This new release of the Qualys Cloud Platform (VM, PC), version 8.19, contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include an improved display of deadlines for remediation policies in VM; additional support for MS Exchange Server authentication, and default selection of layout options in policy report templates in PC; 2 new options for Sybase authentication, support for Microsoft Azure Key Vault in Qualys Cloud Platform, as well as a change in an existing option name (“Scan agent hosts in my target”) in the Launch Vulnerability Scan page.
Qualys Vulnerability Management (VM)
Enhanced View of Remediation Policy Deadlines – The Policies tab data list has been enhanced to easily understand the deadlines set for the remediation policy rules.
The Deadlines column is now split into two columns – Deadline Date and Deadline Days. Depending on the option is chosen in the Action tab while creating or editing remediation tickets, the deadline for the ticket is displayed with a specific date or the remaining number of days after which the ticket will be reopened.
Qualys Policy Compliance (PC)
Support for Microsoft Exchange Server Authentication – Qualys now supports MS Exchange Server authentication for compliance scans using Qualys PC. Users can create an MS Exchange Server record in order to authenticate to a Microsoft Exchange Server running on a Windows host, and scan it for compliance.
Default Selection of Layout Options in Policy Report Templates – With this release, some layout options for Policy Report templates are selected by default during template creation for policy reports. This ensures that additional features are enabled automatically in the template for enhanced reporting capabilities.
The layout options that are selected by default are:
- Remediation info
- For Failed Controls
- For Error Controls
- Cause of Failure
- Unexpected values
- Missing Values
Qualys Cloud Platform
Sybase Authentication: Password Encryption and Auto Discover Databases – This release introduces 2 new options for Sybase basic and vault authentication:
- Enable Password Encryption
- Auto Discover databases.
Enable Password Encryption: Enable this option when the Sybase database instance requires an encrypted password for successful login. Authentication will fail if password encryption is configured as required and users do not enable this option.
Auto Discover: Enable this option to find all Sybase database names on each host. Users can create one record with Auto Discover Databases enabled to authenticate to multiple databases on the same host. It is no longer required to create a separate Sybase record for each database name.
Support for Microsoft Azure Key Vault – This release adds a new vault type that can be used to retrieve authentication credentials from an Azure key vault.
For PostgreSQL, Qualys supports only private keys and passphrase retrieval since the Azure key vault supports only retrieval of private keys and passphrase. Password retrieval is NOT supported for PostgreSQL.
Update in an Option Label in the Launch Vulnerability Scan Page – In the Target Hosts section of the Launch Vulnerability Scan and New Scheduled Vulnerability
Scan pages, the option “Scan agent hosts in my target” has been renamed as “Temporarily add agent addresses not currently in my subscription”. The option label has been changed to ensure better clarity in VM and PC, and the functionality applies only to VM and PC scans.
Users need to select this option if the scan target includes agents that may have acquired IPs that are not in their subscription. If this option is not selected, scans will not be executed and an error will be generated. When this option is selected, the agent IP addresses in the user’s target are added to the subscription for the currently initiated scan. It cannot be used with the external scanner option.
Note: This option is visible only if Qualys Cloud Agent is enabled for the user’s subscription.