Qualys TotalCloud 2.22.0 Release Updates
The Qualys TotalCloud 2.22.0 version introduces new capabilities, features, and updates. The release is expected to be available by mid-March 2026.
Risk Prioritization
GCP Insights and Attack Path
Qualys now extends Risk Prioritization capabilities to Google Cloud Platform (GCP), empowering our customers to pinpoint and address the most critical risks in their GCP environment.
TruRisk Insights aggregates risk factors across multiple scans, including vulnerabilities, misconfigurations, and threats, to deliver a prioritized, actionable view of your highest-impact risks. Complementing this, Attack Path adds critical context, including internet exposure, blast radius, and environmental dependencies, helping you understand why a risk matters and how it could propagate across your environment.
This feature is currently released to a limited number of users. If you are interested, please contact the customer service team via a support ticket.
CWP Enhancements
On-Demand Scan for Azure Snapshot
We extend Azure agentless snapshot-based scanning to support on-demand execution, reducing operational overhead and avoiding disruptions to running workloads. This lets you instantly validate your security posture immediately after configuration changes or post-incident, ensuring risks are caught before they escalate.
Key Benefits:
- Run when you want to assess, on change, on event, on detection, all possible.
- Reduces agent management costs and complexity.
Scan Windows OS Machines on Azure using Agentless Snapshot-Based Scan
We extend agentless protection to Windows Operating Systems running on Azure hosts, detecting OS-specific vulnerabilities such as missing patches and insecure application deployments, critical for legacy or locked-down systems.
Existing users who have deployed Snapshot-Based Scan for Azure will automatically get extended to Windows OS.
Key Benefits:
- Eliminates blind spots in Windows-centric environments.
- Ensures comprehensive coverage without additional agent overhead.
Support Bicep for the Deployment of Azure Snapshot Scan
We are expanding deployment options for Azure Agentless Snapshot-Based Scan by introducing support for Bicep templates.
Leveraging Bicep, a native infrastructure-as-code (IaC) tool by Azure, you can now define and provision all necessary cloud resources for snapshot scanning directly within your infrastructure templates. This approach integrates security seamlessly into your Azure deployment workflows, making scan deployment part of your standard provisioning process rather than a separate manual step.
Key Benefit:
- Users have multiple options for using Terraform or Azure Bicep.
OAuth support for Snapshot Scan APIs
We support OAuth (Passwordless authentication) across the Qualys product ecosystem, and this enhancement now covers the support for OAuth-based authentication for the TotalCloud snapshot scan API.
This streamlined authentication process aligned with robust industry standards, reduces friction and improves the overall user experience, enhances security, simplifies access management, and enables seamless data exchange and collaboration across tools and platforms.
CSPM Enhancements
Ability to select the columns in the Inventory
Now you can tailor your TotalCloud Inventory experience with new column selection capabilities, displaying only the data fields most relevant to your workflow. Additionally, you can reduce visual clutter and focus on what matters, whether it is compliance status, risk scores, or location, all with just a few clicks. This is currently available for Virtual Machines resources.
Key Benefits:
- Focused Analysis: Eliminate distractions by hiding irrelevant columns, accelerating asset reviews.
- Personalized Workflows: Create saved views for different teams (e.g., SecOps vs. Cloud Ops) to streamline daily operations and reporting.
Compliance Trend on Dashboards
We are extending the compliance dashboard widgets to include a timeline view.
These timeline views/trends help visualize data across various metrics, enhancing your ability to monitor and analyze compliance and to highlight emerging patterns, risks, and opportunities. The trending widget provides insights to refine policies and ensure alignment with evolving cloud compliance standards, and helps you take the necessary actions based on trend results.
Manager users can configure trends on the widgets, allowing users to see trends over 90 days from the day of configuration, and every user of a customer subscription can see them. These widgets can now allow you to see configuration compliance trends over time, which you can filter based on:
- Policy name
- Compliance framework
- Selected controls
TotalCloud CNAPP Dashboard Template
With this release, we are introducing a unique CNAPP dashboard as a template under the TotalCloud product. This is our latest dashboard, built by cloud security analysts.
You can now gain instant, consolidated insights into your multi-cloud security posture with our new CNAPP dashboard template. This dashboard template puts your most critical security queries and detections at your fingertips, covering:
- Virtual machines with failed controls
- Assets with vulnerability scan enabled
- Resources with high TruRisk scores
- Risky identities
- Multi-cloud compliance metrics, etc.
You can also quickly identify and address critical security gaps across your cloud ecosystem with the new dashboard template.
CSPM Control Enhancements
Deprecated Controls
When cloud providers deprecate specific services or features, the corresponding Qualys CSPM controls are also deprecated to maintain alignment. This ensures your compliance posture accurately reflects the current state of your cloud environments, eliminating outdated or irrelevant findings.
For more information on impacted controls, refer to the control metadata for: AWS | Azure | GCP | OCI
| Cloud Platform | Deprecated Controls | Reason for Deprecation |
| Azure | 50093 – Ensure that Azure Application Gateway has the Web Application Firewall (WAF) enabled 50094 – Ensure that Azure Application Gateway allows TLSv1.2 or above | Azure has updated the API response, and the properties.webApplicationFirewallConfiguration has been removed from the response. |
| Azure | 50264 – Ensure that Virtual Machines are utilizing Managed Disks | Azure CID 50438 covers the required checks |
| Azure | 50247 – Ensure that Azure Event Grid Domain public network access is disabled | Azure CID 50300 covers the required checks |
| Azure | 50269 – Ensure that PostgreSQL server enables customer-managed key for encryption 50311 – Ensure that no PostgreSQL Databases allow ingress from (ANY IP) | Azure databases for PostgreSQL single server has been retired on the 28th of March 2025 and migrated to a flexible server |
| AWS | 457 – Ensure that Aurora Serverless AutoPause is enabled for the RDS cluster | AWS Support for Aurora Serverless v1 ended |
| AWS | 201 – Ensure RDS Instance should not have an Interface open to a public scope | AWS CID 77 covers the required checks |
| AWS | 199 – Ensure that access keys are not set up during initial user setup for all IAM users that have a console password | This was build-time control, deprecated based on AWS’s recommended use of programmatic access |
| AWS | 50225 – Ensure that Storage accounts disallow Blob public access | Attribute support is removed from Terraform “allow_blob_public_access” |
New Controls and Title Updates
We continuously monitor new security controls across cloud platforms. In this release, we have added approximately 19 new security controls for AWS, 21 for Azure, and several for GCP and OCI. We have also refreshed the control titles for a few AWS controls to align with the latest security checks being carried out.
For ongoing updates on these control changes, refer to the TotalCloud Release Notes for version 2.22, which will be published soon on the Qualys Product Release Notes page.
Cloud Detection & Response
Enhanced Container Runtime Detection & Event Control
This release enhances Cloud Detection & Response (CDR) with expanded runtime detection capabilities for containerized workloads. Our eBPF-based sensor now supports file-level runtime event monitoring, enabling real-time detection of file modifications, unexpected binary execution, and other suspicious activity inside running containers.
To improve operational efficiency, we’ve also introduced exception support for container runtime events. Security teams can now suppress approved or expected behaviors, reducing alert fatigue while maintaining strong detection coverage.
These improvements increase the fidelity of container runtime telemetry within CDR’s broader multi-signal detection strategy, spanning agent-based container insights, network/NDR telemetry, flow logs, and cloud control plane events. The result is higher-confidence detections, better signal-to-noise ratio, and more effective response to real runtime threats without disrupting operations.
Cloud Connector Enhancements
API Based Scan CloudFormation Template
The CloudFormation Template (CFT) is now natively integrated into the Cloud Connector wizard.
This means you can download and configure your scan triggers as part of the standard connector creation or update workflow, with confidence that you’re automatically deploying the latest template version.
REST APIs
We have expanded our REST API capabilities to improve scalability and multi-cloud management:
- Manage AWS Organization Connectors: Use REST APIs to programmatically set up, update, and manage them. This ensures consistent configurations across all accounts in your organization, reducing manual errors and enabling enterprise-scale management for organizations with 100+ AWS accounts.
- Filter Evaluations by Last State Updated Date: Retrieve evaluations for a specific timeframe using the “Last State Updated Date” parameter. This enables you to track changes (e.g., new vulnerabilities, resolved misconfigurations) over time, supporting incident response and compliance audits that require historical data.
- Handle Scaled Data (100K+ Records): Our v2 public APIs for inventory and evaluations now support datasets with over 10,000 records in a single API response, eliminating the need for multiple paginated requests. This is critical for large enterprises with extensive cloud footprints, ensuring you get a complete view of your environment in a single call.
- Consolidated CSPM Evaluations Across Accounts: Get CSPM evaluations across multiple cloud accounts in a single request. We have removed the mandatory
account IDparameter. This reduces API call volume by up to 70% for multi-account environments, accelerating data aggregation and simplifying cross-account reporting.
What’s Next
- Learn more about TotalCloud™ CNAPP, the Risk-minded CNAPP
- Click here to get online help on TotalCloud, Connectors, and TotalCloud API User Guide
- Check out the How-to Training Videos
If you have any questions, please contact your Technical Account manager (TAM) or Qualys Technical Support.