This new release of the Qualys Cloud Platform (VM, PC), version 8.16, contains several new improvements in Qualys Vulnerability Management and Qualys Policy Compliance, which includes new password security option, increased limit for virtual hosts that can be added to a subscription, added support for Scanning ESXi Hosts on vCenter, and more.
Read on for release highlights.
Qualys Cloud Platform
- New Password Security Options We’ve added several new password security options to enforce a strong password policy. Go to Users > Setup > Security to set password requirements for all users in the subscription.
- By default, you cannot reuse any of your last 13 passwords, but this option will become configurable in a future release.
- We are also enforcing a special characters requirement, by default, but this option too will become configurable in a future release.
- Enforced retention of scan/map results – This release enforces retention policy for scan/map results. Users can no longer clear (un-check) the Automatically delete scan/map results options.
- Asset search: New filter for last SCAP scan date – Users can now search for assets based on the last scanned date for SCAP compliance.
- Scanner Appliances List – Renamed ID column to personalization code – On the Appliances list, the ID column has been renamed to Personalization Code to make it easier to identify the personalization code after adding a virtual scanner.
- New search filters to search for scanners – Two new filters – Scanner Type and Platform Provider – have been added in the Appliances tab to improve scanner search capability.
Qualys Vulnerability Management (VM)
- Virtual Host Limit Increased – The number of virtual hosts you can add to your subscription increased from 1024 to 5000.
- Quick Start Guide UI updates – Users will now receive updates to the Quick Start Guide page, such as new links to video transcripts, VM community and self-paced trainings.
Qualys Policy Compliance (PC/SCAP/SCA)
- Support for Scanning ESXi Hosts on vCenter – UI changes have been added to enhance the feature for better usability.
- Apache Tomcat 9.x Support – This release adds support for Tomcat Server authentication to include Apache Tomcat 9.x for Windows and Unix.
- IBM HTTP Server 9.x Support – This release adds support for Apache Web Server authentication to include IBM HTTP Server 9.x.
- OS Authentication Based Instance Technology Discovery – Users can now collect technology data using the underlying OS technology instance without creating authentication records.
- New Technologies Supported for Windows UDCs – UDC support for Windows has been extended to include Windows Embedded 7, 8 and 8.1.
- Auto Update Expected Values from Agent Scans – Users can now choose to update a control’s expected values with the actual values collected from each cloud agent scan.
- New Instance column in STIG Report CSV – Users can now include the host instance in the STIG report by selecting “Instance” in the STIG report template.
For more details about the above features, please review the release notes.
- Qualys Cloud Platform 8.16 (VM/PC) API notification 1
- Qualys Cloud Platform 8.16 (VM/PC) API notification 2