November 2021 Release: Prioritize Assets by Criticality Score, Option to Include/Exclude Asset Tags in Search and Reports and More
The Qualys Cloud Platform November 2021 release includes Portal 188.8.131.52, which contains new features and important enhancements in the Qualys Cloud Platform, WAS, and Unified Dashboard.
Qualys Cloud Platform
List Assets by Asset Criticality Score
The asset criticality score represents the criticality of an asset to your business infrastructure. This score is calculated based on multiple tags assigned to the asset with asset criticality scores defined. The highest score assigned to the asset via multiple tags is the asset criticality score of the asset. If the tags associated with the asset don’t have criticality scores defined, then a score of ‘2’ is assigned by default, which can be modified as per your requirements.
Starting this release, you can search for hosts by their asset criticality scores. Now, you have the option to search by specifying a value for the token
asset.criticalityScore. When you search assets by using the
asset.criticalityScore token, all the assets in your environment that match the specified value will be listed, enabling you to prioritize your remediation actions.
You can also create widgets for asset criticality scores, which enables you to have instant insight into the assets in your network and their criticality.
Option to Include or Exclude Asset Tags in Search and Reports
Users can now choose to include or exclude asset tags and include only the filtered asset information in VMDR reports. Availability of patches, RTI, and vulnerability data will be displayed for assets based on the tags you have included or excluded.
IBM Virtual Machine Information in Cloud Agent Search Agent Details
With this release, we have added support for IBM cloud provider. When an agent is installed on IBM cloud provider instance, its meta data information will be displayed on Qualys Cloud Agent and Asset user interface.
Web Application Scanning
Web Application Authentication Records now include an option for OAuth2 records in addition to the Form and Server Record support that were previously available. There are four Grant Types available – Authorization Code, Implicit, Client Credentials, and Resource Owner Password Credentials.
Authorization Code Grant Types require a selenium script (recorded through the Qualys Browser Recorder) along with a Redirect URL and Access Token URL. Optional fields include a Client ID, Client Secret, Scope, and an Access Token Expired Message pattern for identifying when tokens need to be refreshed.
Implicit Grant Types require a selenium script along with a Redirect URL.
Client Credentials Grant Type require an Access Token URL and optional fields for Scope, Client ID, and Client Secret.
Resource Owner Password Credentials Grant Types require an Access Token URL, username, and password besides optional fields for Client ID, Client Secret, Scope, and Access Token Expired Message pattern.
New Application Dashboard Template Library
The new Dashboard library allows you to create your dashboard using existing widget templates, customize existing widgets or create your widgets to suit your need. The templates are segregated based on the subscription to other Qualys products.
New Widget Template: All Authentication Window QIDs
You can now use the new out-of-the-box template, which focuses on Windows-based authentication QIDs. It helps to highlight the different states of authentication for Windows.