This new release of the Qualys Cloud Platform (VM, PC), version 8.18 contains several new features and improvements in Qualys Vulnerability Management and Policy Compliance, which include CertView Vulnerability Scan for EC2 Assets, support for new authentication types to filter vulnerabilities, support for InformixDB authentication and IBM Web Application Server, and 2 new technologies in Policy Compliance.
Qualys Vulnerability Management (VM)
- Launch Cloud CertView Vulnerability Scan for EC2 Assets – Users can now launch Cloud CertView scans and get an up-to-date view of the certificates and the current security posture of their AWS EC2 hosts using Qualys Certificate View. To start a scan for CertView hosts, go to Scans > New > CertView Scan.Note: Before launching Cloud CertView scans, the EC2 Assets must be activated for CertView Scanning. Once an EC2 connector is created in AssetView, EC2 assets will be activated automatically to scan CertView Scanning application.
- Support for New Authentication Types to Filter Vulnerabilities – Users can now search in the Qualys Knowledge Base for vulnerabilities that are under authenticated only/remote and authenticated categories with authentication types set as TOMCAT, MARIADB, MongoDB, WebLogic and PANOS. To filter such vulnerabilities, the following new authentication types have been added: TOMCAT, MARIADB, MongoDB, WebLogic, PANOS for “Remote and Authenticated” and “Authenticated Only” discovery methods. These authentication types are also available when creating dynamic search lists.
Qualys Policy Compliance (PC/SCAP/SCA)
- Support for InformixDB Authentication – Qualys PC and SCA now support InformixDB authentication for compliance scans.
To create an InformixDB authentication record, go to Scans > Authentication, and choose New > InformixDB Record.
- IBM Web Application Server (WAS) Support – This release extends support for IBM WebSphere App Server authentication to include WebSphere Application Server 9.x for Unix.
Note: Users need an IBM WebSphere App Server authentication record to authenticate to the web server and scan it for compliance. Users also need a UNIX record for the host running the web server.
- PostgreSQL 10.x Support – This release extends support for PostgreSQL database authentication to include PostgreSQL 10.x for UNIX.
Note: Users need a PostgreSQL authentication record to authenticate to the web server and scan it for compliance. Users also need a UNIX record for the host running the web server.
Platform release dates will be published on the Qualys Status page when available.