Update: Also see details on the update to QualysGuard 7.12.
QualysGuard 7.12 will be released in production in the coming weeks and includes enhancements to QualysGuard Vulnerability Management (VM) and Policy Compliance (PC) reports, and API.
Highlights include: new Certificate (SSL) Dashboard, new VM Authentication Report, Test Control function in the Policy Editor, and API enhancements.
QualysGuard VM Enhancements
New Host Certificate Dashboard
New Host Certificate page provides administrators a dedicated dashboard for certificate related information such as certificates by expiration date, by key size, by certificate authority, by port, and self-signed certificates as well as the certificates detail.
By expiration date
By certificate authority
Authentication Report Now Available in VM
You can now run the Authentication Report from the Vulnerability Management (VM) application. This gives you an easy way to verify authentication to your hosts and troubleshoot when authentication was not successful. This report was previously only available in Policy Compliance (PC).
KnowledgeBase Update – Additional Exploitability Information
Qualys will publish exploit information when we know about an exploit and the exploit has not been revealed by any other vendor. When this is the case, you’ll see Qualys listed as the source, as shown in the example below.
QualysGuard PC Enhancements
Policy Editor Improvement – New Test Control Option
You now have the option to run a quick test to see whether a control will pass or fail for a host directly from the Policy Editor. You’ll get the pass or fail status and the actual value based on the last scan of the host. This allows you to modify the control value if needed before saving your policy without the need to generate a compliance report.
Policy Report Update – Evaluation Date Added to CSV Format
When you run or download a Policy Report in CSV format, the host details will now include the evaluation date. The evaluation date represents when the control was last evaluated for the host. Prior to this release, the evaluation date appeared in other report formats but not in CSV.
PC Authentication Report Update – Host Technology Added
The Policy Compliance (PC) Authentication Report tells you whether hosts scanned for compliance passed authentication. With this release, the PC Authentication Report includes the host technology associated with each host instance – this is the technology the host’s operating system is mapped to.
User-Defined Controls – Debian Technologies Added
In this release Debian GNU/Linux 6.x and 7.x have been added to user-defined controls. You can create user-defined controls and set values for these technologies, create policies for these technologies and search for controls defined with these technologies.
QualysGuard Cloud Platform
Scanner Appliance Heartbeat Check Notification Updated
Improvements were made to the Scanner Appliance Heartbeat Check email notification. The email now includes useful troubleshooting information for appliance connectivity issues and instructions on where to find more information about your appliance.
QualysGuard API Enhancements
QualysGuard API Enhancements
Full details about the API feature in QualysGuard 7.12 can be found in the QualysGuard 7.12 API Release Notes.
API Support for QualysGuard Express Lite Users
We are pleased to announce QualysGuard API support for Express Lite users. Now Express Lite users have the ability to use the QualysGuard API to manage scans, assets (IP addresses and domains) and user accounts.
Asset IP – API v2 Enhancements – Ability to add and update IP addresses
The Asset IP API v2 (with the endpoint /api/2.0/fo/asset/ip/) gives you the ability to add IP addresses for scanning to the subscription, and update them. You can choose to add IP addresses to VM and/or PC, depending on your license.
Compliance Posture Info – API v2 Improvements
Using the “Compliance Posture Info” API v2 (with the endpoint /api/2.0/fo/compliance/posture/info/) you have the ability to retrieve batches of compliance posture info records and customize the page size (i.e. the number of posture info records).
Compliance Control – API v2 Improvements
Using the “Compliance Control” API v2 (with the endpoint /api/2.0/fo/compliance/control/) you have the ability to retrieve batches of compliance controls and customize the page size (i.e. the number of control records).
PC Authentication Report – Host Technology Added
With this release, the PC Authentication Report includes the host technology associated with each host instance – this is the compliance technology the host’s operating system is mapped to. We added a new element <HOST_TECHNOLOGY> to the XML output and updated the report DTD. You can download this report in XML format using the QualysGuard user interface.
For details about the release dates and to subscribe to release notifications by email, please see the following: