A new release of QualysGuard®, Version 6.18, will be available in production on Tuesday, April 12th 2011. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PDT (19:00 GMT) and 6 PM PDT (01:00 AM GMT next day).
QualysGuard 6.18 includes the following enhancements:
- SNMP v2c/v3 Support: For QualysGuard 6.18, the SNMP authentication feature has been enhanced to provide users the ability to enter login credentials for authenticating to SNMPv2c and SNMPv3.
QualysGuard Vulnerability Management Enhancements:
- PCI Vulnerability Flag Added to Scan Reports: In QualysGuard 6.18, vulnerability details in scan results and template-based scan reports now include the element <PCI_FLAG> that indicates whether the vulnerability must be fixed in order to pass a PCI compliance scan.This information helps users to immediately determine which vulnerabilities must be fixed for PCI compliance goals without having to run additional PCI compliance scans.
QualysGuard Policy Compliance Enhancements:
- Improvements to Policy Editor and Reporting: For QualysGuard 6.18, improvements were made to the policy editor and policy reporting. Improvements include: 1) new fixed value checkboxes in the policy editor, 2) text input fields automatically resize as you type, and 3) formatting and layout enhancements for better readability in your policy editor and reports.
All controls fall into one of the following categories:
- The control only allows user-customized criteria. User must select the operator, cardinality and enter an expected value. This is how controls work prior to this release.
- The control only allows fixed value selections. User must select/clear checkboxes.
- The control allows a combination of user-customized criteria and fixed value selections.
QualysGuard API Enhancements:
- Authentication API Updates for SNMPv2c andSNMPv3: For QualysGuard 6.18, updates were made to the SNMP scan authentication API to add support for SNMPv2c and SNMPv3. Users can now create and update authentication records for these newly supported SNMP versions. SNMP records created prior to this release are are set to SNMPv1 by default.
The/api/2.0/fo/auth/snmp resource is used to manage SNMP authentication records. For this release, changes were made to input parameters used to add or edit an SNMP record (action=create and action=update) and the SNMP authentication list DTD (auth_snmp_list_output.dtd).
- PCI Flag Added to Asset Data Report: For QualysGuard 6.18, updates were made to the XML output for QualysGuard reports to reflect the PCI status for each vulnerability listed. A PCI flag value of “1” indicates that the vulnerability must be fixed to pass a PCI compliance scan. This information is shown in the <PCI_FLAG> element in the Asset Data Report DTD (asset_data_report.dtd).
- Map Title Added to Map Report List: For QualysGuard 6.18, updates were made to the map report list API to include the title of the map report. This information is shown in the <TITLE> element in the Map report list DTD (map_report_list.dtd).
- Compliance Policy Report XML: For QualysGuard 6.18 improvements were made to the policy editor and policy reporting. Updates were made to the compliance policy report XML. Changes were made to the compliance policy report DTD (compliance_policy_report.dtd). The policy report XML is returned when you download a saved policy report using the Report Share API or the QualysGuard user interface.
- Compliance Posture Information Output XML: For QualysGuard 6.18, improvements were made to the policy editor and policy reporting. Updates were made to the compliance posture information output XML. Changes were made to the compliance posture information DTD (posture_info_list_output.dtd). The compliance posture information output XML is returned from an API request for compliance policy posture information.
Full release notes will be available to customers from within the Resources section of your QualysGuard account. To receive more information on QualysGuard 6.18, please visit the Qualys Community at https://community.qualys.com or contact your Technical Account Manager or Qualys' Technical Support Department at firstname.lastname@example.org.