A new release of QualysGuard®, Version 6.22, will be available in production on Tuesday, October 4th 2011. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PDT (19:00 GMT) and 6 PM PDT (01:00 AM GMT next day).
QualysGuard 6.22 includes the following enhancements:
- Exclude Hosts per Scan: QualysGuard 6.22 introduces the ability to exclude hosts on a per scan basis. Any user with scanning privileges can exclude hosts this way. This feature is supported for all IP-based scans, including vulnerability scans, compliance scans and FDCC scans. When launching or scheduling a scan, enter the scan target in the Target Hosts section, and then enter the IP addresses/ranges you want to exclude from the scan in the Exclude IPs/Ranges field.
QualysGuard Vulnerability Management Enhancements:
- Improved VM Dashboard: With QualysGuard 6.22, an improved Vulnerability Management (VM) Dashboard is now available in the New UI. The VM Dashboard provides a one-page summary of your overall security posture.
- Improved Oracle Patch (OPatch) Detections: OPatch is an Oracle-supplied utility that helps Oracle users apply and rollback patches for Oracle software. QualysGuard 6.22 provides the option to use the OPatch utility to obtain Oracle patch information during Oracle authenticated scans on Unix hosts. To enable OPatch, create/edit an Oracle authentication record and provide the proper OPatch parameters:
- Patch Report Enhancements: With QualysGuard 6.22, the patch report template includes two new enhancements:
- Published Date Added to KnowledgeBase: The KnowledgeBase includes a new column in QualysGuard 6.22 that shows the published date for each vulnerability. The published date is the date the vulnerability was added to the KnowledgeBase.
QualysGuard Policy Compliance Enhancements:
- PC Dashboard: QualysGuard 6.22 introduces a Policy Compliance (PC) Dashboard in the New UI. The PC Dashboard provides a one-page summary of your overall compliance status across all policies in your account.
- Policy Summary Report: QualysGuard 6.22 also introduces a new Policy Summary report in the New UI. The new Policy Summary provides a one-page summary of your compliance status for a specific policy. You can view the Policy Summary from the Reports section (Reports > Policy Summary) or link to it from the PC Dashboard (double-click any policy title under Top 5 Passing/Failing Policies).
- Policy Import/Export: QualysGuard 6.22 introduces the ability to import a compliance policy into your account from an XML file and export a compliance policy from your account to an XML file. To import a policy directly into your account from an XML file, select New >Import Compliance Policy >Import from XML file from Policies:
QualysGuard API Enhancements:
- Exclude Hosts per Scan: With the introduction of the Exclude Hosts per Scan feature in QualysGuard 6.22, the scan.php V1 API and scheduled_scans.php V1 API have been updated to support a new, optional input parameter: "exclude_ip_per_scan". This parameter takes a comma seperated list of IP addresses/ranges. In addition, two new V2 APIs have been created to support this new feature:
- Excluded Hosts List (api/2.0/fo/asset/excluded_ip/?action=list) allows API users to request a list of excluded hosts.
- Excluded Hosts Change History (api/2.0/fo/asset/excluded_ip/history/?action=list) allows API users to request the change history for excluded hosts in the user’s subscription.
- Asset Group Filtering for Policy Reports: With QualysGuard 6.22, the launch report V2 API (api/2.0/fo/report/?action=launch) has been updated to support a new, optional input parameter: "asset_group_ids". This parameter takes a comma seperated list of Asset Group IDs.
Full release notes will be available to customers from within the Resources section of your QualysGuard account. To receive more information on QualysGuard 6.22, please visit the Qualys Community at https://community.qualys.com or contact your Technical Account Manager or Qualys' Technical Support Department at firstname.lastname@example.org.