Qualys TotalCloud 2.10.0 Release Updates 

Shrikant Dhanawade

The Qualys TotalCloud 2.10.0 version introduces new enhancements and modifications to its configuration. This release will be deployed by the last week of May 2024.

New CIS Benchmark Policies

The CIS Benchmarks are a trusted source of best practice controls that are developed through consensus. Qualys, a leading provider of cloud security solutions, is dedicated to offering extensive coverage of the CIS Benchmarks and regularly releases CIS-certified policies in TotalCloud. Qualys also contributes to the development of new benchmarks through the CIS Community, ensuring that the benchmarks stay relevant and up-to-date.

TotalCloud will have new CIS versions in this release.

  • CIS Amazon Web Services Foundations Benchmark 3.0.0
  • CIS Microsoft Azure Foundations Benchmark 2.1.0
  • CIS Oracle Cloud Infrastructure Foundations Benchmark 2.0.0

Automatically Activate GCP Workloads for Vulnerability Scans with GCP Connectors

Qualys has offered support for GCP Cloud Connectors for a while now, allowing users to connect to both GCP projects and GCP organizations. This feature helps with cloud inventory discovery and configuration assessments through CSPM. With the latest update, users can now automatically activate GCP VM Instances for vulnerability scans. This enhancement strengthens CSPM capabilities and improves the security of GCP infrastructure.

The feature will be enabled with Cloud Platform versions 10.26.1 and 3.18.0.

Secure AWS Bottlerocket via Snapshot-Based Scan

Qualys has introduced a new offering that makes it the only vendor solution capable of scanning AWS Bottlerocket instances directly with the Qualys Cloud Agent and snapshot-based agentless scan. This unique and innovative feature allows organizations to manage and mitigate risks at both the host OS and container levels more effectively.

Refer to the blog for more details – Elevating Security: Qualys Unveils First Solution for Scanning AWS Bottlerocket in Amazon EKS and Amazon ECS

OCI Connector Now Generally Available

Qualys has been providing support for OCI Cloud Connectors, which help discover cloud inventory and perform configuration assessments via CSPM. Initially, this feature was only available to customers who requested it. It is now generally available to all customers. Users can now see an option in the Connectors UI and deploy connectors to OCI Cloud to get inventory and perform configuration assessments (CSPM).

Enhanced Inventory and Security Measures

We have broadened AWS inventory to include IAM resources such as IAM Roles, IAM Policies, and VPC Endpoint resources. This expanded inventory allows you to identify elevated risks in your accounts and quickly spot misconfigurations. Users can also search using QQL tokens to pinpoint specific resources such as Admin users, Unused Passwords, Users with no MFA, or a combination of these. In addition, previous IAM users are now accessible under a new region category called “Global”.

TruRisk Insights Enhancements

In this release, we’ve made significant enhancements to TruRisk Insights, including:

  • The introduction of Insights for Azure Cloud, offering a unified, prioritized overview of security findings in Azure Cloud.
  • The expansion of AWS TruRisk Insights to cover resources such as Serverless functions, RDS, IAM Users, etc.
  • The addition of CID numbers to each insight for easier tracking.

Mandate Version Upgrade

TotalCloud now supports NIST CSF v2.0 (NIST Cyber Security Framework)

Sr. No.Old Mandate Name/VersionNew Mandate Name/Version
1NIST Cyber Security Framework (CSF) Version: 1.1The NIST Cybersecurity Framework (CSF) Version: 2.0

To learn more about the introduction of the updated framework to the Qualys platform at a higher level, please refer to Achieving NIST CSF 2.0 Top Tier Adaptable Status.

Module Pickers Change

All TotalCloud capabilities are now grouped under “Cloud and SaaS Security” in the module picker. This grouping features TotalCloud, Container Security, SaaS Security Posture Management (SSPM, previously known as SaaS Detection and Response), and Qualys Flow. This organization enables easier navigation and management of cloud and SaaS security tools, providing users with a comprehensive overview and control over their security posture directly from a single point of access.

The update will be accessible in the Cloud Platform 10.27 release.

AWS Cloud Detection and Response appliance based on Qualys network passive sensor

AWS CDR threat sensor now integrates with Qualys network passive sensor. With this integration, the CDR appliance now has:

  • Management and Control channels that are secure with the Qualys platform’s security standards  
  • Qualys-approved OS Oracle Linux version 8.0
  • Improved di-sectors for network findings
  • A FedRAMP-ready appliance 

We have provided a new CDR deployment creation page from the Configuration->Threat Scanner page. On this page, users can create a new CDR deployment, download Terraform scripts to deploy a new CDR in their AWS environment, and delete these deployments. The provided registration key must be used while configuring the traffic mirror for these new deployments.

This new Cloud Detection and Response is available with Network Passive Sensor release 3.0.0.

AWS Legacy Tab in Threat Scanner Configuration

We have added a new AWS Legacy tab in the configuration section of Threat Scanner. This tab is read-only and displays all CDR deployments that were created with TotalCloud 2.9 or earlier versions. Starting from TotalCloud 2.10, customers can only deploy CDR from the AWS tab with the release of Network Passive Sensor 3.0.0. Therefore, we recommend that customers switch their old CDR appliances to the new Network Passive Sensor 3.0.0 release CDR appliances.

The AWS legacy tab allows users to view their CDR deployments created with TotalCloud 2.9 or earlier versions and remove them as needed.



  • Naveen Kulshreshtha, Principal SME, Cloud Detection & Response
Share your Comments


Your email address will not be published. Required fields are marked *