March 2021 Release: Database Assessment Using OS Authentication Records, Agent Support for Database Assessments, and More
Last updated on: March 23, 2021
The Qualys Cloud Platform March 2021 release includes Qualys Cloud Suite 10.9.0.0 that contains new features and important enhancements in Policy Compliance.
Compliance assessment of databases on scanner and agent using OS authentication records
The 10.9.0.0 release enables you to assess databases using scanners and Cloud Agent without requiring database authentication records.
Qualys Policy Compliance will now provide failover assessment using OS-based instance data collection, in the absence of DB authentication records for the following databases:
- MongoDB 3.x and 4.x
- MySQL 5.x and 8.x
- Oracle 12c, 18c, 19c
- Microsoft SQL Server 2012, 2014, 2016, 2017, 2019
Support for technology instance data collection using OS authentication records
With the 10.9.0.0 release, you can enable data collection on technology instances in your environment by using the underlying OS authentication records without creating an authentication record for the technology instance.
Qualys Policy Compliance now adds support for the Oracle Java SE Runtime Environment (JRE) 8 instances.
Support added to exclude asset tags from compliance policies
Earlier, users could include asset tags in compliance policies by adding tags in the policy in the Policy Editor. With this release, Policy Compliance allows users to exclude asset tags from their policies in the Policy Editor.
You can now precisely select assets by using a combination of the All and Any values provided for including and excluding hosts using tags. If you select Any, hosts that are tagged with any one of the specified tags will be excluded from the report. If you select All, hosts that are tagged with all of the specified tags will be excluded.
You can include or exclude asset tags in the policy or before running a report. With this new feature, you have more control over the scope of assets that are assessed for a specified policy and ensure that your scans and reports are always synchronized with your dynamic business environment.
Is there any source that has the details of the database information that can be collected?