The Qualys TotalCloud 2.8.0 version introduces new enhancements and modifications to its configuration. This release will be deployed by the first half of Feb 2024.
Extend Cloud Perimeter Scan to Amazon ELBs
We have also added an extension to the Zero Touch Cloud Perimeter Scan technique to include Amazon Cloud’s Elastic Load Balancers (ELBs).
Using a checkbox on the connector, the Zero-Touch Cloud Perimeter Scan now includes AWS ELBs for a regular security check. While selecting the ELBs scan option, you must enable CSPM capability on the connector to discover ELBs. This inclusion can help prevent security breaches by detecting potential external vulnerabilities in AWS deployments before they can be exploited.
Enhancements to Assessment Reports
Generating assessment reports has been streamlined by eliminating unnecessary components previously used to filter resource results. By utilizing the existing QQL token “resource.result” with predefined values such as Pass, Fail, and PassE, building the assessment search query has become more straightforward.
Enhancement to Alert Configuration
The Rule Manager Wizard in the Responses tab now features new Severity levels: None, Low, Medium, and High. These levels allow for the sorting and prioritizing alerts by their significance level. In the case of rules that existed before this update, the default severity is set to None. Users have the flexibility to update these settings to the level that best represents the criticality of the alerts.
New QQL Tokens for Evaluations
To assist in identifying misconfigurations in situations including newly emerged, unresolved, or reactivated issues, three new QQL tokens have been introduced. These tokens are compatible with the public API interface.
Use these tokens in the Posture and Dashboard tabs.
Retrieve AWS Account Tags
We’ve added an ability for AWS Organization Connectors to pull AWS account tags. This functionality applies to connected members within the organization, giving the ability to fetch and search using the AWS account tags.
To facilitate the search for these recently added account tags, we’ve introduced new QQL search tokens. These tokens will now be accessible within the Posture, Inventory, and Connectors tabs under the AWS Cloud section.
This enhancement will help you get AWS account tag visibility in the Qualys platform. Set the respective accountable parties of the AWS accounts in the AWS Tags and detect those in Qualys to carry out remediation exercises, for example.
Delete Organization Connector
We have introduced a delete function for Organization Connectors. This new feature allows you to either include member connectors in the deletion process or keep them by excluding them from deletion, which leaves them in a detached state. This functionality lets you keep an up-to-date record of the active Organization Connectors within Qualys. It will be available for all the supported cloud providers, AWS, Azure, and GCP.
CDR Deployment Wizard
We are enhancing deployment tools for CDR to help ease the deployment process. In this release, we have introduced a wizard for CDR Flow log-based deployments for AWS and Azure Cloud. TotalCloud Threat Scanner UI in the Configure tab allows the creation of CDR deployment for analyzing cloud flow logs.
- For the AWS cloud, the wizard collects the user information and helps launch CFT in the customer’s AWS account to create a required deployment.
- The wizard collects the required information for the Azure Cloud, allowing terraform script download to run in Azure Cloud Shell.