Qualys TotalCloud 2.24.0 Release Updates
The Qualys TotalCloud™ 2.24.0 version introduces new capabilities, features, and updates. The release is expected to be available by mid-May 2026.
Connector Enhancements
AWS Cloud Permissions Validation
Qualys TotalCloud™ is introducing an enhanced AWS Connector configuration with a dedicated Cloud Permissions Validation tab, delivering instant, clear visibility into which permissions are present, actively used for inventory and evaluations, and which are missing, directly impacting coverage.
Rather than discovering gaps reactively through incomplete findings or audit failures, teams can now proactively identify and remediate permission shortfalls before they become blind spots. This eliminates guesswork and back-and-forth with cloud admins, replacing it with a single, authoritative view of connector health and permission coverage.
Key Benefits:
- Proactive awareness: Surface missing permissions before they create blind spots in your cloud coverage.
- Single authoritative view: Connector health and permission coverage consolidated in one dedicated tab, no more follow-ups with cloud admins.
Notation for FlexScan on the Connector listing page
To simplify the Connector listing page, users can now see clear visual icons indicating which FlexScan methods are configured on each connector. The FlexScan includes a Snapshot-Based Scan, API-Based Scan, and Cloud Perimeter Scan. This gives you at-a-glance visibility into enabled modules without having to navigate away.
Assets Count on AV Only Connectors
The cloud connector serves multiple use cases. For VMDR customers who use the Asset Inventory capability of the connector, users receive asset counts from each onboarded cloud connector.
We are now improving navigation so that when the user clicks these counts, detailed inventory views open immediately, providing immediate confidence in the discovered assets and their metadata.
CSPM Enhancements
Default Cloud Provider Selection
TotalCloud now allows users to designate a default cloud provider, ensuring that when navigating to the Inventory, Posture, Response, or Configure tabs, they land directly on their preferred cloud provider’s view, without additional clicks. For security engineers who primarily operate within a specific cloud environment, this personalization eliminates unnecessary navigation and keeps workflows fast and focused.
Key Benefits:
- Instant context on arrival: Always land on the most relevant cloud provider view from the moment you open any tab.
- Reduced navigation overhead: Fewer clicks for teams managing dominant workloads on a single cloud provider.
Exception Management for OCI Cloud
Qualys TotalCloud now fully extends exception management to Oracle Cloud Infrastructure (OCI), bringing it on par with AWS, Azure, and GCP. Security teams can suppress known and accepted risks, apply exceptions across specific resources or policies, reduce false-positive noise in findings, and maintain compliance exemption records, all within a consistent, unified workflow.
Key Benefits:
- Multi-cloud parity: Unified exception management across AWS, Azure, GCP, and now OCI in a single consistent workflow.
- Reduced compliance noise: Suppress accepted risks and maintain exemption records without disrupting overall posture visibility.
Extended Cloud Tags Support for All AWS Resource Types
TotalCloud has extended cloud tag support to cover all AWS resource types. Users can now pull resources using filters based on AWS Cloud tags. This directly addresses the gap between cloud security findings and structured ticketing workflows, ensuring that remediation ownership is clear, traceable, and aligned to how the business organizes its cloud estate.
Key Benefits:
- Complete cloud tag coverage: Every AWS resource type now carries full tag data, accessible via API for downstream integrations.
- Clearer remediation ownership: Bridge security findings to ticketing workflows via REST APIs with tag-based attribution across the full AWS estate.
Expanded Inventory Coverage
Qualys TotalCloud continues to expand inventory coverage across cloud, network, and AI resources, providing security teams with a more complete and accurate foundation for posture assessment and risk analysis.
Virtual Machine Scale Sets (Azure VMSS)
TotalCloud now extends inventory support for Azure VMSS instances, clearly differentiating between the orchestration modes, Flexible and Uniform. The flexible VMs are surfaced under the VM resource type with a dedicated icon, while Uniform VMs are listed under “Virtual Machine Scale Set Instances” with their own distinct icon.
Purpose-built QQL tokens enable precise searching and filtering, and resource associations are fully mapped, giving teams the relational context needed to understand how scale set instances connect to the broader Azure environment.
Key Benefits:
- No blind spots for auto-scaled infra: Every VMSS instance, regardless of how dynamically it was provisioned, is discovered by Qualys and scanned using agentless scanning.
- Precise QQL targeting: Filter, search, and target VMSS instances by orchestration mode with purpose-built tokens.
Improved Inventory of Amazon WorkSpaces Instances
Qualys TotalCloud now offers an inventory for AWS WorkSpaces, ensuring they are reliably discovered and visible within the Inventory tab. Associations between WorkSpaces, Directories, and Pools are accurately mapped and displayed. Control evaluation results are fully surfaced against WorkSpaces resources, and exception management works seamlessly, bringing WorkSpaces under the same rigorous security assessment and governance framework as the rest of the AWS estate.
CSPM Control Enhancements
New Controls and Title Updates
Qualys continuously monitors new security controls across cloud platforms. In this release, the following new controls have been added:
- Approximately 24 new security controls under AWS build-time checks
- 47 new controls for CIS Microsoft Azure Compute Services Benchmark
- Several additional controls for GCP and OCI
Control titles for a selection of AWS and OCI controls have also been refreshed to align with the latest security checks.
For ongoing updates on control changes, refer to the TotalCloud Release Notes for version 2.24, which will be published soon on the Qualys Product Release Notes page.
Deprecated Controls
When cloud providers deprecate specific services or features, the corresponding Qualys CSPM controls are also deprecated to maintain alignment. This ensures your compliance posture accurately reflects the current state of your cloud environments, eliminating outdated or irrelevant findings.
For more information on impacted controls, refer to the control metadata for: AWS | Azure | GCP | OCI
| Cloud Platform | Deprecated Controls | Reason for Deprecation |
| AWS | 508 – Ensure AWS EBS Volume has a corresponding AWS EBS Snapshot | This has been removed as part of the broader cleanup and standardization of EBS snapshot-related REST API calls. |
Risk Prioritization
Additional TruRisk™ Insights for Azure Cloud
TruRisk Insights aggregates risk factors across multiple scans, including vulnerabilities, misconfigurations, and threats, to deliver a prioritized, actionable view of your highest-impact risks. Complementing this, Attack Path adds critical context, including internet exposure, blast radius, and environmental dependencies, helping you understand why a risk matters and how it could propagate.
This release expands TruRisk Insights coverage for Azure with 15 new insights, powered by Qualys researchers’ analysis, spanning misconfigurations, network exposure, threats, and compute workloads. Each insight is designed to surface contextual, correlated risk intelligence that goes beyond individual misconfigurations, connecting findings across resources to reveal the true blast radius of a potential threat in your Azure environment.
What’s Next
- Learn more about TotalCloud™ CNAPP, the Risk-minded CNAPP
- Click here to get online help on TotalCloud, Connectors, and the TotalCloud API User Guide
- Check out the How-to Training Videos
If you have any questions, please contact your Technical Account Manager (TAM) or Qualys Technical Support.