and SCP users, you are redirected to the main login page of PCP (/fo/user_login.php) and SCP (/qglogin/index.html) respectively.
Improvised Option Profile Map Setting- Perform Basic Information Gathering on
The Map setting, Perform Basic Information Gathering on (VM> Scans> Option Profiles> New> Option Profile> Map tab) from the Option Profile allows you to select the hosts and ports to scan for basic information gathering on hosts during mapping. We have updated this setting to change the default option from All Hosts to Registered Hosts only. This avoids potential incident issues during scans using the All Hosts setting. The All Hosts setting scans all hosts in your subscription for gathering basic information.
This default setting update is applicable only to the newly created option profiles.
The following image illustrates this default setting update:
Image Captcha Field made Case-Sensitive
Earlier, when resetting the login password, the captcha field value was not case-sensitive. Hence, you could enter the value in upper or lower case regardless of how the value is displayed in the captcha image.
With this release, we have made the image captcha field case-sensitive. You must now enter the letters exactly as they appear in the image, matching the case - uppercase or lowercase.
Qualys Policy Compliance (PC)
Filter Middleware Assets with Middleware Technology Instances
We have enhanced Middleware Asset management by introducing a new filter; Discovered Instances.
After the Cloud Agent scans the assets, the details of middleware technology for the assets are listed in the Middleware Assets tab (Assets >Middleware Assets tab). Previously, this tab displayed all assets, including those with and without middleware technology instances, making it difficult to filter the records.
To address this issue, we have introduced a new filter Discovered Instances that displays only those assets with middleware technology instances. When you apply this filter, the Middleware Asset tab displays all assets with middleware technology instances listed in the Middleware Technology column. If you want to view all assets, regardless of whether they have middleware technology instances or not, simply clear this filter. As a result, all assets are displayed in the Middleware Assets tab.
The following image illustrates the Middleware Assets tab after applying the new filter, Discovered Instances.
Policy Report Enhancement
The Policy report has been enhanced by adding a new column, Policy ID, under the summary section of the CSV report format. This Policy ID can be useful to share it with Qualys support to help investigate and troubleshoot the Policy report issues when you encounter them.
View and Export Exception Comments
The Exceptions (Policy Compliance >Exceptions) tab now has an additional column, Comment. This column displays the latest comments added for the exceptions. By default, the Comment column is not displayed in the Exceptions tab. To display the Comment column and view the latest comments added for the exceptions, go to Settings > Columns> select Comment. The Comment column appears.
To export the comments, go to New > Download> Select Download Format > click Download.
Auto Discovery Support for MySQL Database Authentication
With this release, Qualys introduced instance discovery and auto-record creation for MySQL authentication. The system generates an authentication record for you by launching a scan on your IP, which automatically discovers all the required data. You can now create a system record template for MySQL using your credentials. Select System Record Template and perform a compliance scan. This helps you reduce the time and effort required to create an authentication record. For more information, refer to the Set Up MySQL System Record Template section under Authentication Records in the Online Help.
You can edit individual MySQL system records and save them as user-created. This allows you to change the credentials for individual records without changing the credentials for all records associated with a template.
Qualys API Support
For this enhancement, we have implemented the versioning for the following APIs:
- MySQL Record - /api/3.0/fo/auth/mysql/
- Option Profiles for Compliance - /api/3.0/fo/subscription/option_profile/pc/
A new parameter is_template, and the following new DTD tags are added to
MySQL Record API:
- IS_SYSTEM_CREATED
- IS_ACTIVE
- IS_TEMPLATE
- TEMPLATE
For more information, refer to Cloud Platform 10.29 API Release Notes.
Support for New Authentication Technologies
With this release, the following technologies are now supported for Policy Compliance authenticated scans using scanners and Cloud Agent:
- Mongodb 7
- PostgreSQL 16.x
For more information, see Authentication Technologies Matrix.
Security Configuration Assessment (SCA)
Dashboard Performance Improvement
We have added a backend configuration option to enhance the performance of the SCA dashboard. This option is not enabled for all users by default. If you are experiencing slow performance with the SCA dashboard, you can improve it by contacting Qualys Support or your Technical Account Manager (TAM) to enable it for your subscription. This option is available for use only to the manager user of the SCA application.
Issues Addressed
The following issues are fixed with this release:
| Component/Category | Application |
Description |
| VM - Scans | Vulnerability Management | When the users downloaded the scan report in PDF format, the option profile section was not displayed under the Appendix section. Relevant code changes have been made to fix this issue. |
| VM - Report Schedule | Vulnerability Management | When the user tried to launch schedule report targeting on asset group that contained only DNS in it, the report were not getting launched at scheduled time and were getting an error Skipped as the target is resolved to empty target list in the Activity Log tab (VM > Users > Activity Log). Relevant code changes have been made to fix the issue. |
| VM - UI General | Vulnerability Management | When the users logged in to the new VM dashboard, they were redirected to the classic VM dashboard. Relevant code changes have been made to fix the issue. |
| VM - Host List Detection API | Vulnerability Management | When the users executed a HLD API endpoint /api/2.0/fo/asset/host/vm/detection/ by using show_reopened_info parameter,the execution was getting timed out. relevant code changes have been made to fix the issue. |
| VM - API General | Vulnerability Management | When the users were trying to change the tracking method of IPs from DNS to IP along with Cloud and QAgent hosts IPs, using IP List API endpoint /api/2.0/fo/asset/ip/,API response was showing the tracking method as updated. When checked, the tracking method was not updated. Relevant code changes have been made to fix this issue. Note that the tracking method for cloud and QAgent hosts IPs will remain unchanged when they are passed along with IP tracked hosts. |
| VM - VMDR OT | Vulnerability Management | When the users used the filter to view all the OT(Non- IT Assets) device addresses in address management, they were able to view only 20 OT device addresses. When they removed these 20 devices, they were able to view the next 20 devices in the list. Relevant code changes have been made to fix the issue. Now, they are able to view and remove the selected list of all OT device addresses. |
| VM - Asset Groups | Vulnerability Management | When users tried to add the IP address to the asset group, which was not part of the subscription, a message was displayed as Update Asset Group in the activity Log (Users > Activity Log). Relevant code changes have been made to fix the issue. Now, if the IP address is part of the subscription and the user tries to add the IP address to the Asset Group, then a message is displayed in the Activity Log as Update Asset Group. |
| VM - Host List Detection API | Vulnerability Management | When the users were executing the HLD API endpoint /api/2.0/fo/asset/host/vm/detection/ using the combination of parameters, the data associated with the EC2 related columns were not displayed. Relevant changes have been made to fix the issue. Now the metadata is displayed in the Cloud Resource Metadata column in JSON encoded format.EC2 columns are set blank, as EC2 column is planned to deprecate. |
| VM - Host List Detection API | Vulnerability Management | When the users were executing the HLD API endpoint /api/2.0/fo/asset/host/vm/detection/, QDS data associated with the QDS scores and Severity data were not aligned correctly with their column headers in the CSV report format. Relevant changes have been made to fix the issue. |
| VM - Scan Schedule | Vulnerability Management | When the users received an email notification for a scheduled scan, they found that the email notification was not received at the correct time zone, which was expected to be received two hours before the scheduled scan. Relevant changes have been made to fix this issue. |
| VM - Scan Schedule | Vulnerability Management | When the users received an email notification for a scheduled scan, they found that the email notification was not received at the correct time zone, which was expected to be received two hours before the scheduled scan. Relevant changes have been made to fix this issue. |
| VM | Vulnerability Management | When an active Agent user's subscription had an expired VM Agent add-on, Agents from the add-on were deactivated. Relevant code changes have fixed this issue. Now, these add-ons are auto-renew, preventing deactivation. |
| VM - Authentication Records | Vulnerability Management | When the users were accessing Authentication records, they observed a discrepancy between the Not Attempted status count in the graph and the list on the Authentication details tab. This discrepancy was because the Not Attempted count displays the remaining IP count in the authentication record for which there is no Pass/Fail authentication status. This is now updated in the Online Help in the Why use Host Authentication section in Host Authentication. |
| VM | Vulnerability Management | When the users were downloading Map reports in PDF format, the date given in the fields Created and Date was displayed inconsistently in the report. Relevant code changes have been made to fix the issue. Now, the date format given in the fields Created and Date are consistent. |
| VM | Vulnerability Management | When the users accessed scan based reports in PDF format, the trends are displayed under the Summary of Vulnerabilities section. These trends are displayed regardless of whether the trending option is selected in the trend settings. This is now documented in the Online Help in the Configure a PCI Scan Report Template section under Reports. |
| PC-Reports | Policy Compliance | When the users were trying to run a scheduled report associated with certain tags, the report could not be launched. Relevant code changes have been made to fix this issue. |
| PC | Policy Compliance | When the users attempted to run a scheduled scan or report, the processes could not be completed if the tagset service was unavailable. Previously, there was no option to re-try connecting to the tagset service and run the scan or report again. Relevant code changes have been made to address this issue. We have now implemented a re-try mechanism that will re-execute the scan or report after a specific time interval. |
| PC | Policy Compliance | When the users were promoted, demoted, or transferred to other business units, it was observed that the policies associated with them were not visible. There was also no record of these policies being moved or deleted. Relevant code changes have been made to fix this issue. We have now added an activity log that tracks the changes made to policies. Also, we have replaced the hard delete option (which permanently deletes a policy) with soft delete (will delete the policy, but the same can be restored within 15 days). |
| PC | Policy Compliance | When the users with Shared Cloud Platform (SCA) accounts searched for policies using the search functionality, they had the search fields Status and Locking Status displayed. These fields were not required for SCA accounts. Relevant code changes have been made to fix this issue. These fields are not visible for SCA accounts. |
| PC | Policy Compliance | When the users were running a scheduled scorecard report, the request was not getting completed. Relevant code changes have been made to fix this issue. Now we can run the schedule scorecard report without any error and get its relevant details. |
| PC | Policy Compliance | When the users were generating a compliance report for a particular UDC, they were displayed with an incorrect script name as from the one given in the Policy Compliance module. Relevant code changes have been made to fix this issue. Users can now see the same script name at both instances. |
| PC | Policy Compliance | When the user accesses the Posture tab in Policy Compliance (PC), they are displayed with a list of stale data entries. These stale data entries are displayed even after the PC module is deactivated and also if the corresponding IPs exists in the PC license. This is because the stale asset clean-up script considers an asset as stale only if it is a non-PC agent and the IP is listed in the PC license. Relevant code changes have been made to fix the issue. Now, the stale asset clean-up script also considers PC assets that are agent-tracked (but without PC module) and if the assets have not been scanned in the last 45 days. |