Qualys TotalCloud 2.21.0 Release Updates
The Qualys TotalCloud 2.21.0 version introduces new capabilities, features, and updates. The release is expected to be available by mid-January 2026.
Cloud Connector Enhancements
Enhanced Organization Connector Deployments
We have further simplified the Organization Connector onboarding by making it easier to deploy cloud permissions. With this release, we have added support for quick deployment of the Connector using CloudFormation launch stacks and Terraform templates:
- AWS Organization Connector: Leverage a quick AWS Launch Stack for faster, seamless setup of AWS IAM Role across multiple accounts of the organization.
- Azure and GCP Organization Connector: Download and run Terraform templates to deploy the Azure App Registration and GCP Service Accounts.
These ready-to-use, downloadable templates enable customers to onboard their entire cloud organizations more efficiently, minimizing manual configuration steps and accelerating time-to-value.
Organization Connector Polling Frequency
We recognize that cloud accounts are not deployed hourly or daily in most organizations. To minimize unnecessary API calls and enhance performance, we have adjusted the default polling frequency for Cloud Organization connectors.
- Existing Connectors: Automatically updated to a 1-day polling interval to avoid unnecessary API calls and streamline operations.
- New Connectors: Default polling frequency set to 7 days (recommended), reducing API usage even further.
You can also use the option to manually run organization connectors on demand as needed.
This optimization reduces cloud provider API consumption while ensuring effective security monitoring and compliance across your cloud environments.
CSPM Enhancements
New Connectors to GitHub for IaC Inventory
We are excited to introduce a new connector integration for GitHub, delivering instant visibility into your Infrastructure-as-Code (IaC) files hosted on the platform. Simply deploy a personal access token, configure it in the Qualys GitHub Connector, and start uncovering IaC insights within minutes.
- Comprehensive IaC Discovery: Seamlessly connect to GitHub repositories to scan, index, and inventory Infrastructure-as-Code (IaC) files directly within Qualys TotalCloud.
- Eliminate Security Blind Spots: Achieve complete visibility into code-based configurations, enabling you to track IaC changes, identify who made them, and monitor when they occur.
- Unified Risk Correlation (Coming Soon): Future updates will correlate IaC findings with other Qualys integrations, providing a holistic view of security across your cloud and development environments.
Granular Policy Selections for Focused CSPM Compliance
Qualys TotalCloud CSPM now helps you to customize out-of-the-box policies with granular control, enabling you to tailor them to your specific needs. You can edit policies to include or exclude specific cloud connectors and accounts, tailoring assessments to your organization’s unique priorities and scope.
With this flexibility, you can focus security efforts on high-impact areas, thereby minimizing unnecessary noise from irrelevant assets.
Key Benefits
- Focused Security Posture: Customize policies to prioritize the most critical cloud assets.
- Efficient Resource Management: Reduce the scope of scans to avoid unnecessary overhead and improve performance.
- Enhanced Compliance: Tailor policies to meet specific regulatory requirements and compliance standards.
AWS AMI Inventory Enhancements
To further strengthen shift-left vulnerability management in AMI Scan, the new updates help to clearly distinguish between used and unused Amazon Machine Images (AMIs) across your AWS environment.
- Improved Resource Optimization: Quickly identify and clean up unused AMIs to reduce storage costs and minimize your overall attack surface.
- Focused Compliance and Vulnerability Management: Prioritize remediation by fixing vulnerable AMIs that are currently in use first, ensuring critical systems are protected before addressing unused images.
CSPM Control Enhancements
Deprecated Controls
When cloud providers deprecate specific services or features, the corresponding Qualys CSPM controls are also deprecated to maintain alignment. This ensures your compliance posture accurately reflects the current state of your cloud environments, eliminating outdated or irrelevant findings.
For more information on impacted controls, refer to the control metadata for: AWS | Azure | GCP | OCI
Key Benefits
- Enhanced Accuracy: Eliminates false positives and reduces noise in reports by removing checks for cloud features or configurations that are no longer supported or relevant.
- Streamlined Policy Management: Reduces the operational overhead of maintaining obsolete rules, allowing teams to focus their remediation efforts on active and valid security risks.
| Cloud Platform | Deprecated Control | Reason for Deprecation |
| Azure | 50054 – Ensure that logging for Azure KeyVault is enabled | Given the presence of an alternative control, CID 50075 (“Ensure that diagnostic settings for Azure KeyVault are set to ON“), the specified control is now deprecated. Additionally, control 50075 aligns with CIS recommendations. |
| AWS | 98 – Ensure that the Lambda Function is not using an IAM role for more than one Lambda Function | Due to technical constraints in AWS Cloud REST APIs, we can not retrieve all Lambda functions at once; instead, we check them individually. Because this control requires a full list of both roles and Lambda functions to work, it is being deprecated. |
New Controls and Title Updates
We continuously monitor for new security controls across cloud platforms. In this release, we have added approximately 21 new security controls for AWS and several for OCI.
Additionally, we have refined the control titles for AWS, Azure, and GCP to follow a clearer and more consistent format, helping your teams quickly understand and remediate issues.
For ongoing updates on these control changes, refer to the TotalCloud Release Notes for version 2.21, which will be published soon on the Qualys Product Release Notes page.
Comprehensive Attack Path for AWS TruRisk™ Insights
We now provide full attack path visibility across all 100+ AWS TruRisk Insights, empowering you to gain a deeper understanding of potential vulnerabilities and risks in your AWS environment.
Key Benefits
- Holistic Risk Visibility: Uncover complete attack paths for every AWS Insight, enabling you to identify and prioritize critical vulnerabilities with precision.
- Proactive Threat Mitigation: Gain actionable insight into how threats can propagate, enabling you to address risks before they are exploited.
- Extensive Service Coverage: Includes a wide range of AWS services such as EC2 Instances, Lambda, S3, RDS, EKS, and more, ensuring comprehensive protection.
CDR Enhancements
Enhancements to CDR Dashboard Widgets
The dashboard widgets shown in the summary section, including Severity, Clouds and Containers, Last 7 Days Threats, and Top 10 Assets with Threats, are now fully interactive.
This enhancement provides a more streamlined workflow, allowing security teams to quickly drill down from high-level metrics to detailed asset information with a single click, significantly reducing the time required to investigate and respond to potential threats.
Enhanced Visibility to Threat Detections
CDR now supports a Group By dropdown for container findings. It includes grouping by Resource, Remote IP, Cloud Identifier, Cloud Provider, Category, and Cluster, enabling more detailed views and clearer mapping of container-specific threats.
We have also introduced the Last Event column under the detections tab, offering insights into the latest threat activity.
- The Last Event information is available when customers select “Resource” in the Group By dropdown, ensuring it appears only in the most relevant context.
- Shows when each resource was last detected with potential threats, helping users quickly understand activity timelines.
This enhancement empowers security teams to prioritize their investigation efforts based on threat recency, enabling faster response times and more effective threat management across your cloud infrastructure.
What’s Next
- Learn more about TotalCloud™ CNAPP, the Risk-minded CNAPP
- Click here to get online help on TotalCloud, Connectors, TotalCloud API User Guide
- Check out the How-to Training Videos
If you have any questions, please contact your Technical Account manager (TAM) or Qualys Technical Support.