Qualys TotalCloud 2.18.0 Release Updates
The Qualys TotalCloud 2.18.0 version introduces new capabilities, features, and updates. The releasewill be available by the start of August 2025.
Cloud Connector Enhancements
Restrict edit operation for disabled connectors
Qualys TotalCloud makes it easier to manage your connectors by letting you update settings through the UI and public APIs. With this new update, we are restricting edit operations on the disabled connectors’ public APIs, helping you avoid unnecessary or accidental changes.
You can still manually or remotely manage any active connectors (non-disabled) just as before, saving time and ensuring smooth control over your environment.
Improvements to connector listing APIs
We have enhanced the way you list connectors through our Public API by adding pagination and search token support. This means you’ll no longer run into issues of connector listing API responses when dealing with a large number of connectors. These improvements streamline your connector management, reduce errors, and save your developers valuable time.
Support for the Azure Auth library MSAL
Azure Active Directory Authentication Library (ADAL) has been deprecated. While existing apps that use ADAL will continue to work, Microsoft will no longer release security fixes for it. We have upgraded these auth libraries according to Microsoft guidelines. The important point to note here is that the updates do not impact any of your connector configurations and executions.
This update is for your awareness only. No changes or actions are required from your side.
CSPM Enhancements
Show non-terminated instances by default
Qualys TotalCloud provides a complete view of resources across multiple cloud providers, helping you keep track of everything in one place. Our platform provides a detailed inventory of your virtual machines or instances, highlighting vulnerabilities, misconfigurations, and software inventory-related information. On the TotalCloud UI, the instance listing page displays all instances across your platform, irrespective of their status.
Now, we’ve added a handy toggle button that lets you quickly show or hide deleted or terminated instances, so you only see them when needed. By default, these instances remain hidden, helping you focus on current systems and keep your workspace organized. It’s all about giving you control and making it easier to focus on what matters most to you.
Search tokens for IAM classification
Qualys TotalCloud provides an inventory of your cloud identities. Qualys’s Cloud IAM Policy Analyzer analyzes identity entitlements and provides IAM classifications such as “Administrative permissions that have access to all the resources.” These IAM classifications are then fed to TruRisk Insights to offer complete resource risk exposure.
These classifications are now available to search via QQL tokens on the identity inventory. This makes it easy to find specific resources exposed based on the analysis by Qualys’s Cloud IAM Policy Analyzer.
IPv6 support
Qualys TotalCloud is expanding its capabilities to meet the evolving needs of customers across diverse industries. It is focusing on enhancing support for IPv6 alongside IPv4 for critical services such as Virtual Machines, Lambda Functions, and RDS instances. This comprehensive integration of all cloud platforms ensures that customers can manage their resource inventory seamlessly, regardless of the IP version in use.
The inclusion of IPv6 is particularly crucial for federal customers, who are required to comply with mandates for IPv6-supported products. By providing extensive IPv6 support, Qualys TotalCloud not only aligns with regulatory standards but also future-proofs cloud security and management for organizations transitioning to modern IP infrastructures.
CWPP Enhancements
Scan Windows OS using agentless snapshot-based scan
Snapshot-based scan is one of the vulnerability scan methods offered by TotalCloud, which runs agentless. It captures the state of an environment at a specific moment, allowing security teams to analyze cloud workloads, both ephemeral and offline, without directly interacting with live systems.
We have now extended the scans to Windows OS using a snapshot-based method. It now supports scanning Windows Server 2016, 2019, 2022, and 2025. By leveraging the TotalCloud snapshot-based scan, customers can now achieve comprehensive vulnerability coverage across cloud environments with Linux and Windows OS deployments.
Search tokens for scan type
TotalCloud FlexScan offers multiple vulnerability scan methods, including snapshot-based and API-based scans, using agent and network-based methods.
We now provide a QQL search token on the TotalCloud inventory so users can search for methods used to scan for vulnerabilities. The QQL token helps you quickly filter and group resources and gain visibility of the resources covered via various scans across the platform.
GCP Cloud Perimeter scan support in portal public APIs
With the TotalCloud 2.16.0 release, we’ve launched Zero-touch Perimeter Scan for GCP Cloud Connectors, enabling automatic setup of cloud environments for perimeter scanning without manual intervention. This streamlines integration and minimizes time spent on administrative setup, ensuring faster deployment.
Now, we’ve expanded this seamless functionality to support APIs, allowing effortless automation of these processes. By managing configuration tasks for you, our solution ensures a secure and efficient cloud infrastructure, freeing you to concentrate on safeguarding assets and driving business growth.
CDR Enhancements
AWS CDR appliance – search interface
Qualys TotalCloud now introduces a powerful search interface for the AWS CDR appliance, enhancing traffic visibility across cloud workloads. This new feature enables users to investigate connection outliers by analyzing unusual source and destination IPs, ports, and protocols with ease.
By providing deeper insights into network traffic, the search interface empowers threat hunting efforts to detect lateral movement, command and control activities, and data exfiltration indicators. This advancement significantly strengthens cloud security monitoring and incident response capabilities.
Process threat detections for Kubernetes (CDR)
With Container Runtime Security (CRS), the CDR platform now delivers real-time, process-level detections by mapping eBPF behavior and process events to key sets of threat rules. This includes detections such as container escapes, cryptominers, fileless malware, network utility executions, and more. This requires deployment of the eBPF Runtime Sensor to your Kubernetes clusters.
Enhancements to this feature further boost network threat visibility by ingesting network activity logs into CDR and enriching detections with contextual threat intelligence. As a result, CDR now generates real-time IP reputation alerts, providing timely and actionable insights to strengthen container security.
Resources
- TotalCloud™ – The Risk-minded CNAPP. Learn more about TotalCloud CNAPP.
- Online Help for TotalCloud, Connectors, TotalCloud API User Guide
- How-to Training Videos
- Qualys Cloud Security Expert’s articles: Cloud Vulnerability Scanning
- If you have questions, please contact your TAM or Qualys Technical Support.