The Qualys Cloud Platform March 2022 releases include QWeb 10.18.0.0 and Portal 188.8.131.52, with various new features in VM, PC, and Unified Dashboard.
Qualys Cloud Platform
Enhanced Reporting for ‘Group By’ Vulnerabilities
Earlier for Group-by > Vulnerability reports, users had to refer to two separate downloaded reports for the QIDs/CVE IDs, and for the QIDs/CVE IDs with the corresponding asset IDs and asset names. This release consolidates these two reports and enables you to view the vulnerability data and the impacted asset IDs and asset names in one single report.
Additionally, the Download formats page has been newly added and is displayed when you click Download after selecting Group by : Vulnerability.
New Technology Support for OCA
Support for the following technology has been added for OCA:
- Extreme Networks VOSS 10.x
Qualys Policy Compliance
New PC User Interface with Enhanced Dashboarding and Posture Information
We are excited to announce the release of the new PC user interface! Qualys PC now has a revamped User Interface and enhanced dashboarding capabilities to help you with a faster and more dynamic way to visualize compliance and risk posture data.
The newly designed Dashboard is enhanced with customizable dynamic dashboards and widgets for visualizing and tracking security and compliance.
- Executive and operational dashboards
- Drill-down dashboards
The new dashboard enables you to visually monitor your oranization’s compliance by providing insights into:
- ‘Failure by Operating Systems’ to monitor the compliance posture at any time
- Compliance posture for top failing Controls organized by Category and Sub-Category
- Compliance posture by OS category and sub-category
The new Posture tab lets you switch between the Posture and the Asset modes. The Posture mode replaces the existing control view, while the Asset mode provides a list of assets that have posture data.
The new Posture tab helps you with:
- Faster data searches using QQLs
- Have access to failed controls posture for assets by last scan date
- Switch between the Assets and Controls view and drill down to a specific asset for granular information
- Pre-defined quick access cards to show overall compliance, failure by criticality
- View posture data grouped by Assets or Controls
- Second level of Group-by for technology, instances, assets, severities
- Drill-down posture details to quickly get to the most important assets
Note: Upon the completion of initial compliance data migration from the classic PC dashboard, the switch to the new UI will now be automatic and you don’t have to manually choose to switch to the new UI of Qualys PC.
Auto Discovery of IBM WebSphere Application Server Authentication Record on Windows
Starting this release, Qualys PC enables auto-discovery and creation of system authentication records for IBM WebSphere Application Server on Windows. Now you can automatically discover all instances of IBM WebSphere Application Server on each Windows host. This new support ensures that you don’t have to create a separate authentication record for compliance scans on each IBM WebSphere Application Server in your environment.
Change in the CSV Reports Header Text for Control and Host Data in Custom Policy Reports
In policy reports using a custom report template with control statistics enabled, discrepancies were observed in the header information in the CSV format as compared to HTML and PDF formats. In CSV format, control and host data was displayed under the header ‘Control Summary’ and ‘Host Statistics’ respectively; whereas, in PDF and HTML reports, the same data was visible under the header ‘Control Statistics (Percentage of Hosts Passed per Control)’ and ‘Host Statistics (Percentage of Control Passed per Host)’ respectively.
This release makes the header text consistent across all report formats. The header text in CSV reports is updated to Control Statistics (Percentage of Hosts Passed per Control) for control information and Host Statistics (Percentage of Control Passed per Host) for host-specific information.
New Technology Support
Support added for the following technology for database auth scans, database-OS scans, database-OS agents, and database UDCs:
- PostgreSQL 14.x
Support added for the following technologies in the existing Oracle database UDCs:
- Oracle 12c Multitenant
- Oracle 18c Multitenant
- Oracle 19c Multitenant
Ability to add a widget to multiple dashboards
Until now, users could select a dashboard and add custom widgets. This release adds the capability to create a widget and add it to multiple dashboards. This new feature enables you to have relevant data pulled into different dashboards without having to create widgets individually for the same information. You can add the same widget to a maximum of 10 dashboards. The dashboard that is selected when you create a widget is included by default.
The following new templates are added in Unified Dashboard:
- CISA (BOD 22-01) Known Exploited – Detailed
- CISA (BOD 22-01) Known Exploited – Summary
- Patch Tuesday DB’S – 2018 – 2022
- CISA Known Exploitable Vulnerabilities