Qualys CloudView 1.21 Release Updates

Shrikant Dhanawade

Last updated on: January 10, 2022

A new release of Qualys CloudView 1.21 includes an update to mandates and CloudView UI. This notification provides an early preview, allowing you to identify use cases that can leverage the release updates. The release is targeted for January 2022, the specific day will differ depending on the platform. See platform release dates on the Qualys Status page.

Updates to Mandate configurations

Qualys CloudView application is extending mandate coverage by introducing new mandates and upgrading versions of the existing ones. These changes are available in CloudView 1.21 release.

Updated mandates with new versions

Sr NoMandate NameCurrent VersionVersion Post 1.21 release
1The Australian Signals Directorate – The Essential 8 Strategies (ASD 8)February 2017June 2020

Updated mandates to fix sorted order (no other change in mapping)

Sr NoMandate NameVersion
1Federal Risk and Authorization Management Program (FedRAMP H) – High Security BaselineRev. 4
2Federal Risk and Authorization Management Program (FedRAMP M) – Moderate Security BaselineRev. 4

Updates to CloudView UI

There are two major updates to CloudView UI

  1. Infrastructure as Code (IaC) security posture
  2. CloudView Application Home

Infrastructure as Code (IaC) security posture

As a part of the introduction of Infrastructure as Code security (beta) earlier, we had introduced a new category “Execution Type” for policies and controls with values as follows:

  • Run Time – category for listing controls and policies for evaluations on deployed cloud resources
  • Build Time – category for listing controls and policies for evaluations on IaC templates

This was supported with search tokens on the Policy tab using the following search tokens:

  • policy.executionType: search policies by the execution type (Build Time, Run Time).
  • control.executionType: search controls by the execution type (Build Time, Run Time).

In CloudView release 1.21, you will see the introduction of IaC Security posture in the Monitor, Policy, and Reports tabs.

  1. Monitor Tab: Introduction of new tabs, Cloud Posture (for current Monitor UI display – runtime posture) and IaC Posture (display of IaC template evaluations – buildtime posture).
  2. Policy Tab: The IaC Posture lists the evaluations on IaC templates for the scans those were triggered from Git Repository such as GitHub Actions, Bitbucket pipeline, GitLab pipeline, Azure pipeline.
  3. Reports Tab: Reports (PDF and CSV) screen will now have an option to select execution type and based on the selection either “Run time” or “Build time”, you can generate assessment reports.

CloudView Application Home

Qualys CloudView introduces an application home page. On navigation to CloudView application, you will now land on the home page and get the ability to see a summarized view of your cloud resources and posture with out-of-the-box widgets, the single-pane to see all available features and new introductions to the application.

CloudView APIs

Refer CloudView API Notification and Release notes for more information.

CloudView API Updates

Resources

Share your Comments

Comments

Your email address will not be published. Required fields are marked *