Release 10.31

November 29, 2024

What’s New?

Qualys Policy Compliance (PC) 

Authentication Report Enhancement

With this release, you can now view the list of all the asset tags associated with each specific host in the All Asset Tags column in PDF format up to 255 characters. If the list exceeds this limit, it is represented with an ellipsis (three dots) to indicate the presence of tags beyond 255 characters. Earlier due to large asset tags associated with each specific host, the authentication report was displaying blank. With this enhancement, you can view the complete data in the authentication report PDF format.

 This is applicable to both PC and VM authentication report.

Support for New Authentication Technology

With this release, the following technologies are now supported for Policy Compliance authenticated scans:

Apple Safari 16x

With this release, the Apple Safari 16x technology is supported for Policy Compliance authenticated scans using Cloud Agent. The technology is now available for use at the following places for agent:

Policy Editor

When you create or edit a compliance policy, Apple Safari 16x is now available in the list of supported technologies.

Apple Safari 16x displayed in Search technologies when creating a new policy.

Search Controls

When you search controls, you see Apple Safari 16x in the list of technologies. Go to Policies > Controls > Search and select Apple Safari 16x in the list.

Apple Safari technology displayed in Technologies field in the Search window.

Authentication Report

To display all OS authentication-based instance technologies per host, including Apple Safari 16x, in your authentication report, go to Reports > New > Authentication Report and under Appendix, enable OS Authentication-based Technology option.

OS Authentication based Technology checkbox selected

Apple Safari 16x is now listed under host technology in the Result section of the compliance scan report.

 

Scroll down to the Appendix section of your authentication report to view the Apple Safari 16x mentioned under Targets with OS authentication-based technologies.

 

Scan Results

When you use a Cloud Agent for Policy Compliance, the Cloud Agent auto-discovers Apple Safari 16.x. When an agent scan detects Apple Safari 16.x on a host, it gets displayed on PC > Assets > Middleware Asset.

Sample Report

The sample report displays the tracking method and the instances for agent. You can view the instances of Apple Safari 16x for scanned hosts in compliance reports.

Agent

The sample report displays the tracking method for the scanner as AGENT with an instance of Apple Safari 16.x.

 

For information on the support of Apple Safari 16.x for VM and PC, see Authentication Technologies Matrix.

Opengear 5.x

With this release, the Opengear 5.x technology is supported for Policy Compliance authenticated scans using scanners. The technology is now available for use at the following places for scanners:

Policy Editor

When you create or edit a compliance policy, Opengear 5.x is now available in the list of supported technologies.

Opengear 5.x displayed in Search technologies when creating a new policy.

Search Controls

When you search controls, you see Opengear 5.x in the list of technologies. Go to Policies > Controls > Search and select Opengear 5.x in the list.

Opengear 5.x technology displayed in Technologies field in the Search window.

Authentication Report

To display all OS authentication-based instance technologies per host, including Opengear 5.x, in your authentication report, go to Reports > New > Authentication Report and under Appendix, enable OS Authentication-based Technology option.  

OS Authentication based Technology checkbox selected

Opengear 5.x is now listed under host technology in the Result section of the compliance scan report.

Opengear 5.x host technology displayed in Results for the compliance report.

Scan Results

Sample Report

The sample report displays the tracking method and scanner instances. You can view the instances of Opengear 5.x for scanned hosts in compliance reports.

Scanner
The sample report displays the tracking method for the scanner as IP with an instance 'os'.

Instance and tracking method for Opengear 5.x.

For information on the support of Opengear 5.x for auto discovery and vaults, see Authentication Technologies Matrix.

Issues Addressed

The following issues are fixed with this release:

Component/Category Application
 
Description
VM - SAML Authentication Vulnerability Management When users log into SAML, they are prompted to select the username they wish to use for the account. They must make a selection within 2 minutes. This is the expected behavior. This information is now documented in the article SAML Frequently Asked Questions (FAQ).
VM - Scan Schedule Vulnerability Management When the users selected All Scanner in the tagset while executing the scheduled scan, the asset tag service was unavailable. The scheduled task was automatically deactivated. Relevant code changes were made to fix the issue. When you now schedule a scan and if the asset tag service is unavailable, the scheduled scan will be launched at the next launch time.
VM - Users API Vulnerability Management When users tried to import user preferences within a subscription, daily trouble ticket updates(daily_ticket) and Scanner Appliance heartbeat check (heartbeat_failed) notifications were not updated after import. The display of an input parameter USER_PREFS in the error message was creating confusion. Relevant code changes were made to fix the issue. 
VM - Report Schedule Vulnerability Management When users edited an existing report schedule containing an Asset Group with special characters, the Asset Group information was not loading. Relevant changes were made to fix this issue. Now the Asset Groups with special characters load on the schedule edit page.
VM - Scan Schedule Vulnerability Management When users edited asset groups in a scheduled vulnerability scan, the refresh and delete icons overlapped, preventing them from performing delete or refresh actions. Relevant code changes have been made to fix this issue.
VM - Option Profile Vulnerability Management When users created an Option Profile with the Unix Least Privilege Authentication option disabled, it was selected by default when they edited the profile. Relevant code changes have been made to fix this issue. Now, if users disable the Unix Least Privilege Authentication option while creating an Option Profile, it will remain disabled when they edit the profile.
VM - User Management Vulnerability Management When users with the Scanner role tried to edit the authentication record even when the permission was assigned, they were not able to edit. This happened because the user with the scanner role can only view the record created by the manager role. Sub-users (for example, scanner, unit manager role) are only allowed to edit the authentication records created by the same user roles. This is now added in the Online Help under the section Tell me about user roles.
VM - API General Vulnerability Management When the users attempted to update the tracking method between IP and DNS for multiple comma-separated host IDs, they encountered error 1905 stating, 'Parameter ids has an invalid value (ID must be a positive integer).' However, updates for a single host ID were successful. Relevant code changes have been made to fix this issue. Users can now update the tracking method for both single and multiple comma-separated host IDs.
VM - Reports General Vulnerability Management When the users downloaded a report in CSV format, the headers were incorrectly displayed in the middle of the file when the report was executed using IPV6 ranges starting with letters. Relevant code changes have been made to fix this issue. The headers are now correctly displayed at the top of the CSV file.
PC - Reports Policy Compliance When the user with reader access is trying to generate a Policy Compliance report for a single IP address, the error message 'The hosts are either not in your account or license or you are not allowed to access them' is displayed. Relevant code changes have been made to fix this issue.
PC - Reports Policy Compliance When the users generated an authentication report, the CSV report displayed the data, but the PDF report was completely blank. Relevant code changes were made to fix the issue.
PC - API Policy Compliance When the users executed the API endpoint for the exception list control, an error code 999 was displayed in the exception list output. Relevant code changes were been made to fix the issue.
PC - Schedule Report Policy Compliance When the users executed a scheduled report, the users observed that the scheduled report did not start on time and also was taking more time to generate the report in PDF format than expected. Relevant code changes were been made to fix the issue.
PC - UDC Policy Compliance When the users deleted the controls(User Defined Controls) that were present in their UI, the user Activity Log was still not displaying the deleted controls. Relevant code changes were been made to fix the issue.