Back to qualys.com
75 posts

QualysGuard 8.0 New Features

QualysGuard 8.0 adds the following capabilities to the QualysGuard Cloud Platform and its suite of services:

  • Featured Enhancement: Overlapping IP support
  • Vulnerability Management
    • Improvements to the SSL Certificates List
    • Configure Multiple PCI Option Profiles
    • Security Risk Score Summary Added to XML and CSV Reports
  • Policy Compliance
    • Golden Image Policy Organized Into Sections
    • Select Individual IPs for Your Policy Reports
    • Control Checksum Requirement Removed from Policy XML
  • QualysGuard Platform
    • New Look and Feel for QualysGuard Express
    • Improved IP Selection
    • QualysGuard API Enhancements

Continue reading …

QualysGuard 7.12 Update: Multiple New Enhancements

An update to QualysGuard 7.12 will be released in production in the coming weeks to introduce improvements to the QualysGuard Cloud Platform and API:

  • New Permission to Manage External IDs
  • Dissolvable Agent Per Scan
  • QualysGuard API Enhancements

Continue reading …

QualysGuard 7.12 New Features

Update: Also see details on the update to QualysGuard 7.12.

QualysGuard 7.12 will be released in production in the coming weeks and includes enhancements to QualysGuard Vulnerability Management (VM) and Policy Compliance (PC) reports, and API.

Highlights include: new Certificate (SSL) Dashboard, new VM Authentication Report, Test Control function in the Policy Editor, and API enhancements.

Continue reading …

QualysGuard 7.11 New Features

QualysGuard 7.11 will be released in production in the coming weeks and includes enhancements to QualysGuard Vulnerability Management (VM) and Policy Compliance (PC) reports, and API.

Highlights include: ability to rerun a report, new “Host Scan Date” filter and “Vulnerability Fixed On” date filter for the vulnerability scorecard report, and API enhancements.

Continue reading …

QualysGuard 7.10 New Features

QualysGuard 7.10 will be released in production in the coming weeks and includes enhancements to QualysGuard Cloud Platform, Vulnerability Management (VM), Policy Compliance (PC) and API.

New QualysGuard Express Lite

The new service offering QualysGuard Express Lite for SMBs is launched with this release.

img1

QualysGuard Cloud Platform Enhancements

Redesigned Application Picker: In this release, the application picker has been redesigned with a new look & feel to clearly show to users the various applications available in their subscriptions.

Continue reading …

QualysGuard First to Support Solaris 11

oracle-solaris11-clouds-505571

On November 9, 2011, Oracle announced the launch of Oracle Solaris 11 as the first fully virtualized operating system providing customers with comprehensive, built-in virtualization capabilities for OS, network and storage resources. Solaris 11 is designed to meet the security, performance and scalability requirements of cloud-based deployments allowing customers to run their enterprise applications in private, hybrid, or public clouds.

Working closely with Oracle during development and testing, Qualys is pleased to be the first vendor to add support for Oracle Solaris 11 within QualysGuard Policy Compliance.  The new compliance checks includes configuration checks based on the Oracle Solaris 11 hardening guideline, such as service checks, sshd_config checks, file permission and ownership checks.  This content is immediately available within QualysGuard Poilicy Compliance for all subscribers.

To enable support for Oracle Solaris 11, simply add your Oracle Solaris 11 IP addresses to a valid Unix authentication record. QualysGuard Scanner Appliances support Oracle Solaris 11 authentication as of ML 5.18.  Once successfully authenticated, QualysGuard Policy Compliance will scan Oracle Solaris 11 configurations and report results in a valid Oracle Solaris 11 policy.

For more information regarding QualysGuard Policy Compliance or how to configure QualysGuard Policy Compliance, please visit the Policy Compliance Community.

Dashboard and Drill-down Reporting in Policy Compliance

With the release of the new QualysGuard UI, Policy Compliance can now stand alone as it own module within QualysGuard.  This focused approach to modules in the new UI makes it easier to consolidate compliance reporting and provide additional capabilities specific to Policy Compliance.  A perfect example of this is the new Dashboard and Policy Summary Report released in QualysGuard 6.22.

Policy Compliance Dashboard

By enabling the new UI in QualysGuard 6.22, Policy Compliance gets its own dedicated Dashboard.

 

This new dashboard summarizes the compliance status across all policies in the subscription in one single view, identifying your top failing technologies that need attention.  In addition, view and access your last scans, upcoming scheduled scans, and latest reports directly from the dashboard.  For more information, drill down into your top failing and passing policies, which opens the new Policy Summary Report.

Policy Summary Report

The new UI also exposes a new tab under Reports called Policy Summary.  This new tab provides a summary of your policy without running template based reports, as required in previous versions of Policy Compliance.  To see the summary, simply select a policy and a trend duration.

 

This new summary report provides trending of your pass/fail status, controls, and hosts by policy.  In addition, drill down into your top failing hosts and controls, which opens an interactive report with detailed results.

These new features in QualysGuard 6.22 enhance the reporting capabilities of Policy Compliance and provide a global view of compliance.  To try these new features, simply switch over to the new UI in your subscription.  To see a demo of these new features, please visit the Dashboard video in the QualysGuard Policy Compliance Video Series.

Transporting Policies in Policy Compliance

Have you ever wanted to export a policy from Policy Compliance and import it into another subscription?  Customers with multiple subscriptions and partners have been requesting this capability and with the release of QualysGuard 6.22, their requests have been answered.  With this release, policies can be exported and imported freely.

Why importing and exporting is important?

Policy creation is a key component of Policy Compliance.  It is the policy that sets the expected values to determine overall compliance.  Once a policy is created in a subscription with QualysGuard 6.22, the policy can be easily transported to another subscription and used there.  This makes it easier for partners and customers with multiple subscriptions to fully adopt Policy Compliance.

How to transport policies?

With QualysGuard 6.22, you can now export a policy as an XML file from one subscription and import the policy into another subscription in four easy steps:

  1. Select a policy and click export.
    Policy Export - Large
  2. Save the XML file to your computer.
  3. In another subscription, select New, Import Compliance Policy, Import from XML file.
    Policy Import - Large
  4. Select the XML file on your computer.

New possibilities for sharing policies

In addition to transporting policies for partners and customers with multiple subscriptions, this new capability provides new possibilities for customers to share policies with each other.  It also allows Qualys to share new policies with customers and prospects quickly before they become available in the import library.  Adding policies to the import library requires thorough testing prior to upload.  However, this new feature will allow us to share these policies prior to upload, allowing customers to get a head start on policy creation.

To see a demo of this new feature, please vist the Policy Import and Export video in the QualysGuard Policy Compliance Video Series.

Windows Share Enumeration, Detailed Audit Settings, and ExploitKit Mapping

Sometimes it’s the little things that make your day run more smoothly.  The release of QualysGuard 6.19 includes highly-focused new features that add functionality for Windows systems. Also, an update to the Qualys KnowledgeBase identifies vulnerabilities that can be attacked via exploit kits, helping organizations better prioritize patching efforts and protect against vulnerabilities that could be abused via exploit kits.

Windows Share Enumeration: Find Windows shares that are readable by everyone, and report details like the number of files in the share and whether the files are writable. This is good for identifying groups of files that may need tighter access control.

Detailed Audit Settings: Verify auditing subcategory settings introduced in Windows Vista, Windows 7, and Windows Server 2008. You can now check all of the audit logging settings within Windows.

Both of the above features require the new dissolvable agent, which is configured via a new workflow for easier activation.  Details in the 6.19 Notification.

ExploitKit Mapping: If a vulnerability can be attacked via an exploit kit, it should be considered higher priority simply because of the larger number of people who can easily attempt to attack it via the exploit kit. The new ExploitKit Mapping in the KnowledgeBase makes it easier to identify these vulnerabilities and prioritize their remediation.

Improving Policy Editing and Reporting

Ever wonder what 314159265358979 or 161803399999999 stand for in a compliance policy?  You’re not alone.  These special values, known as Pi and Golden Ratio, are used to report specific status conditions within QualysGuard Policy Compliance.  The translation of these special values vary by technology and configuration.  With the release of QualysGuard 6.18, these special values will be converted to check boxes in the policy editor, providing clear translation of these special values.  In addition, policy reports will no longer display these special values; only the translated values.

The Use of Pi and Golden Ratio

Policy Compliance uses two special values to indicate status information about a compliance check, also referred to as a data point. These special values are:

  1. 314159265358979 (the first 15 digits of PI)
  2. 161803399999999 (the first 15 digits of the "Golden Ratio")

These values are highly unique numbers which represent various conditions encountered during scanning.  The status values will have slightly different results according to which technology the control is using.  Valid examples of these special values include, but are not limited to, the following:

  1. Registry key path was not found.
  2. Registry key parameter was not found.
  3. File was not found.
  4. Setting was not found.

Previous Policy Editor and Reports

Previously, these special values would appear in your policies as the expected value for various data point checks. Below are a few examples of the policy editor prior to QualysGuard 6.18:

  1. The first example below uses a complex control to verify the 'Number of days prior to password expiry before a warning is displayed at login'.  Notice the AND condition makes sure that the value is less then Golden Ratio.  Golden Ratio is returned when the setting is not found, and therefore not set.  This additional AND condition is required to prevent false positives, as we do not want to pass the control if the setting is not found.
    Hybrid before Mask Pi-GR
    Figure 1: Complex Control using Golden Ratio
  2. The second example below uses multiple values in the regular expression to verify the startup state of the 'Clipbook' service.  Notice both Pi and Golden Ratio are included in the regular expression.  Pi is returned when the registry key path is not found and Golden Ratio is returned when the registry key parameter is not found, both meaning the service is not installed.  Since the service should be disabled, represented by 4, we should also pass the control if the service is not installed, represented by Pi and Golden Ratio.
    Fixed Values before Pi-GR
    Figure 2: Complex Regular Expression using Pi and Golden Ratio

These special values may also appear in your compliance reports.  We have been converting the actual values to translated values in the reports for several releases, however the expected values may still use Pi or Golden Ratio.

Improved Policy Editor and Reports

With the release of QualysGuard 6.18, the policy editor will start to display Pi and Golden Ratio as check boxes with their translated meanings.  Not all of the controls will be translated initially, as we will be updating the existing controls to use the new feature over time.  However, new controls will be created using this new feature. 

After QualysGuard 6.18, all controls will fall into one of the following categories:

  • Values Only: The control only allows user-customized criteria. User must select the operator, cardinality and enter an expected value. This is how controls work prior to this release.
  • Fixed Values Only: The control only allows fixed value selections. User must select/clear checkboxes.
  • Hybrid: The control allows a combination of user-customized criteria and fixed value selections.

Below are the same samples from above using the new feature in QualysGuard 6.18:

  1. The first example below simplifies the control to verify the 'Number of days prior to password expiry before a warning is displayed at login'.  Notice the AND condition has been removed and replaced with check boxes.  These check boxes will allow you to pass the control if the setting is not found.
    Hybrid after Mask Pi-GR
    Figure 3: Hybrid Control using Value and Fixed Values
  2. The second example below converts all values in the regular expression to fixed values to verify the startup state of the 'Clipbook' service.  Notice that all values, including Pi and Golden Ratio, have been converted to check boxes.  By checking the appropriate check boxes, we can now check all conditions of the service.
    Fixed Values after Mask Pi-GR
    Figure 4: Fixed Values Control

Updated compliance reports will now display the translated values for the 'Expected' column.  A sample report for the Fixed Values example above is provided below:

Fixed Values Report after Pi-GR

Figure 5: Fixed Values Report

In addition to resolving the translation of Pi and Golden Ratio, we also improved the layout of the policy editor and reports.  We added shading to both the policy editor and reports to highlight the values associated with each control.  We also added auto-sized text boxes in the policy editor to make it easier to see larger strings of text, especially for file integrity hashes.

Demo

To see a demo of this new feature, please view the Improved Policy Editor and Reporting Demo.