QualysGuard 6.22: October 4, 2011

Blog Post created by malderman on Sep 20, 2011

A new release of QualysGuard®, Version 6.22, will be available in production on Tuesday, October 4th 2011. This release is completely transparent to users and will require no scheduled downtime. The release will occur between 12 PM PDT (19:00 GMT) and 6 PM PDT (01:00 AM GMT next day).


QualysGuard 6.22 includes the following enhancements:

QualysGuard Enhancements:

  • Exclude Hosts per Scan: QualysGuard 6.22 introduces the ability to exclude hosts on a per scan basis. Any user with scanning privileges can exclude hosts this way. This feature is supported for all IP-based scans, including vulnerability scans, compliance scans and FDCC scans.  When launching or scheduling a scan, enter the scan target in the Target Hosts section, and then enter the IP addresses/ranges you want to exclude from the scan in the Exclude IPs/Ranges field.

Exclude Hosts per Scan.png

QualysGuard Vulnerability Management Enhancements:

  • Improved VM Dashboard: With QualysGuard 6.22, an improved Vulnerability Management (VM) Dashboard is now available in the New UI. The VM Dashboard provides a one-page summary of your overall security posture.

VM Dashboard.PNG

  • Improved Oracle Patch (OPatch) Detections: OPatch is an Oracle-supplied utility that helps Oracle users apply and rollback patches for Oracle software. QualysGuard 6.22 provides the option to use the OPatch utility to obtain Oracle patch information during Oracle authenticated scans on Unix hosts.  To enable OPatch, create/edit an Oracle authentication record and provide the proper OPatch parameters:


  • Patch Report Enhancements: With QualysGuard 6.22, the patch report template includes two new enhancements:
    1. The ability to specify how you want the patch severity calculated.
      Patch Severity.png
    2. The ability to selectively filter patches.
      Selective Patch Filtering.png
  • Published Date Added to KnowledgeBase: The KnowledgeBase includes a new column in QualysGuard 6.22 that shows the published date for each vulnerability. The published date is the date the vulnerability was added to the KnowledgeBase.

Published Date - Knowledgebase.pngThe search criteria has also been updated to include the published date for vulnerabilities:Published date - Search.png

QualysGuard Policy Compliance Enhancements:

  • PC Dashboard: QualysGuard 6.22 introduces a Policy Compliance (PC) Dashboard in the New UI. The PC Dashboard provides a one-page summary of your overall compliance status across all policies in your account.

PC Dashboard.png

  • Policy Summary Report: QualysGuard 6.22 also introduces a new Policy Summary report in the New UI.  The new Policy Summary provides a one-page summary of your compliance status for a specific policy. You can view the Policy Summary from the Reports section (Reports > Policy Summary) or link to it from the PC Dashboard (double-click any policy title under Top 5 Passing/Failing Policies).

Policy Dashboard.png

  • Policy Import/Export: QualysGuard 6.22 introduces the ability to import a compliance policy into your account from an XML file and export a compliance policy from your account to an XML file.  To import a policy directly into your account from an XML file, select New >Import Compliance Policy >Import from XML file from Policies:

Policy Import - Large.pngTo export a policy from your account, select the policy and click Export:Policy Export - Large.png

QualysGuard API Enhancements:

  • Exclude Hosts per Scan: With the introduction of the Exclude Hosts per Scan feature in QualysGuard 6.22, the scan.php V1 API and scheduled_scans.php V1 API have been updated to support a new, optional input parameter: "exclude_ip_per_scan".  This parameter takes a comma seperated list of IP addresses/ranges.  In addition, two new V2 APIs have been created to support this new feature:
    1. Excluded Hosts List (api/2.0/fo/asset/excluded_ip/?action=list) allows API users to request a list of excluded hosts.
    2. Excluded Hosts Change History (api/2.0/fo/asset/excluded_ip/history/?action=list) allows API users to request the change history for excluded hosts in the user’s subscription.
  • Asset Group Filtering for Policy Reports: With QualysGuard 6.22, the launch report V2 API (api/2.0/fo/report/?action=launch) has been updated to support a new, optional input parameter: "asset_group_ids".  This parameter takes a comma seperated list of Asset Group IDs.


Full release notes will be available to customers from within the Resources section of your QualysGuard account. To receive more information on QualysGuard 6.22, please visit the Qualys Community at or contact your Technical Account Manager or Qualys' Technical Support Department at