1 2 3 Previous Next 117 Posts tagged with the pc tag

A new release of Qualys Cloud Suite, Version 8.7 includes an API update which is targeted for release in January 2016.   The specific day will differ depending on the platform.  See platform release dates for more information. This API notification provides an early preview into the coming API changes, allowing you to proactively identify any changes that might be required for your automated scripts or programs that utilize the API methods.

 

This release includes features with changes to XML, CSV output, and/or DTD which could impact existing API implementations.  Notification about other new API features along with additional details and examples will be posted prior to the release.

 

For details about the changes, please see the attached detailed release notification below.

 

What's New

  1. Scan Report List - New Target Element
  2. VM - Vulnerability Threat Intelligence Information
  3. VM - Easily Identify Vulnerabilities Supported by Module
  4. VM - First Found Date Added to Asset Search Report CSV, XML

 

Scan Report List - New Target Element

The Scan Report List API (/msp/scan_report_list.php) is used to retrieve a list of saved scan reports in XML format. A new TARGET element in the XML output lists the IP address(es) that were scanned. In previous releases, the target was shown as an attribute of the SCAN_REPORT element.  There are changes to the XML output and DTD.

 

VM - Vulnerability Threat Intelligence Information

We’ve added Real-time Threat Indicators to the vulnerabilities in our KnowledgeBase and you can easily report on them to get threat intelligence information right away.

 

Real-time Threat Indicators are data points collected per vulnerability that contain accurate, timely and actionable information aggregated from multiple reliable data sources, allowing you to prioritize and filter the flood of security alerts.

 

Current Real-time threat indicators include values such as Zero Day, Exploit Public, Active Attacks, High Lateral Movement, Easy Exploit, High Data Loss, Denial of Service, No Patch.

 

Changes are made to the Dynamic Search List API (v2), KnowledgeBase API (v2), and KnowledgeBase Download (v1).  Please review the release notes for details of the changes to the API calls, XML Output, and DTD.

 

VM - Easily Identify Vulnerabilities Supported by Module

Now you can find out what vulnerabilities in our KnowledgeBase are supported by different Qualys modules - VM, Cloud Agent, WAS, WAF and MD. Use the KnowledgeBase Search option to identify vulnerabilities that can be detected by VM scans, Windows Cloud Agent and Linux Cloud Agent plus more. We’ve added a supported modules section to the vulnerability (QID) information, and this is where you’ll see the Qualys modules that may be used to detect each QID.

 

Changes are made to the Dynamic Search List API (v2), KnowledgeBase API (v2), and KnowledgeBase Download (v1).  Please review the release notes for details of the changes to the API calls, XML Output, and DTD.

 

VM - First Found Date Added to Asset Search Report CSV, XML

You can now view the First Found Date of an asset in the same way you download other data of the Asset Search Report.

The report can be downloaded from the Asset Search Report page, or via the Asset Search API (v1).

 

Please review the release notes for details of the changes to the API calls, XML Output, and DTD.

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.  We are also expanding our coverage of mandate-based policies with out of the box coverage of industry and government regulations such as PCI and HIPAA.

 

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

 

New and Updated CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls.  Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

 

Qualys' Certification Page at CIS has been updated:  https://benchmarks.cisecurity.org/membership/certified/qualys

 

Recent additions to the policy library include the following certified CIS Benchmarks:

  • CIS Benchmark for Oracle Enterprise Linux 7 v1.1.0
  • CIS Benchmark for Microsoft SQL Server 2014 Database Engine
  • CIS Benchmark for CentOS Linux 7, v1.1.0
  • CIS Benchmark for Microsoft IIS 8.x, v1.1.0 (Updated)
  • CIS Benchmark for Microsoft IIS 7.x v1.3.0 (Updated)

 

New and Updated Vendor Recommended Best Practice Policies

  • MS SCM - Compliance and Security Policy for Microsoft Windows Server 2012 R2 [Domain Controller]
  • MS SCM - Compliance and Security Policy for Microsoft Windows Server 2012 R2 [Member Server]
  • MS SCM - Compliance and Security Policy for Microsoft Windows 8.1 (Updated)

 

If you have any questions please contact your TAM or Technical Support.

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.  We are also expanding our coverage of mandate-based policies with out of the box coverage of industry and government regulations such as PCI and HIPAA.

 

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

 

New and Updated CIS Benchmarks

 

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls.  Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

 

Qualys' Certification Page at CIS has been updated:  https://benchmarks.cisecurity.org/membership/certified/qualys

 

Recent additions to the policy library include the following certified CIS Benchmarks:

  • CIS Benchmark for Apache HTTP Server 2.4, v1.2.1
  • CIS - Apple OS X 10.10, v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 7, v1.1.0
  • CIS Benchmark for SuSE Enterprise Linux Server 10.x v2.0
  • CIS Benchmark for SuSE Enterprise Linux Server 11.x, v1.1.0
  • CIS - VMware ESXi 5.5, V1.2.0

New Vendor Recommended Best Practice Policies

  • MS SCM - Compliance and Security Policy for Microsoft Windows 8.1

 

New Mandate-based Policies

  • NIST Cyber Security Framework (CSF) v1.0
  • Health Insurance Portability and Accountability (HIPAA) - Security Rule Standards and Implementation Specifications)

 

 

If you have any questions please contact your TAM or Technical Support.

We will be releasing new controls that will require some customers to make changes to their Oracle targets.


For customers that grant granular permissions to allow access to our Oracle assessment capabilities, new CID's are being released that require additional rights to be granted.  Failure to grant the new rights will result in an error when you assess your Oracle environment.

 

We are providing advanced notice to give you time to implement these changes.  If you use an account with full read privileges or broader permissions than the minimum privileges recommended in the documentation, you will likely not be affected by this change.


This update will occur no earlier than August 15, 2015 to allow time for updates to your Oracle environment.


Please contact your TAM or technical support if you have any concerns or questions.

 

New Controls

 

9672 - Monitor the action of jobs so they don't contain external commands.

9670 - List of all active database links

 

Rights Required

 

The GRANT statements needed to allow the scan user SELECT access to these underlying signatures are:

GRANT SELECT ON DBA_SCHEDULER_JOBS TO QUALYS_ROLE;

GRANT SELECT ON V_$DBLINK TO QUALYS_ROLE;


Please see the attached Example Query for Verifying Required Rights

 

*PLEASE NOTE* This SQL Script assumes that you are leveraging our scanning document and have created a QUALYS_ROLE.  If a different role name was used, please replace QUALYS_ROLE accordingly.

This new release of the Qualys Cloud Suite, version 8.5, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

 

Cloud Platform: You can now add multiple scanners to a scan, simplifying the balancing of scans across devices in large deployments.  Also, a number of improvements have been added making it easier to work with and report on Authentication Records along with several improvements to notifications.

 

Vulnerability Management: There are several scanning and reporting improvements in this release, along with the initial capabilities for SSL Labs integration into VM.

 

Policy Compliance: There are several improvements to make it easier to use Policy Compliance by hiding unneeded technologies and policies throughout the UI.  You can also now create a CSV Report of your policy configuration, a feature many have been asking for!  Platform support has been expanded with coverage for new technologies and the UDC has been enabled for 8 new versions of popular OS's.

 

 

Feature Highlights

 

 

 

 

Qualys Cloud Suite 8.5 will be released in the coming weeks.  For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:

 

Qualys Cloud Platform Updates

 

Select Multiple Scanner Appliances for Scans

 

With this release you can select multiple scanner appliances for your internal vulnerability and compliance scans (PC and SCAP). This is especially useful when scanning a large number of hosts because it allows you to distribute the scan task across scanner appliances.

 

fig1.png

 


 

Set Expiration Date for Excluded Hosts

 

You can now set an expiration date when adding IPs to the Excluded Hosts list. When the date is reached, the IPs are automatically removed from the list and made available again for scanning. We’ll send you an email 7 days before removing the IPs, allowing you time to change the date if you want. To notify other users, simply add distribution groups and the email will be sent to them as well.

 

fig2.png

 


 

Last Scan Date added to Authentication Record Details

 

Drill down into authentication record details to see the date/time of the last authenticated scan for each host in the record. This is when the Pass/Fail status was last updated for the host.

 

The Credentials Breakdown options (on the authentication dashboard) only consider hosts scanned in the last 30 days. Now you can easily identify hosts that aren’t being counted because they were scanned more than 30 days ago.

 

fig4.png

 


 

More Host Info in Authentication Reports

 

The following information has been added to the report for each host: 1) the host’s operating system, 2) the last time you scanned the host with authentication, and 3) the last time authentication was successful.

 

fig5.png

 


 

Send Email Notifications to Bcc List

 

You can now select “Send as Bcc” in your distribution group settings. We’ll hide the list of recipients any time the distribution group is selected for a notification - scan notifications, report notifications, vulnerability notifications, etc.

 

fig7.png

 


 

Get Notified Before Your Account Expires

 

The Manager Primary Contact (for the subscription) will now receive an email notification when the account is going to expire with details on how to renew.  The email is sent 45 days, 30 days, 14 days and 7 days before the expiration date, and every day after that until the expiration date.

 

fig8.png

 


 

 

Vulnerability Management (VM)

 

SSL Labs Grade added to Certificates List

 

We’re excited to announce that we’ve integrated SSL Labs with Qualys VM. When enabled, you’ll get a letter grade (A+, A, A-, B, C, D, E, F, T, M, NA) for each certificate on your certificates list. Grades are updated automatically each time new vulnerability scan results are processed for your hosts.  Please Note – The SSL Labs Grade feature must be enabled for your subscription. Please contact your Technical Account Manager or Support to get this feature.

 

 

fig9.png

 


 

 

Algorithm added to Certificates List

 

For each certificate you’ll see the algorithm (sha1WithRSA, md5WithRSA, etc) in the new Algorithm column. Just go to VM > Assets > Certificates to see it.

 

fig12.png

 


 

 

Identify Vulnerabilities on Non-Running Kernels

 

With this release, users can create reports that show non-running kernels in the vulnerability details. This way you can identify vulnerabilities found on a kernel that is not the active running kernel.

 

A new option “Display non-running kernels” has been added under “Non-Running Kernels” on the Filter tab of report templates for scan, patch, and scorecard reports.

 

fig14.png

 

 


 

 

View QIDs Applicable to Report Filters

 

With this release you can identify the vulnerabilities that apply to these report template filters: “Exclude QIDs on non-running services” and “Exclude QIDs not exploitable due to configuration”. These filters appear in templates for scan reports, patch reports and scorecard reports.  You can also find these QIDs in the KnowledgeBase and create a search list based on these options.

 

fig16.png

 


 

 

Select time frame for Scorecard Reports

 

We have enabled time frame selection for Scorecard reports. This means only the scan results during the period defined by you will be displayed in the Scorecard Report.  Using the Host Scan Date you have options like today, all dates before, all dates after, date range, in the previous day, week, month, year, etc, to define the time frame.

 

 

fig19.png

 


 

 

Policy Compliance (PC)

 

Ability to Deactivate Policies

 

You can now mark policies that you are not using in your account as Inactive.  Policies that are in inactive state will not be scanned or reported on.

 

You may want to hide a new policy while you’re working on it and then publish it at a later time. Or let’s say a  policy has become out of date and you want to edit the policy before republishing it. In such cases you mark the policy inactive and make the required changes. Only after you activate the policy, it will be available for scanning and reporting.

 

When you deactivate a policy:
- No posture evaluation will take place for the policy
- The policy will be hidden from your dashboard, reports and exceptions
- Any policy report schedules for the policy will be deactivated
- The policy will be removed from compliance scorecard reports
- The policy will be removed from option profiles (with the Scan by Policy option enabled)

 

fig20.png

 


 

View Preferred Technologies with Configurable Account Filters

 

You can now hide technologies that you do not use on a regular basis.  By hiding these technologies, you no longer need to go through the whole list of all the available technologies to select the ones you want.  This is especially useful while searching controls by technologies. Only the controls related to the preferred technologies are displayed and are available for search.

 

fig22.png

 


 

Platform Support for Apache Tomcat and Microsoft SQL Server 2014

 

We now support compliance scans for tomcat servers running on Unix hosts. Simply create a new Tomcat Server authentication record with details about your Tomcat installation and instance. Unix authentication is required so you’ll also need a Unix record for the host running the server.

 

fig23.png

 

Instance-based support has been added for Microsoft SQL Server 2014.  You will use the same Authentication Records and configuration as you have in the past for older supported versions of Microsoft SQL Server.

 

fig26.png

 


 

Extended UDC Support for New Technologies

 

These technologies are now supported for user defined controls:

  • Windows 8.1
  • Windows Server 2012 R2
  • Mac OS X 10.10
  • Mac OS X 10.9
  • Red Hat Enterprise Linux 7.x
  • Oracle Enterprise Linux 7.x
  • CentOS 7.x
  • Ubuntu 12.x

 

fig25.png

 


 

Export Policy Configuration Details to CSV

 

You can now export a policy to your local system in CSV format. This lets you quickly and easily share the policy and compare it to other policies you may have. A policy exported in CSV format will display information about Sections, Controls and Expected values.

 

fig27.png

 


 

Evidence Details Added to SCAP CSV Report

 

Evidence Details have been added to the SCAP CSV Report.  By reviewing the evidence you can determine why a rule passed or failed for a host. The evidence content includes nodes (definitions and test sections) that represent the logic of the rule and the scan tests performed on the host

 

Example:

 

<EVIDENCE>
  <definition id="oval:gov.nist.usgcb.xp:def:45" title="Access Audit for Global System Objects Disabled" description="Audit the access of global system objects is disabled" result="Pass"/>
  <AND result="Pass">
    <definition id="oval:org.mitre.oval:def:105" title="Microsoft Windows XP is installed" description="The operating system installed on the system is Microsoft Windows XP." result="Pass"/>
    <test id="oval:gov.nist.usgcb.xp:tst:9" comment="Registry key HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\AuditBase Objects matches oval:gov.nist.usgcb.xp:var:45" result="Pass">
      <expected>type : reg_dword ^(0|1)$</expected>
      <actual>HKEY_LOCAL_MACHINE System\CurrentControlSet\Control\Lsa AuditBaseObjects reg_dword 0 32_bit </actual>
    </test>
  </AND>
</EVIDENCE>



 

fig28.png

 


 

Release Schedule

For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.  We are also expanding our coverage of mandate-based policies with out of the box coverage of industry and government regulations such as PCI and HIPAA.

 

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

 

New and Updated CIS Benchmarks

This month's updates include: Red Hat Enterprise Linux 6, HP-UX 11i v3, Windows 8.1, and Windows Server 2012 R2

  • Updated CIS Benchmark for Red Hat Enterprise Linux 6, v1.3.0 [Scored, Level 1 and Level 2]
  • CIS Benchmark for HP-UX 11iv3, v1.5.0 [Scored]
  • CIS Benchmark for CIS Benchmark for Microsoft Windows 8.1, v1.1.0, [Scored, Level 1 and Level 1 + BitLocker]
  • CIS Benchmark for CIS Benchmark for Microsoft Windows 8.1, v1.1.0, [Scored, Level 1]
  • CIS Benchmark for Microsoft Windows Server 2012 R2, v1.1.0, [Scored, Domain Controller]
  • CIS Benchmark for Microsoft Windows Server 2012 R2, v1.1.0, [Scored, Member Server]

 

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls.  Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

 

Qualys' Certification Page at CIS has been updated:  https://benchmarks.cisecurity.org/membership/certified/qualys

 

If you have any questions please contact your TAM or Technical Support.

The U.S. National Institute of Standards and Technology (NIST) has today certified Qualys SCAP Auditor 1.2 for use by federal agencies as an SCAP tool. Federal agencies are required to use the Security Content Automation Protocol (SCAP) to automate the vulnerability management and policy compliance processes they use to demonstrate compliance with FISMA and USGCB mandates.

 

Qualys SCAP Auditor is the first certified cloud-based solution meeting SCAP requirements. Qualys SCAP Auditor allows federal agencies to scan and report compliance with standardized desktop security configuration requirements using a centralized, integrated solution featuring the Qualys Software-as-a-Service (SaaS) architecture. Qualys Scanner Appliances support USGCB scanning for internal systems on a global basis. Qualys solutions in the Qualys Security and Compliance Suite also enable immediate compliance with other key FISMA requirements by allowing subscribers to automatically discover and manage all devices and applications on the network, identify and remediate network security vulnerabilities, measure and manage overall security exposure and risk, and ensure compliance with internal and external FISMA policies.

 

With the growing adoption of SCAP, Qualys SCAP Auditor 1.2 is committed to continuing support for the United States Government Configuration Baseline (USGCB).  Government agencies and associated industries should use the SCAP-validated Qualys SCAP Auditor service to test and assess compliance with FDCC and USGCB standards.

 

NIST has validated Qualys SCAP Auditor 1.2 as conforming to the following SCAP capabilities:

  • Authenticated Configuration Scanner
  • Common Vulnerabilities and Exposures (CVE)
  • assessment of: Windows 7 (32 and 64 bit) and Red Hat Enterprise Linux (RHEL) 5 Desktop (32 and 64 bit)

 

The Qualys SCAP 1.2 Auditor is compliant with SCAP version 1.2: XCCDF 1.2, OVAL 5.10, CCE 5, CPE 2.3, CVE, and CVSS 2, OCIL 2.0, CCSS 1.0, Asset Identification 1.1, ARF 1.1, TMSAD 1.0.  This certification covers the ability to audit and assess a target system to determine its compliance with USGCB requirements.  Previous certification was for SCAP 1.0 which provided coverage for FDCC.  In addition to the SCAP certified assessment capabilities, SCAP Auditor can process SCAP tier III content intended for the following systems: Windows 7 (32 and 64 bit), Windows XP (32 bit), Windows Vista, Windows 2008, Windows 2012, RHEL 5 (32 and 64 bit) and most Linux distributions.

 

USGCB

What is the United States Government Configuration Baseline? How does it differ from FDCC?

 

In May 2010, the Architecture and Infrastructure Committee of the CIO Council announced the United States Government Configuration Baseline (USGCB) settings for Windows 7 and Internet Explorer 8. The USGCB is a further clarification of the Federal Desktop Core Configuration (FDCC); specifically, the USGCB initiative falls within FDCC and comprises the configuration settings component of FDCC. To assist in implementation, NIST will release the supporting Security Content Automation Protocol (SCAP) content for all USGCB settings.

 

See additional information about Qualys SCAP Auditor 1.2.

This new release of the Qualys Cloud Suite, version 8.4, includes updates for usability and functionality across the platform as well as Vulnerability Management and Policy Compliance.

 

Feature Highlights

 

 

Qualys Cloud Suite 8.4 will be released in production in the coming weeks and includes enhancements to Vulnerability Management (VM) and Policy Compliance (PC), the Qualys Cloud Platform and the API.

 

For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:

 

Qualys Cloud Platform Updates

 

Launch Scan from the Host Assets List

We’ve heard from customers the need to quickly perform ad-hoc scans directly from the host assets list; the following two features will enable that capability.

 

platform1.png

 


Launch Scan on EC2 Classic Hosts Only

Now you can avoid scanning VPC hosts in a selected EC2 region. Just select the new checkbox “Only scan EC2 Classic Hosts in the region” when defining your EC2 scan.

 

platform2.png

 

We’ve received feedback that previously deleting networks was a long task due to having to remove the data within the networks first.  We’ve now automated that task and provided a wizard to detail what exactly you’re deleting.

 


Delete Networks with Data

Now you can easily delete networks, even if there is data associated with your network.

 

platform3.png

 

We’ll provide you with a conflict report when the network has data associated with it like assets, schedules and scanner appliances. Review the report for all the details.

 

Check out this sample report:

 

platform4.png

 


Support for MySQL Authentication

We’ve expanded database authentication to include MySQL databases.

 

platform5.png

 


Show Passing Credentials in Breakdown

With one click you can find authentication records with credentials that were successful 100% of the time (in the last 30 days). Tip – The credentials breakdown is a great way to learn about your records – which ones are failing, problematic, unused, etc.

 

platform6.png

 


Change Your Time Zone

Your time zone setting affects how dates/times will be shown in the UI and reports. By default it’s set to your browser’s time zone (Auto). Your time zone selection will be the default for new schedules. You can override the time zone in the Scheduling details.

 

platform7.png

 


New Columns added to the Users List

The SAML SSO column identifies whether SAML is enabled for the user’s account. The External ID column shows the external ID assigned to the user, if any.

 

platform8.png

 

New columns are hidden initially. When the option is selected to show the columns in the list, the details will appear in downloaded reports. You can quickly find users that have SAML SSO enabled or disabled by using the Search and Filter options above the Users list.

 

platform8a.png

 


Enhanced Support for Restricted View of User Information

We’ll no longer show a user’s email address and phone number in the Users list to users outside of their Business Unit. This is in addition to the following information which is already hidden: fax, address, SAML SSO and external ID.  Managers can restrict the view of user information.

 

platform9.png

 

platform9a.png

 


New Extended View of Asset Groups within Workflows

Users will now be able to view the asset group information when they need it – while selecting asset groups for scans and reports. Starting with release 8.4, we have made enhancements by adding an extra column named “Info” in the Select Asset Groups window. This column provides a clickable information icon against every asset group listed in the window.

 

The detailed information displays in a separate frame within the “Select Asset Groups” window. Users with permissions to edit asset groups can also edit the asset group.

 

platform10.png

 

platform11.png

 


Improved Asset Group Auto-Complete Widget

We have added improved auto-complete functionality to the Asset Groups widget for asset group selection in Scans, Assets, Reports, and other launch pages. The new multi-select combo box provides features like auto-complete, multiple selection of items, clearing all items in one go, and adding or removing the selected items. The combo box expands as the number of items increase allowing you to view all selected items without scrolling inside the component.

 

platform12.png

 


Change Contact Info in Email Notifications

You may want to change the contact that appears in email notifications to ensure users are reaching out to the appropriate person or group. Managers can provide a single contact for the subscription, and they can allow Unit Managers to override the contact for each business unit.

 

platform13.png

As a Manager, you can change the name and email address to display for a contact.

 

 

 

Vulnerability Management (VM)

 

Ability to Delete Domains

While the ability to delete domains has been available by request from support, we’ve now added the ability for our customers to delete those domains themselves.

Managers can now delete domains from the subscription. Any domain can be deleted except for the system-provided domain “qualys-test.com”.

 

 

What happens next?

  • The unique domain (network/domain) will be removed from the account along with any map data associated with it. This data cannot be recovered once deleted.
  • Any scheduled maps on the domain will be deactivated at the next scheduled launch time.

 


Find Out when a Host was First Discovered by a Map

The Host Information window provides the detailed information including the “First Found” date.

 

If a dash is displayed, your host was not discovered by a map, or it was discovered before December 2011, which is when we started saving the first found date.

 

 

You can also use the Asset Search to list hosts found within a certain time frame, for example hosts found within the last 30 days.

 

 

On clicking Search the Asset Search Report opens.

 

 


Easily Disable DNS Traffic for Your Maps

If your maps are generating too much DNS traffic, overwhelming your DNS server(s), or you want to get a map back quickly, you can disable DNS traffic in an option profile and run your maps using that profile.  This option applies only to maps on target domains with netblock(s), e.g. none:[10.10.10.2-10.10.10.100].

 

How it works
We’ll perform network discovery only for the IP addresses in the netblocks:

  • No forward or reverse DNS lookups, DNS zone transfers or DNS guessing / bruteforcing will be made
  • DNS information will not be included in map results

 


New Ways to Search and View Certificates

Tag-based Certificate Search: This new option on the Certificates dashboard allows you to filter the list to only show certificates for hosts with certain tags. If you don’t see this option, Asset Tagging is not enabled for your account. Please contact your Account Manager or Support to get this feature.

 

 

Additional Certificate detection via Option Profile: Finding certificates is no longer limited to the ports only. With this new option (and the use of authentication) we can find certificates in more locations on your hosts, like in Apache, Tomcat, Java KeyStore, and Windows IIS.

 

Newly discovered certificates will be added automatically to your certificates list as new scan results are processed. Certificate details will include the location where the certificate was found. A certificate may be found on a port, on a location or both. A new search option lets you quickly find certificates found exclusively on ports.

 

 

View the Signature Algorithm: You can now view the signature hash algorithm in the Certificate Information page.

 

Note – You must run new vulnerability scans on your hosts to get this information.

 

New information details – signature algorithm and location – will also appear in the CSV report when you click Download.

 

 


Remediation Policy Rule – Exclude Non-Running Kernels

By selecting this option, you can be sure tickets are only created for vulnerabilities found on the running Linux kernel. Sound familiar? That’s because this filter already exists in your scan report templates for filtering vulnerabilities from your reports.

 

 


Patch Report – Display CVSS Base Scores

A new option is available in the patch report template to display CVSS base scores. For each patch, you can show the assigned score for the patch detection or the highest score across all QIDs fixed by the patch. You’ll also see the score for each QID in your report (when you choose to display QIDs).

 

 

Check out the following samples. The assigned score for patch MS10-030 is 9.3 and the highest score is 10. Also note the CVSS Base score for each QID fixed by the patch.

 

 

 


Most Vulnerable Hosts Report – Filter QIDs by Severity

Your Most Vulnerable Hosts Scorecard Report will now include confirmed vulnerabilities with severity 3 and above by default (previously this report included severity 4 and 5 only). Edit the filter settings in your scorecard template to include more or fewer severity levels.  When you choose to filter QIDs by severity level, you cannot also filter QIDs by search list.

 

 

This sample report shows the 10 most vulnerable hosts – the hosts with the highest number of vulnerabilities with severity levels 3, 4 and 5.  When you include confirmed and potential vulnerabilities, we’ll add them together and show the sum for each severity level.

 

 

 


Vulnerability Scorecard Report – PDF Improvements

You’ll notice these improvements to the PDF version of the Vulnerability Scorecard Report: 1) we now display the Business Risk Goal setting and 2) nicer page breaks.

 

 

 


CVSS Vectors added to CSV reports

Your vulnerability scan reports in CSV format will now show the CVSS vector for each CVSS Base and Temporal score. The vector is a string of abbreviated metrics and values that describe the components used to calculate the score. For example, you might see:

    CVSS Base
    9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

 

In this example, the base vector includes these metric values: Access Vector: Network, Access Complexity: Medium, Authentication: None, Confidentiality Impact: Complete, Integrity Impact: Complete, Availability Impact: Complete.

 

Want to know more? Go to CVSS v2 Complete Documentation

 

Here’s a sample report:

 

 

 


Associated Tags added to CSV reports

With this release vulnerability scan reports in CSV format will show asset tags associated with each host listed in the report. Tags appear in a new “Associated Tags” column when your report target includes asset tags and your report template is configured for host based findings (automatic data). Associated tags already appear in other report formats like HTML and PDF.

 

Here’s a sample report:

 

 

 

Policy Compliance (PC)

 

Reopen Exceptions when Evidence changes

With this option, we’ll automatically reopen an exception if a future scan returns a value for the control that is different than the value at the time of the original approval when the control is still failing.

 

For example, let’s say CID 1071 “Status of the ‘Minimum Password Length’ setting” has an expected value of 8 and your host returned a value of 5, which is failing. You request an exception for the host and it gets approved. The next scan of the host returns a value of 6 which is an improvement but still failing. If the reopen feature was enabled, then the exception status changes from Approved to Pending. The exception will need to be re-evaluated and approved again.

 

You can choose this option when requesting the exception or when approving it.

 

 

You’ll see a check mark next to the Approved status when the option “Reopen exception on change of evidence” is enabled for the exception.

 

 


Criticality added to Dashboard and Reports

Get trend information and control statistics broken down by criticality. Check out the changes we made to the Dashboard, Policy Summary and Scorecard Report.

 

Dashboard: Get passed/failed statistics across all your policies for each criticality level.

 

 

Policy Summary: This new pie chart shows the number of failed control instances at each criticality level.

 

 

Scorecard Report: Edit your scorecard report template to select the criticality levels and sections to include in your reports.

 

 

Here’s a sample scorecard report. Check out the new pie chart in the Report Discoveries section.

 

 

Scroll down further to see the Compliance by Criticality section.

 

 

The last section of the report shows the Top 5 failed controls for each criticality level.

 

 

 


Apache HTTP Server 2.4 Support

We’ve extended our support for Apache Web Server authentication to include Apache HTTP Server 2.4. These technologies are already supported: Apache HTTP Server 2.2, IBM HTTP Server 7.x and VMware vFabric Web Server 5.x.

 

 

 


Policy Library Content and Label Updates

Finding the policy you want in our Compliance Policy Library is easier than ever. Just choose one of the new labels on the left to filter the list. “New” policies were added in the last 90 days and “Updated” policies were changed in the last 90 days.

 

 

We've also removed the unlocked versions of the CIS Benchmarks, and older content that has been replaced with newer versions of policies.

 

 

Release Schedule

For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:

Qualys’ library of built-in policies makes it easy to comply with commonly-adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.  We are also expanding our coverage of mandate-based policies with out of the box coverage of industry and government regulations such as PCI and HIPAA.

 

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

 

This month's updates include:

  • New and Updated CIS Benchmarks: AIX 6, Red Hat Enterprise Linux 6, Oracle 11gR2, Mac OS X 10.8, Mac OS X 10.9

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls.  Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

    • CIS Benchmark for AIX 6.1, v1.1.0 [Scored, Level 1 and Level 2]
    • CIS Benchmark for AIX 6.1, v1.1.0 [Scored, Level 1]
    • CIS Benchmark for Red Hat Enterprise Linux 6, v1.3.0 [Scored, Level 1 and Level 2]
    • CIS Benchmark for Red Hat Enterprise Linux 6, v1.3.0 [Scored, Level 1]
    • CIS Benchmark for Oracle Database Server 11-11g R2, v1.0.0 [Scored]
    • CIS Benchmark for Apple Mac OS X 10.8, v1.1.0, [Scored, Level 1]
    • CIS Benchmark for Apple Mac OS X 10.8, v1.1.0, [Scored, Level 1 and Level 2]
    • CIS Benchmark for Apple Mac OS X 10.9, v1.0.0, [Scored, Level 1 and Level 2]
    • CIS Benchmark for Apple Mac OS X 10.9, v1.0.0, [Scored, Level 1]

 

Qualys' Certification Page at CIS has been updated:  https://benchmarks.cisecurity.org/membership/certified/qualys

 

  • New Mandate-Based Policy: Abu Dhabi Systems and Information Centre - Information Security Standards (Abu Dhabi Government) Version 2.0

This Policy is based on the Security and Compliance Guidance provided by the 'ABU DHABI SYSTEMS & INFORMATION CENTRE - Information Security Standards, version 2.0'.  The Abu Dhabi Information Security Standards document is intended to guide Entities and business partners in areas requiring focus for the application of Information Security controls. Adherence to the Control Standards supports Information Security controls being deployed consistently across Abu Dhabi Government Entities (ADGEs). The standard could be downloaded from the link: https://www.abudhabi.ae/cs/groups/public/documents/attachment/mzyy/ndiy/~edisp/adsic_nd_362422_en.pdf.


If you have any questions please contact your TAM or Technical Support.

We will be releasing new controls that will require some customers to make changes to their Oracle targets.

 

For customers that grant granular permissions to allow access to our Oracle assessment capabilities, new CID's are being released that require additional rights to be granted.  Failure to grant the new rights will result in an error when you assess your Oracle environment.

 

We are providing advanced notice to give you time to implement these changes.  If you use an account with full read privileges or broader permissions than the minimum privileges recommended in the documentation, you will likely not be affected by this change.

 

This update will occur no earlier than March 31, 2015 to allow time for updates to your Oracle environment.

 

Please contact your TAM or technical support if you have any concerns or questions.

 

New Controls

9118 -  Status of the Fine Grained access control within objects.
9168 - Access to database objects by a fixed user link must be allowed and users must not have execute

8005 - Status of the OWBSYS default password
8006 - Status of the SI_INFORMTN_SCHEMA default password
8007 - Status of the SPATIAL_CSW_ADMIN_USR default password
8008 - Status of the SPATIAL_WFS_ADMIN_USR default password
8009 - Status of the SYS default password
8010 - Status of the SYSTEM default password
8011 - Status of the default password - WK_TEST
8012 - Status of the WKPROXY default password
8013 - Status of the WKSYS default password
8014 - Status of the WMSYS default password
8015 - Status of the XDB default password
8339 - Status of the Oracle control file permissions
8340 - Status of the Oracle 'log_archive_dest_n' file permissions
8343 - Status of the Oracle datafiles permissions
8353 - Status of the access to the DBMS_CRYPTO package
8354 - Status of the NOLOGGING setting
8412 - Status of third-party application 'default passwords' in the dba_users table on the Oracle instance

 

Rights Required

The GRANT statements needed to allow the scan user SELECT access to these underlying signatures are:

GRANT SELECT ON DBA_POLICIES TO QUALYS_ROLE;

GRANT SELECT ON DBA_FGA_AUDIT_TRAIL TO QUALYS_ROLE;

GRANT SELECT ON DBA_TABLES TO QUALYS_ROLE;

GRANT SELECT ON SYS.USER$ TO QUALYS_ROLE;

GRANT SELECT ON DBA_PROXIES TO QUALYS_ROLE;

GRANT SELECT ON V_$ARCHIVE_DEST TO QUALYS_ROLE;

GRANT SELECT ON V_$CONTROLFILE TO QUALYS_ROLE;

GRANT SELECT ON DBA_DATA_FILES TO QUALYS_ROLE;

GRANT SELECT ON DBA_USERS_WITH_DEFPWD TO QUALYS_ROLE;

GRANT EXECUTE ON DBMS_CRYPTO TO QUALYS_ROLE;

 

Please see the attached Example Query for Verifying Required Rights

 


*PLEASE NOTE*  This SQL Script assumes that you are leveraging our scanning document and have created a QUALYS_ROLE.  If a different role name was used, please replace QUALYS_ROLE accordingly.

Summary: This is a minor change to add flexibility in expanded platform support.  There will be no downtime with this update, but you will need to make changes to policies and possibly some controls being used against Windows 2012 R2 or Windows 8.1.

 

Details:

Some controls in Policy Compliance require different control logic for different subversions of the OS platform.  In order to support variations that may occur in controls for Microsoft Windows 2012 R2 and Windows 8.1, we will be adding these as separate technologies within Qualys Policy Compliance.  Some users may be using the existing Windows 2012 or Windows 8 technologies in their policies and assessing these platforms.  We are in the process of building the same control set for the new technologies and plan to release these once all controls have been developed.  Our current target is February 16, 2015.  We will not make any changes prior to this date.

 

Active Directory controls are tied to their own technology.  Controls for Windows 2012 and Windows 2012 R2 Active Directory do not have the same variations as the local OS controls, and as such, these controls will not be in separate technologies.  To make sure it is clear, the technology will be renamed to indicate coverage of both Windows 2012 and Windows 2012 R2 controls.  There should not be an impact with this change.

 

Once the control development and testing is complete and published, you will need to add the new technologies to your policies and where necessary, configure controls for those target platforms.  Once released, the Windows 2012 and Windows 8 technologies will no longer be able to assess the newer versions of those platforms.

 

If you have any further questions regarding this upgrade, please feel free to contact Qualys Technical Support at support@qualys.com or +1 (866) 801 6161 (US and Canada) or +44 (0)1753 872102 (UK) or +33 1 41 97 35 81 (France).

 

We thank you for your continued support and look forward to your feedback.

This new release of the Qualys Cloud Suite includes multiple improvements to Vulnerability Management and Policy Compliance.

 

Feature Highlights

 

 

Qualys Cloud Suite 8.3 will be released in production in the coming weeks and includes enhancements to Vulnerability Management (VM) and Policy Compliance (PC), the Qualys Cloud Platform and the API.

 

For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:

 

 

 

Qualys Cloud Platform Updates

 

New Getting Started Tutorials: You’ll see Get Started Tutorials as you navigate the main sections of the UI – Scans, Reports, Assets, Users, etc. These appear in VM and PC to help guide you and provide shortcuts.

 

Here are a few examples:

 

GettingStartedTutorials1.png

 

Here is a look at the Users section:

GettingStartedTutoria2.png

 

 


 

Forgot Password Workflow: Can’t  remember your password? No problem. We’ll help you get a new password in just a few steps. Simply click the Forgot Password link, give us your email address and follow the instructions.

 

ForgotPassword1.png

 

 

This release introduces secret questions to help you when you forget your password. Go to the Security section in your user account and choose three secret questions and answers.

 

ForgotPassword2.png

 

 

We’ve moved the VIP two-factor authentication and Change Password options to a new Security section. Managers and Unit Managers will see this when editing another user’s account.

 

VIPSecurity1.png

 

 


 

Expired Password Options: Managers can set new options for expired passwords:

  1. notify users when their password is going to expire
  2. prompt users to change their password at login after it has expired.

 

ExpiredPassword1.png

 

ExpiredPassword2.png

 

 


 

Ability to Delete Empty Networks: Managers can now delete empty networks from the subscription. A network is empty if it does not have scanner appliances, associated asset groups, scheduled tasks or hosts with scan data. If the network has any account data associated with it, then it cannot be deleted from the UI. You also can’t delete networks if the subscription All group is assigned to any business units or sub-users.

 

DeleteEmptyNetwork1.png

 

 


 

Cisco IOS Authentication – Support for Cyber-Ark PIM Suite Vaults: This release introduces the ability to use your Cyber-Ark PIM Suite password vault when authenticating to Cisco IOS devices. Note – We already support Cyber-Ark vaults for other technologies, including Unix and Windows.

 

Cyber-Ark1.png


 

Run Scheduled Reports on Demand: You can now run scheduled reports as needed instead of waiting for the next scheduled launch time.

 

RunScheduleReportsOnDemand1.png

 

 


 

Download Email List from Distribution Group: You can now easily download the list of members assigned to a distribution group so you can verify the list easily outside of Qualys.

 

DownloadEmailList1.png

 

 


 

General UI Improvements: A number of improvements have been made to make Qualys 8.3 easier to use. Throughout the UI you’ll notice an improved list selector. For example, when assigning asset groups to a user, you’ll now see:

 

UIImprovements-EasierSelect.png

 

 

Use the Search field to quickly find asset groups and add them to the user’s account. Just start typing the asset group name and we’ll show you matches. Then add all matches with one click.

 

UIImprovements2.png

 

 

You’ll see these improvements when searching the KnowledgeBase and when selecting list criteria for your dynamic search lists.

 

KnowledgeSearch1.png

 

 

It’s easier to select multiple items. Just start typing or select from a drop-down. Also, you can now choose multiple categories where you were previously limited to one. We’ll use OR logic when multiple items are selected. For example, CGI OR Web server OR Windows.

 

KnowledgeSearch2.png

 

 

The Vendor and Product fields are now tied to each other. If you pick Adobe from the Vendor list, you’ll only see Adobe products in the Product list. If you select more than one vendor, like Adobe and Microsoft, then you’ll see products for both.

 

KnowledgeSearch3.png

 

 


 

New Authentication Vault API: The new Authentication Vault API (/api/2.0/fo/vault) allows you to manage authentication vaults for authentication records that use them. Using this API you can list vaults, create new vaults, update and view vault settings, and delete vaults.  For more details, see the Qualys Cloud Suite 8.3 API Release Notification.

 

 

 

Vulnerability Management (VM)

More Date Filtering Options for Host-Based Scan Reports: With this release it’s easy to create scan reports with host-based findings within a specific timeframe. In the scan report template under Host Based Findings just choose the date range you’re interested in – starting on a specific date, or the date the report is run (today).

 

DateFiltereing-HostBased1.png

 

 

Additional Vulnerability Filters in Scan Reports: New vulnerability filters allow you to exclude certain vulnerabilities from your reports like vulnerabilities found on a port/service that isn’t running, and vulnerabilities that can’t be exploited because of a host configuration. Apply these filters to your scan reports, patch reports and scorecard reports.

 

 

 


 

Vulnerability Scorecard Report – New Vulnerable Hosts per Severity: The Vulnerability Scorecard Report now shows you the number of hosts affected by the vulnerability severities (Level 5, 4, 3).

 

 

 


 

Remediated Vulnerabilities Report – Improvements:  This report tells you about vulnerabilities that have been remediated in your account within the last 30 days. We’ve made improvements to the report for this release. We’ll always show the full date range for the report, even if there are no remediated vulnerabilities for the selected hosts.

 

 

 

 

Policy Compliance (PC)

Introducing Control Criticality: Control Criticality is a new feature in Policy Compliance that provides ratings for controls, including the ability to customize ratings at the control level and at the policy level. When enabled, you’ll see criticality wherever control details appear – in the controls list, in your policies and reports.

 

 

 

Customizing Control Criticality in a control:

 

 

 

Customizing Control Criticality within a Policy:

 

 

 

You can also customize the labels associated with the different control criticality levels:

 

 

 

You’ll see criticality in the Control Statistics table (as shown below) and in the Detailed Results section where control details appear.

CriticalityInReport1.png

 

 

 

We’ve also added 2 new pie charts to your policy report to show the number of passed and failed controls at each criticality level. Controls without a criticality level are counted as “Undefined”.

 

CriticalityPie1.png

 

 

 

You can also filter your reports by Criticality:

 

FilterByCriticality1.png

 

 


 

New Windows Directory Search UDC: This release introduces a new User Defined Control (UDC) called Windows Directory Search Check. Configure this control to find files and directories that match certain parameters (name, permissions, etc). You’ll tell us where to search and what you’re looking for, and we’ll return a list of matches in your scan results.

 

 

 

You can specify directories, recursion depth, and filename patterns as well as user and permission information to look for:

 

 

 


 

Policy Report – Hostnames Appear in PDF Bookmarks: The list of bookmarks in your PDF policy reports will now include the hostname for each host. Click any bookmark to jump directly to the host details in the report.

 

 

 


 

Control Technologies and Frameworks in Alphabetical Order: You’ll see that the technologies and the frameworks listed in the Control Information page are now in alphabetical order, making the information you want easier to find.

 

 

 

 

Release Schedule

 

For release notifications containing details specific to each platform, including the release date, and to subscribe to release notifications for your platform, please see the following:

 

This new release of the Qualys Cloud Suite of Security and Compliance Applications includes multiple improvements to Vulnerability Management and Policy Compliance designed to improve ease of use, add reporting options and features, and expand platform support including compliance scanning for Amazon EC2.

 

Feature highlights include:

  • Asset Tag Support in Remediation Policies in Vulnerability Management
  • Policy Library and Reporting Improvements in Policy Compliance
  • Compliance Scanning support for Amazon EC2 in Policy Compliance
  • Several core improvements including:
    • New Authentication Dashboard with drill down support
    • Account Activity page
    • Customizable report footers
    • Improved date picker
    • Notification improvements
    • Platform support for Microsoft IIS 8

 

Qualys 8.2 will be released in production in October 2014 depending on the platform.  Details about the release schedule are at the end of this blog post.

 

 

Vulnerability Management

 

Asset Tag Support in Remediation Policies:  With Qualys 8.2 Vulnerability Management, you can now use tags in a remediation policy rule to tell us which hosts the rule applies to.  We’ll evaluate the policy rule against scan results for the hosts that match your tag selection.

 

 

 

Use IP Network Range Tags Option: Like with scans, this option lets you select tags with IP address rules. For each tag you select, we’ll include the entire IP range (or IP ranges) defined in the tag rule, and we’ll evaluate the policy against any scanned host in the IP range(s).

 

 

Policy Compliance (PC)

 

Import Locked Policies as Unlocked: In previous versions of Qualys Policy Compliance, the locked state of a policy could not be changed on import. As a result, the library contains Locked and Unlocked versions of the policies.

 

With Qualys Policy Compliance 8.2, you can now select a locked policy in our Library and import it as unlocked. This makes the policy completely editable – you’ll be able to add/remove controls, change control values, add technologies, etc.  We will soon be revising the content in the policy library to take advantage of this new feature.  This will make it easier to find the policies you are interested in as our policy library expands.

 

 

 

You’ll notice that the policy is saved to your policies list as unlocked (you won’t see a lock icon).

 

 

 

Policies added to Asset Group Information: With Qualys Policy Compliance 8.2, it is now easier to see which policies are associated with an asset group.  When you view asset group information, we’ll now show you all the policies the asset group belongs to.

 

 

 

Launch Scans in your Amazon EC2 Environment: We now support launching EC2 compliance scans on your Amazon EC2 hosts (in your Amazon Web Services account). The Amazon EC2 Scan workflow using Qualys is pre-authorized by AWS.  The feature must be enabled in your account, please visit the release notes for prerequisites and additional details about this exciting new feature.

 

 

 

SCAP Policy Report in CSV Format: We’ve added the ability to generate SCAP policy reports in CSV format for customers that prefer to import the data to external systems or to open the data in spreadsheet format. SCAP policy reports were previously only available in XML format.

 

 

 

Below is a sample CSV report. The scan result details section shows the compliance posture for each rule on each host included in the report. Other sections show host statistics and rule statistics.

 

 

 

Qualys Cloud Platform

 

New Authentication Records Dashboard: We’ve added a new dashboard to the authentication records list with search and filter options that make managing your authentication credentials easier than ever.

 

Use the dashboard to quickly:

  • Find credentials not used in the last 30 days
  • Find credentials failing more than 50% of the time (Failing)
  • Find credentials failing more than 25% of the time (Problematic)
  • Find credentials stored in a password vault
  • Search for records by type, network, title, IP address, vault
  • Drill down into record details to see pass/fail authentication status for your hosts

 

 

 

Drill-down into the details:  For any record click the Details link to get information like the pass/fail authentication status for each host in the record.  You can also remove hosts from the record and download the list in various formats, including CSV, MHT, ZIP and XML.

 

 

 

View Account Activity: We’ve added a new Account Activity page to help you identify unusual or unauthorized account access. You’ll also have the ability to sign out of other active sessions. We’ll show you when each session was created and the IP address from which the session was established.

 

 

 

New Scan Complete Notifications:  You can now have an email notification sent to distribution groups when your scheduled scan is finished and the results have been processed. Keep in mind that your distribution groups may include email addresses for users in the subscription and for users outside of the subscription.

 

 

 

You can also have a scan complete notification sent to distribution groups when your on-demand scan is finished and the results have been processed. On the Launch Scan page, scroll down to the Notifications section and complete the form.

 

 

 

Add a Custom Footer to Your Reports: You can now add custom text to the footer section of your reports. For example, you may want to include a disclosure statement or data classification (e.g. Public, Confidential) in this section.

 

 

 

Asset Group ID added to the Asset Groups List: You can now show each asset group’s ID directly in the asset groups list (Assets > Asset Groups). In previous releases, the ID appeared only in the Asset Group Information page.

 

 

 

MS IIS 8.x Platform Support: We have extended our support for MS IIS authentication to include MS IIS version 8.x (6.0 and 7.x are already supported).

 

 

 

 

Improved Date Picker:  When specifying a timeframe using “Within the Last N days” you can now enter a value directly into the field instead of picking a set value from the drop-down. This gives you greater flexibility since you can enter values that aren’t in the list. You can also type values like “last 99 days” and “previous quarter” directly into date fields.

 

Here are a few examples.

image-17.png    image-18.png

 

Release Schedule

 

For details about the release dates for specific platforms and to subscribe to release notifications by email, please see the following:

 

A new release of Qualys, Version 8.2, includes an API update which is targeted for release in October 2014.

 

This API notification provides an early preview into the coming API changes in Qualys 8.2, allowing you to proactively identify new opportunities to automate your Qualys service or to integrate with other applications.  Qualys 8.2 includes some modifications to existing APIs that required 30 day notification that can be viewed at Qualys 8.2 API Release Notification.

 

Please review the attached document below for more details about the 8.2 API Features.

 

Full release notes will be available to customers on the day of the release.

 

API Enhancements

Manage Excluded Hosts via API: You can now manage IP's in the global exclusion list via the API.  This will allow you to sync data with external systems such as CMDB's to identify hosts to exclude from scans.

 

Update Asset Groups Assigned to Compliance via API: You can now manage asset groups assigned to Qualys Policy Compliance (PC) policies via the API.  This allows customers to sync Qualys policy assignments to align with internal systems such as risk management systems.

 

Access Audit Scan Times and Live Hosts per Scan Level via API: The scan list v2 output now tells you the duration for each scan, the time it took for the scan to complete, in the new DURATION elements. This helps you to audit scan times. You’ll see scan duration for vulnerability scans (using/api/2.0/fo/scan/?action=list) and compliance scans (using /api/2.0/fo/scan/?action=list). Any scan that is not finished (for example in the queued or running state) will have its duration set to “Pending”.

 

Network ID Attribute Added: We've added the attribute "network_id" to network elements in the scheduled scans v1 output returned by the Scheduled Scans v1 API.

 

Max Capacity Units available via API: We've added the MAX_CAPACITY_UNITS element in the Scanner Appliance List v2 API allowing you to determine percentage of capacity available programmatically.

 

Manage VLANs and Static Routes for Virtual Appliances: You can now manage your VLANs and static routes for virtual scanner appliances via the Scanner Appliance v2 API.

 

Show Asset Group ID's in CSV:  Now you can easily find the IDs for your asset groups in the CSV report output.

 

Include "Vulnerability Severity" in detection API Output: We’ve added the vulnerability severity level to the XML output returned by the Host Detection API v2.

 

Policy Compliance - Support for EC2 Scanning:  Now we support launching EC2 compliance scans on your Amazon EC2 hosts (in your Amazon Web Services account) using the PC Scan API v2.

 

 

What is the <baseurl>?

This is the API server URL where your Qualys account is located. For an account on US Platform 1, this is <qualysapi.qualys.com>; on US Platform 2, this is <qualysapi.qg2.apps.qualys.com>; on EU Platform, this is <qualysapi.qualys.eu>.

A new release of Qualys, Version 8.2, is scheduled to be released in production on the Qualys US Platform 2 on Tuesday, October 21, 2014 between 12 PM PDT (19:00 UTC) and 6:00 PM PDT (01:00 UTC next day).

 

The deployment is completely transparent to users and will require no downtime.

 

Release Details:

  • Qualys version 8.2 core features include New Authentication Dashboard with drill down support, Account Activity Page, Customizable Report Footers, Improved date picker, Notification improvements, Platform support for Microsoft IIS 8
  • Qualys VM version 8.2 includes Asset Tag Support in Remediation Policies in Vulnerability Management
  • Qualys PC version 8.2 includes Policy Library improvements, Reporting improvements, Compliance scanning support for Amazon EC2.
  • API enhancements include addition of several attributes, Manage excluded hosts, VLAN and static route management, and EC2 support for Compliance.

 

See  Qualys 8.2 New Features and Qualys 8.2 API Release Notification 2 for more details.

 

To continue to receive notifications by email, please subscribe at US Platform 2.