Qualys Cloud Platform 2.31 New Features

Chris Carlson
Chris Carlson, VP of Cloud Agent, Qualys
- 4 min read

Last updated on: June 1, 2020

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows.

AssetView

  • Use custom severities in AV searches and widgets – you can now use modified QID severities as set in the Knowledge Base for AssetView searches and widgets by using the vulnerabilities.customSeverity search token. Default severities are also auto-populated into this field if the severity has not been changed.
    • Please note that if you are using nested queries, you may have to modify the level of nesting.
      Example:
      vulnerabilities.vulnerability:(severity:5 and title:”Microsoft”)
      would become:
      vulnerabilities:(customSeverity:5 and vulnerability.title:”Microsoft”)

Cloud Agent

  • “connectedFrom” search token for Cloud Agent IP address – use the “connectedFrom” search token in AssetView and Cloud Agent modules to find agents connecting from a specific IP address last used by an agent connecting to the platform (if the agent is behind a NAT device or proxy, that device’s IP address will be used).  The “Connected From” IP address has been displayed in the Agent Summary tab, this new search token lets you search by the IP address.
  • “errorStatus” search token for Cloud Agent errors – use the “errorStatus” search token in AssetView and Cloud Agent modules to find agents with errors (“errorStatus:true”) or no errors (“errrorStatus:false”)

EC2 Connector

  • AssetView Widget Group By / Categories support  you can now create AssetView widgets using Group By and Categories of EC2 metadata search tokens to achieve use cases such as: show assets grouped by AWS account, assets grouped by AWS region name, assets grouped by instance type, assets grouped by image ID, vulnerability posture grouped by AWS region/type, and more
  • Terminated instances are no longer collected – instance metadata for already-terminated EC2 instances are no longer being collected.  Existing behavior applies: an existing instance (running, stopped, etc.) that terminates will still have its status updated to terminated; and, if the connector can not find metadata of an already-collected instance ID, the instance state is set to terminated.
  • China Region (Beijing) support  Region Name “AWS China (Beijing)” with Region Code “cn-north-1” are now supported in the EC2 Connector.  (Per AWS:  customers who wish to use AWS resources in AWS China (Beijing) are required to create an AWS (China) Account, a set of credentials that are distinct and separate from other AWS global Accounts.)

Web Application Scanning

  • Multi-Scan Alert Icon – when one or more individual scans (slices) ends abnormally in a multi-scan, we now display an alert icon next to the multi-scan in the scan list.  This provides a visual cue that something went wrong versus having to click on each multi-scan one at a time.
  • Open in Browser option  a new “Open in Browser” option has been added to the Quick Actions menu for a web application.
  • Updated QID mappings  the mappings for WAS QIDs to various web application vulnerability classification lists have been updated.  For each WAS vulnerability, you will now see accurate mappings to Common Weakness Enumeration (CWE), OWASP Top 10 (2013 edition), and WASC Threat Classification.  NOTE: An upcoming release of WAS will use the 2017 edition of the OWASP Top 10 instead of the 2013 edition.
  • SmartScan status – the scan report now indicates if the SmartScan option was enabled or not for the scan.  This information can be found in the Appendix under Scan Details.

Web Application Firewall

  • Custom “HTTP response timeout” – you can now set a custom value for HTTP response timeout (60 seconds by default) for those applications that require a different value, and enforce it with custom security rules if needed

Security Assessment Questionnaire

  • New Template Editor – new capabilities for the creation and editing of questionnaire templates, including:
    • table of contents with a snapshot of the flow of the template
    • filters to facilitate quick retrieval of relevant information
    • ability to add multiple answers at one time, single-click similar question duplication
    • ability to provide instructions to a user at a section level
    • consolidated preview of all rules applied to a template, and more

API Updates

API updates are also included with this release:

Qualys Cloud Platform 2.31 API Notification 1

The specific day for deployment will differ depending on the platform.  Release Dates will be published on the Qualys Status page when available.

For more details about the above features – please review the release notes. Release notes will be posted as soon as they are available on the Qualys Suite Release Notes page.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *