January 2022 Releases: Support for Scanning Hosts in CDN by DNS Name, New Role to Manage the Administration Module, New Templates in Unified Dashboard, and More

Himanshu Kathpal

The Qualys Cloud Platform January 2022 releases include Portal 3.10.0.0 and QWeb 10.17.0.0, which contain new features and important enhancements in the Qualys Cloud Platform and Unified Dashboard.

Feature Highlights

Qualys Cloud Platform

Support for Scanning Hosts in CDN by DNS Name

This release provides support for scanning hosts in a Content Delivery Network (CDN) environment by DNS name and maintaining separate results for each host even if they resolve to the same IP address. The scanning model has been changed to allow users to launch scans on multiple targets by DNS name and get separate scan results for each target even if they resolve to the same IP address. For example, if you launch a scan on site1.test.com, site2.test.com, and site3.test.com, a scan will be launched on all three targets, and you will get separate scan results for all three targets. Additionally, asset records for the different scan targets will be saved separately. The asset records will have the same IP address but different DNS names. When a new scan is launched by DNS name, only the appropriate asset record is updated with the latest scan results. If you launch a scan on site1.test.com, site2.test.com, and site3.test.com, the scan will be launched on all three targets, and you will get separate scan results for all three targets. Additionally, asset records for the different scan targets will be saved separately. The asset records will have the same IP address but different DNS names. When a new scan is launched by DNS name, only the appropriate asset record is updated with the new scan results.

Change in Reporting of DNS Hostname for EC2 Assets

This release changes the way the DNS hostnames are reported for EC2 assets with Cloud Agents as well as for EC2 Assets without Cloud Agents. This change will ensure that the expected hostname is displayed wherever asset details are displayed, including in Host-Based Scan Reports, Host Information page, other UI views, and API output.

For EC2 assets with Cloud Agents, the DNS Hostname for the asset is fetched from the agent scan results. For EC2 assets without Cloud Agents (connector-only), the private DNS name pulled from the connector is used.

When processing agent scan results, the following values are considered in the given order to determine the hostname for an EC2 asset with a Cloud Agent:

  1. The FQDN value received in agent scan results.
    If available, this value is used to process scan results. If not available, the traversal continues to the next step.
  2. The DNS_HOSTNAME value received in agent scan results.
    If available, this value is used to process scan results. If not available, the traversal continues to the next step.
  3. The Private DNS Hostname fetched from the connector.
    This is used only when FQDN and DNS_HOSTNAME values are not returned in the agent scan results.

    Note: If a value is retrieved in the first step, the traversal stops, and the rest of the values are not considered. If not, it continues to the next step.
Administration Module Access for Administrator User

We are introducing the Administrator role to manage the Administration module with this release. A Manager user can provide required permissions to a user with an Administrator role to access the Administration module. Once this access is provided, an Administrator user can view the Administration module in the module picker.

Capability to Include AWS Cloud Metadata in Compliance Policy Reports

Now you can include cloud asset metadata for your AWS assets in Compliance Policy reports. Update your policy report template in the UI and select the new Cloud Metadata option to include these details. This option is disabled by default. When enabled, the following cloud metadata is included for each AWS asset in your report:

  • Cloud Provider
  • Cloud Service
  • Cloud Resource ID
  • Cloud Resource Type
  • Cloud Account ID
  • Cloud Image ID
  • Cloud Resource Metadata

Cloud Resource Metadata for AWS includes the following:

  • Public IP Address
  • Private IP Address
  • VPC ID, Subnet ID
  • Instance Type
  • Instance State
  • Group Name, Group ID
  • Region Code
  • Availability Zone
  • Reservation ID
  • Is Spot Instance
  • Local Hostname
  • MAC Address
  • Private DNS Name
  • Public DNS Name
New QQL Token

Use the new QQL token vulnerabilities.lastFixed: to easily search for vulnerabilities by the fixed date. Users can specify values for a particular date or a range of dates or a certain number of days to fetch matching results of vulnerabilities that are fixed.

The fixed vulnerabilities count is displayed on the Detection Summary page on the UI.

Policy Compliance

New Technology Support

With this release, Qualys PC adds support for the following technology on scanner appliances as well as agents:

  • IBM WebSphere Liberty 21.x

Unified Dashboard

New Templates

The following new templates have been added to this release:

  • Accepted Risk Analysis – Displays the breakdown of the vulnerabilities being ignored given an organizational Accepted Risk process.
  • Database Global Inventory Insights – Helps gain visibility into Database Inventory and vulnerability and compliance exposure.
  • Database Ransomware (RW) Insights – Ensures visibility into your ransomware-related vulnerabilities, database inventory, and compliance posture.
  • Kaseya (REvil Ransomware) – Enables you to track your organization’s exposure to REvil Ransomware.
  • Print Spooler RCE (PrintNightmare) – Enables you to track your organization’s exposure to Print Spooler RCE (PrintNightmare).
  • Seqoia & Systemd Vulnerabilities – Enables you to track Seqoia and Systemd vulnerabilities using these templates.
  • Alert (AA21-209A) | Top Routinely Exploited – Displays CVEs routinely exploited by malicious cyber actors in 2020 and the vulnerabilities widely exploited in 2021.
  • Patch Efficiency – VULNs Severity 3-5 – Displays patch efficiency. The two ratio widgets at the bottom show ratio of remediated vulnerabilities and the ratio of remaining open vulnerabilities with the available patches.

Accessibility Compliance – The dashboard widgets are now designed using appropriate color contrast between the text and background so that the widgets are compliant to color accessibility standards.

Note: This feature is dependent on ML 12.9 version which would be available by end of March, 2022.

Share your Comments

Comments

Your email address will not be published.