Enterprise TruRisk™ Platform Release 10.35

July 7, 2025

Qualys Vulnerability Management (VM)

Extended the Reuse Password Limit

With this feature, we have extended the reuse password limit from 13 to 24, which previously had a maximum limit of 13. The system prevents you from reusing any of your last 24 passwords. You can set this limit by navigating to Users > Setup > Security > Under Password Security > select Last passwords cannot be reused check box and enter the count. This helps to enhance security by minimizing vulnerabilities from predictable password patterns and reducing the risk of unauthorized access to the environment. 

Password reuse limit.

Support to create a FQDN based Scan Report

With this feature, you can now launch scan reports using a Fully Qualified Domain Name (FQDN) and create a report based on the FQDNs. This helps in asset tracking and accurate vulnerability information in dynamic environments where IPs are not static. You can provide the FQDNs in the scan report template (Reports > Templates > New/Edit > Findings > Host Based Findings > FQDN).

When you launch the report (Reports > New > Scan Report > Template Based > under Report Source > FQDN) using FQDN, you can view the FQDN related data in either the DNS or FQDN column in CSV and XML report format when FQDN is available.  The data available in the report is a combination of both DNS and FQDN.

Scan report displaying the data related to FQDN/DNS.

When you select a report from the report listing page, you can view the FQDN field on the preview page and the Report Information page.


This Feature can be enabled only when you have migrated to VMSP and is not available by default. To enable this, contact your Technical Account Manager (TAM) or Qualys technical Support.
- The format and data in existing PDF, DOC, CSV, HTML, and XML reports remain unchanged.
- The FQDN field supports up to 4000 characters only. It is available only for Host Based Reports.

Display of Accurate Scanner Version for Old Scanners

With this feature, you can now view the scanner's Image Version (Software installed version) under the Software field (Scans > Appliances > Select an Appliance from the list > Select Edit/Info from Quick Actions > Versions). Earlier, for older scanners, the scanner version was shown as 2.6, irrespective of actual versions. This ensures that the scanners are using the latest signatures and detection capability which helps to identify and remediate the threats accurately. 

Info page displaying the software installed version.

Configuring Retention Period for Scans and Maps

With this release, you can now view retention period (in days) for Scans and Maps results in the respective tabs.

In the Scans and Maps tab, a new column Scan Retention Period (Days) for the Scans tab and Map Retention Period (Days) for the Maps tab is added. This column displays the number of days after which the scans or maps are to be deleted. This period is populated based on the selection you have made in the Storage Setup window. Once this period ends, the scan and map details are removed. To highlight scans and maps that have the retention period below 10 days, we have marked them in red.

Scans tab

Scan Retention period column in the Scans tab.

Maps tab

Scan Retention period column in the Mapstab.

The retention period for PCI scans is by default set to 3 years from the date of launching the scan. Therefore, the retention period you set in the Storage Setup window for scans, will not apply to PCI scans.

To provide quick access to Storage Setup, an icon ( Information icon ) has been added above the Scan Retention Period (Days) column.

icon displayed above the scan retention period column.

Selecting this icon will directly open the Storage Setup window. On this window, we have added details on the data retention period. A link to the Online Help is also available for more information. 

Storage setup window displaying the newly added details on data retention period.

If you modify (increase or decrease) the retention period in the Storage Setup window, and as a result the retention period shown in the Scans or Maps tab for any scan(s) becomes zero (0), a warning message is displayed. A retention period of zero (0) means the corresponding scan or map data will be deleted overnight.

For example, if you decrease the retention period from 6 months to 3 months, and because of this the Scan or Map Retention Period (Days) for any scan(s) becomes zero (0), the warning message is displayed. This message notifies you that some scans or maps are older than the newly set retention period and will be deleted if you proceed. This gives you a chance to review and make an informed decision before applying the change.

Storage setup warning message.

The warning is displayed only if after changing the retention period, there is atleast one scan or map that has to be deleted.

Additionally, you can now search for scans and maps having specific retention periods using Search. We have added the field Scan Retention Period. By selecting the required option and specifying the number of days, you can choose to display the list of scans and maps of specific time periods.

Enable the Retention Period Columns

Before the retention period columns are available for your account, your Point Of Contact (POC) must first enable it for your account. To do so, navigate to Scans > Setup > Scan Retention Period.

Enable the Display Scan Retention Period column in the Scans and Maps tab checkbox.

Scan retention period window.

Purge SwCA Vulnerabilities for Assets

With this release, we have enabled the option to purge Software Composition Analysis (SwCA) vulnerabilities identified in the Asset Search report, either for specific agent hosts or all agent hosts containing SwCA vulnerabilities for a specific network. 

Previously, enabling SwCA for your account often led to a sudden increase in detected vulnerabilities, which in turn impacted your TruRisk score. There was no option to remove or manage these findings once detected. With this enhancement, you can now purge either specific or all the SwCA vulnerabilities either for selected agent hosts or all applicable agent hosts.

To improve vulnerability detection, especially in environments where open-source components are used, it is recommended to enable SwCA for infrastructure assets with higher risk or exposure. For better focus and performance, activate SwCA only for a selected set of Cloud Agent tags that correspond to these critical assets.


- When SwCA purging is initiated, no SwCA purging alerts are triggered to Continuous Monitoring.
- To purge SwCA vulnerabilities, your account must have VMSP enabled, the SwCA module activated, and you must have Manager-level user permissions.
- To prevent SwCA vulnerabilities from being detected repeatedly, deactivate SwCA from the Cloud Agent or Activation Key before performing the SwCA purge.
- Once the SwCA vulnerabilities are purged, the changes are reflected immediately in the Host Based reports once the backend purge operation is completed. However, for other modules such as TruRisk reports or the VMDR Dashboard/Vulnerabilities tab, changes are reflected post the next Vulnerability Management (VM) Agent Scan.

To purge the detected SwCA vulnerabilities, navigate to:

  1. Assets > Asset Search >  Search for vulnerabilities based on the different fields and click Search.
    The Asset Search Report is displayed.
  2. Select from the results for specific agent hosts list to be purged and select Purge SwCA Vulnerabilities.
    OR
    To purge all agent hosts from the results, select Purge All SwCA Vulnerabilities.

If we select Purge All SwCA Vulnerabilities option, the SwCA assets can be purged only if they belong to the same network. This limitation applies to network-enabled subscriptions where hosts are distributed across different networks.

Purge selected or all assets options in the asset search report.

Filter Modified Tickets by Recent Days 

With this release, we have added two radio buttons options which enable you to view the modified tickets in the Remediation tab from the past 7 and 15 days.

Previously, the available options were 30, 90, 180 and unlimited days. Selecting these longer durations caused issues due to the system attempting to load large amounts of vulnerability data from the database. As the volume of vulnerabilities increased, it lead to errors and Out Of Memory (OOM) issues.

To resolve this, we now have provided the option to fetch data of a shorter duration (7 and 15 days) rather than always loading data for longer timeframes.

To select the shorter duration, navigate to - Remediation > Setup > Configure Tickets View > Show Modified Tickets

The new 7 and 15 days filter options are only available for users with VMSP subscriptions.

Updated Error Message for Running Maximum Scans

With this release, we have updated the error message displayed when you have reached the maximum number of concurrent scans that you can perform at a time.

Previously, the message was not very descriptive and did not provide all the details. The updated error message now displays the maximum number of concurrent scans allowed, along with details such as the number of scans currently running and queued, and scan-specific information including the start time, initiating user, and scan name.

This improvement helps you understand scan limits and identify the ongoing scan activity more effectively.

Error message displayed after running maximum scans.

Qualys Policy Compliance (PC)

For the list of features and improvements made in Policy Compliance / Policy Audit, refer to the Policy Audit UI Release Notes for Release 1.1.0.  

Issues Addressed

The following reported and notable customer issues are fixed in this release:

Component/Category Application
 		 Description
VM - Scan Schedule Vulnerability Management When the user attempted to create a new scheduled scan with a large number of CIDR ranges, the operation failed due to the "ORA-01000: maximum open cursors exceeded" error. This occurred because each IP record was being inserted individually, exceeding the limit of open cursors. Relevant code changes have been made to fix the issue.
VM - API General Vulnerability Management When the user executed a V3 or V4 API call with the result_instance parameter for the API (api/4.0/fo/asset/host/vm/detection/) in a VMSP subscription, the request failed due to a broken user_vuln SQL query. Relevant code changes have been done to fix the issue.
VM - Reports General Vulnerability Management When the user generated a CVE ID-based report, they observed that some Exploitability information was missing. However, the same information appeared correctly when generating a QID-based report. Relevant code changes have been made to fix the issue.
VM - Scan Schedule Vulnerability Management When users attempted to run a scan, they observed that offline scanner appliances were available for selection in the Scanner Appliance dropdown. This is the expected behavior as the scanner appliance field displays all scanner appliances associated to your account, regardless of their current connection status. This description was not present. It is now added to Scanner Appliance dropdown and is also documented in the Online Help.
VM - Map Scan Vulnerability Management When the users tried to launch a map scan, it entered a queue state. Even when the scan was launched using different scanners at different times, it still entered a queue state. Relevant code changes are made to fix the issue.
VM - New UI Vulnerability Management When the users logged in to their account and clicked VMDR menu, Responses and threat Intellegence sub menus were not visible. Relevant code changes are made to fix the issue.
VM - Users API Vulnerability Management When the users used the API filter to edit the sub-users, the configurations were reflected in the UI, but a HTTP 501 error was encountered along with an incident signature in API. Relevant code changes are made to fix the issue.
VM - Scan Schedule Vulnerability Management When the users scheduled a scan, the scan paused, and failed to resume, displaying the error message -An unknown error occurred while contacting scanner services. Relevant code changes are made to fix the issue.
VM - Scan Schedule Vulnerability Management When users tried to retrieve scan host count details through the API for the scan summary, the total host alive count was displayed as 0, despite 1,000 assets being scanned. Relevant code changes are made to fix the issue.
VM - API General Vulnerability Management When the user executed the SCIM API to create user (/api/2.0/fo/scim/) a code 999 error was encountered. Relevant code changes have been made to fix the issue and now users are getting created using SCIM API. 

 

For the list of issues addressed in Policy Compliance / Policy Audit, refer to the Policy Audit UI Release Notes for Release 1.1.0.