New Release Notification
A new release of QualysGuard® 6.10 is now available and will be released to you in production on February 19, 2010. This release requires a 12-hour downtime starting on February 18, 2010 at 2:00 PM PST (22:00 GMT).
Please note that Qualys will release two packages at the same time, so the QualysGuard version will be updated from 6.8 to 6.10.
We are constantly working on improving QualysGuard and have included the following enhancements and features in this 6.10 update:
Vulnerability Management Highlights
- New Bookmarks in PDF Scan Reports: New bookmarks in PDF vulnerability scan reports provide a convenient outline of report contents. Using these bookmarks you can easily browse through reports. The PDF bookmarks appear in all vulnerability scan reports, including vulnerability scan results.
- Asset Search Update: Search for Hosts with up to 20 QIDs. Using the Asset Search portal, you now have the ability to select up to 20 QIDs to find hosts with one or more of the vulnerabilities.
- Asset Search Update: Search for Hosts with Hostnames. Using the Asset Search portal, you now have the option to search for hosts in your account with scan data and hostnames that are not empty.
- Map Results in CSV: Discovery Methods Delimited by Semi-Colon. With this release, when you download map results in CSV format, the discovery method elements are delimited by semi-colons.
- Configure Timeframe Used to Display Tickets List: A new option has been added to Remediation Setup to enable you to specify the period for which remediation tickets are displayed. The initial setting is 30 days. You can change this setting to show tickets for the past 30 days or 180 days.
- Scheduled Scans: Time zone now has support for 30 and 15 minutes offsets, and the maximum Cancel/Pause duration has been increased to 120 hours.
Policy Compliance Highlights
- User-Defined Controls - New File Integrity Check Control: The new file integrity check control enables you to monitor changes to individual files on your network.
- User-Defined Controls - Support for Additional Technologies: In this release technologies have been added to both the Windows and Unix custom controls. For instance, Windows 7, Oracle Enterprise Linux 4&5, CentOS 4&5, VMWare ESX Server 3&4 are now supported.
- Run Policy Reports for Selected Asset Groups: An enhancement to Policy Reports gives you the option to report on all asset groups in the selected policy or only on specific asset groups.
- Scanning Multiple Oracle Instances on a Single Host and Port: Updates were made to the Oracle authentication feature to allow users to perform compliance scans on multiple Oracle instances on a single host and port combination.
Policy Compliance Highlights: Introduction of SCAP/FDCC capabilities
- The QualysGuard® Federal Desktop Core Configuration (FDCC) Module is the first certified cloud based computing solution for Federal Desktop Core Configuration compliance, an OMB (U.S. Office of Management and Budget) mandate.
- The QualysGuard® FDCC Module supports the following SCAP content:
- Windows XP
- Windows XP Firewall
- Windows Vista
- Windows Vista Firewall
- Internet Explorer 7
QualysGuard API Enhancements
- API V2 Supports Authentication using HTTP Basic Authentication and Session Based Login: When calling the V2 API functions, users now have the option to choose session based authentication using login and logout operations, or basic HTTP authentication using credentials passed with each request.
- CVSS Submetrics Added to Knowledgebase Download API: The knowledgebase download API function (knowledgebase_download.php) now returns CVSS submetrics in the XML output upon user request when the CVSS scoring feature is enabled for the user account. The knowledgebase download output DTD (knowledgebase_download.dtd) has been updated.
- Asset Search API Supports Searching up to 20 QIDs: The asset search API function (asset_search.php) now supports searching up to 20 QIDs in one search request.
- Updates to Oracle Authentication API: The Oracle Authentication API allows users to perform compliance scans on multiple Oracle instances on a single host and port combination. A new parameter is available for creating/updating Oracle records when the compliance module is enabled.
- Bug Fix for Asset IP List Output: A bug fix was made to the asset IP list output returned from the asset IP list API function (asset_ip_list.php). A spelling error appeared in an element name in a certain use case. The asset IP list output DTD (asset_ip_list.dtd) did not change.
- New Element Added to About Output DTD: A new element
< cluster-id > cluster-id >was added to the XML output returned from the about function (about.php). The about output DTD (about.dtd) was updated.
Full release notes for this release will be available to customers from within the Resources section of your QualysGuard account. To receive more information on QualysGuard 6.10, please contact your Technical Account Manager or Qualys' Technical Support Department at firstname.lastname@example.org. We also invite you to attend the web based training sessions focused on this release.
We thank you for your continued support and look forward to continuously improving our services.
Qualys Customer Advocacy Group