This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. (This posting has been updated on 9/6/2017 to reflect new feature capabilities in the release, as noted below.)
- Cloud Agent Download Results – search results in the Cloud Agent user interface can be downloaded to a file similar to AssetView download results providing offline analysis of Cloud Agent deployments
- New Bulk Actions – bulk actions against Cloud Agent search results are moved to the Actions button similar to AssetView bulk actions. New actions allow users to Add Tags and Assign Config Profiles directly to all agents in search results.
- Search Queries using AWS Metadata from EC2 Connector – identity and metadata from AWS instances collected by the EC2 Connector can be searched in AssetView using new search tokens, including: aws.ec2.accountId, aws.ec2.availabilityZone, aws.ec2.hostame, aws.ec2.instanceState, aws.ec2.instanceType, aws.ec2.instanceId, aws.ec2.vpcId, and more.
- For a full list of search tokens, search for “aws.ec2” in AssetView or refer to the updated Online Help.
- This is an updated new feature announcement.
- Dynamic Tag Support for AWS EC2 Metadata – dynamic tags now support EC2 metadata attributes for assets as collected by the EC2 Connector
Web Application Scanning
- Bugcrowd Integration – with this release mutual customers of Qualys WAS and Bugcrowd can now bidirectionally import Bugcrowd findings into the Qualys WAS portal enabling the one stop visual interpretation of automated scan findings combined with manual researcher findings and also export WAS findings to Bugcrowd’s Crowdcontrol to reduce overhead
- Upgraded Detection Tab – new dedicated top-level and upgraded Detections tab for a central area for application security vulnerability detections, management and information
- Normalization of Date/Time Format in CSV Reporting – previously CSV reports in Qualys WAS had the date/time in Zulu format. With this release Qualys has normalized the date/time format to be consistent with other reports and is presented with the respective GMT.
Web Application Firewall
- Custom Rule “DETECT” – a new custom rule operator, “DETECT”, gives users the ability to create a virtual patch for any QID. Custom Response Pages can be called by custom rules, providing the flexibility to adapt responses for desired conditions.
Security Assessment Questionnaire
- Enhanced Tagging for Grouping Respondents – tagging can be used to group respondents
- Separate Reviewers – assign separate reviewers for sections and sub-sections
API updates are also included with this release:
The specific day for deployment will differ depending on the platform. Release Dates will be published on the Qualys Status page when available.
For more details about the above features – please review the release notes. Release notes will be posted as soon as they are available on the Qualys Suite Release Notes page.