Enterprise TruRisk™ Platform Release 10.34.1
June 4, 2025
Update - Qualys Policy Audit
We have rolled out Policy Audit (PA) in the latter half of May 2025! Policy Audit - a tool that automates every stage of the audit process and enables you to be continuously audit ready. Once you access Policy Audit, you can tackle complex audits with continuous monitoring, automated remediation workflows (add-on), and risk-based insights – all in a single platform.
You can switch to Policy Audit by selecting 
(Help) > Switch to PA.
The Switch to PA option is available only for Manager users.
Refer to the following blogs for more insights in Policy Audit:
- Introducing Qualys Policy Audit, the New Standard for Audit Readiness
- Simplifying DORA Compliance with the Qualys Enterprise TruRisk Platform
- Building Confidence in Cyber Essentials Compliance with Qualys Policy Audit
Policy Audit Documentation
The documentation for Policy Audit can be found on the Qualys Documents page. The section has the following documents:
Online Help - Refer to the product documentation for Policy Audit to get comprehensive guidance on new features and functionalities. It will provide step-by-step instructions and resources to help you maximize the benefits of the updated features and functionalities.
API User Guide - The API User Guide explains how to use and integrate APIs associated with Policy Audit. It provides instructions and explanations about the API that ensure you can understand and utilize it effectively.
Release Notes (Coming Soon) - Policy Audit release notes will be available for upcoming releases, such as Policy Audit 1.1.0, Policy Audit 2.0.0, Policy Audit 3.0.0, and so on.
Qualys Vulnerability Management (VM)
General Availability of TruRisk Reports
Qualys TruRisk™ Report provides a clear and actionable assessment of your enterprise's security posture, highlighting critical vulnerabilities and risks while offering strategic guidance for their mitigation. It prioritizes vulnerabilities and assets based on the risk it poses to your infrastructure. It accurately quantifies cyber risk to reduce exposure, track risk reduction trends, and enhance the cyber security program's effectiveness.
To generate, view, and manage TruRisk reports under the Reports tabs, the following prerequisites must be met:
- VMDR is enabled for your account.
- Account must be of a Manager-user.
For more details on the TruRisk report, refer to the New Report: TruRisk section in VMDR Release 2.4 Release Notes.
Issues Addressed
The following reported and notable customer issues are fixed in this release:
| Component/Category | Application |
Description |
| VM - Reports General | Vulnerability Management | When the users tried to generate host-based/scan-based VMDR reports, the report was not generated as the tags were selected in the scan report template. Relevant code changes have been made to fix the issue. |
| VM - Knowledge Base | Vulnerability Management | When the users executed a KnowledgeBase API /api/2.0/fo/knowledge_base/vuln/, it was observed that the closing </VULN_LIST> tag was missing in the API output. Relevant code changes have been made to resolve the issue. |
| VM - ASR | Vulnerability Management | When the users tried to generate an Asset Search Report by selecting only the DNS hostname, the report did not display the assets. When the asset Group contains only the DNS hostnames, the sub-users assigned to those groups are not able to access the associated hosts, as the Asset Group is determined based on IP addresses. This is as per the design. We have now documented in the Online Help. |
| VM - Host Based Report | Vulnerability Management | When the users generated a host-based report, data discrepancy was observed in the report generated from the template designed to exclude the vulnerabilities with a QID value below 50. The excluded vulnerabilities were still displayed in the generated report with a blank QDS score value. Relevant code changes have been made to fix the issue. |
| VM - Activity logs | Vulnerability Management | When the users tried to search for API calls performed by a specific user under the API process (VMDR > Users > Activity Log > Filters > Recent API Calls) by providing a username and incident signature, the search filter was not providing the expected result. Relevant code changes have been made to fix the issue. |
| VM - Scan UI | Vulnerability Management | When the users tried to replace the old EC2 scanner with the new EC2 scanner, an error was encountered, and were not able to replace the EC2 scanner on the UI. Relevant code changes have been made to fix the issue. |
| PC - API | Policy Compliance | When the users executed posture info API /api/2.0/fo/compliance/posture/info/ by providing the DNS Hostnames in the Asset Group, the API did not return any posture data for the policy that included DNS hostnames. Relevant code changes have been made to fix the issue. |
| PA / PC - API | Policy Compliance | When the users tried to fetch the policy list API /api/2.0/fo/compliance/policy/index.php, an error was encountered in the Service Now Integration. Relevant code changes have been made to fix the issue. |