The Qualys Cloud Platform April 2021 releases include Qualys Cloud Suite 10.10.0.0 and Portal 126.96.36.199, which contain new features and important enhancements in Qualys Policy Compliance, Vulnerability Management, AssetView, and Web Application Scanning.
Support Added for Azure MS SQL Database Authentication Record
Starting this release, Policy Compliance users will be able to scan Azure MS SQL instances for compliance assessments.
To create a new Azure MS SQL authentication record, users can select login details using a password-based record or vault-based record. All vaults supported by MSSQL auth record will be supported for Azure MS SQL record.
Support to Scope Dashboards Based on Tags
This release will enable users to apply tags to certain dashboards and specify user accounts that can access these dashboards on the basis of the tags’ scope. This would ensure that a user will be able to see only those dashboards that have the tags which the user has been assigned with.
Ability to Magnify A Widget for Better Visual Reference
Users will now be able to zoom into a widget and have access to an enlarged view, helping them with a better visibility analysis of the trend-lines.
New Templates in the Out-of-the-Box Template Library
- TOP 10 Vulnerabilities Severity 3 – 5: Multi-column widget showing TOP 10 Vulnerabilities with Severity 3 to 5.
- VULN Host Ratio (VHR): This widget will show the health of any VM program through the metric of VULN to host ratio. The Vulnerable Host Percentage (VHR) metric represents the overall security level of a network given the scope of assets or the entire subscription also known as (VHP).
- TOP 50 – CRITICAL/HIGH Vulnerabilities: This widget will show the top 50 vulnerabilities with a CVSS criticality level “High”, found in the last 30 days.
- Vulnerabilities by Detection AGE & Status: This widget will show vulnerabilities by age and status.
- Add FireEye related widgets to the platform as Widget templates: This widget will show all patches related to FireEye QIDs related to the tools Theft.
Azure Virtual Network (VNet) Information in Asset Details page in AssetView
With this release, detailed information about the virtual network (VNet) will be fetched for the Microsoft Azure assets. Assets are returned when they are visible to the user (i.e. in the user’s scope).
Web Application Scanning (WAS) and Malware Detection (MD)
An implementation in Qualys Web Application Scanning (WAS) for both the UI and API allows customers to manually assign System and Dynamic Tags in violation of defined Qualys Platform Tag behavior. Similarly, MD users can manually assign these tags through the MD UI.
This notification is to provide customers an advance notice of a functionality change in WAS to correct this behavior. After 60 days, users will no longer be able to manually assign System or Dynamic Tags within WAS and MD. This change will impact manual assignment in the UI as well as through the API for WAS, and only in the UI for MD.