This release of the Qualys Cloud Platform version 2.23 includes updates and new features for AssetView, Cloud Agent, AWS Region Support, Security Assessment Questionnaire and Web Application Scanning as follows:
- Download lists within Asset Details – Within the Asset Details window, you can now download any list you see, such as Vulnerabilities, Installed Software, and Open Ports.
- Group by downloads – Clicking “Download” after performing a “Group By” within AssetView will now download the displayed, grouped results rather than the raw asset list.
Cloud Agent Platform
- Config Profile reorganization – The performance parameters have been reorganized with a new layout and to include OS-specific settings and legacy settings for older versions.
Security Assessment Questionnaire
- Risk & Scoring – You can now set criticality for questions and score for answer options in the questionnaire templates. The question criticality scale is set as info, low, medium, high, and critical. The answer scale is customizable with labels and answer weights. When generating reports, you can easily filter by question criticality and the answer scores to derive an overall risk score or simply identify high risk areas in the assessment.
EC2 Connector & Scan Jobs
- New AWS Region Support – You can now set up the EC2 Connector for AWS Gov Cloud and 5 new AWS global regions: US East (Ohio), Asia Pacific (Mumbai), Asia Pacific (Seoul), EU (London) and Canada (Central). The update is also available in EC2 Scan job, enabling you to target scans for instances in these regions.
Web Application Scanning
- REST based assessment improvement – We now fully support proxy log imports from BURP into Qualys WAS. This expands the capability and support for scanning REST based services that will greatly benefit all customers’ ability to scan their APIs and aid in mobile application security testing of web services.
- Enhanced Path Fuzzing and URL Rewrite support – WAS can now further and more granularly prevent repetitive crawling of the same web pages by better defining the path fuzzing rules in the UI. Also, if the same page is being addressed with different URLs/URIs you can easily specify the rewrite values thus reducing scan load and time.
The specific day for deployment will differ depending on the platform. Release Dates will be published on the Qualys Status page when available.