HomeGuidesAPI ReferenceChangelog
Changelog
Back to All

CLI 6.29.2.0

December 11th, 2025

[6.29.2.0] - 2025-12-11

Added

  • Add Container Security integration to sync_qualys command with --include-containers flag supporting mode-aware issue consolidation (Consolidated vs Per-Asset)
  • WAS (Web Application Scanning) integration to sync_qualys command with --include-was flag
    • HTTP Basic Auth for WAS API with pagination and threading support
    • Mode-aware deduplication (Consolidated vs Per-Asset)
    • OWASP category mapping and WAS-specific fields (URL, parameter, HTTP method)
    • 31 comprehensive unit tests with 100% pass rate
    • Uses dateutil for robust datetime parsing
    • Proper error handling with warnings for unexpected data types and duplicates
  • QRadar query_events now supports flexible field querying (not just AWS Account ID)
    • New CLI options: --query-field, --query-value, --time-window-hours for flexible querying
    • Can now query by username, IP address, or any QRadar field (not just AWS Account ID)
    • Backward compatible: --account-id still works and maps to AWS Account ID query
    • Introduced QRadarQueryConfig and ControlAssessmentContext data classes for type safety
    • Assessment descriptions now generic (e.g., "username: jdoe" instead of hardcoded "AWS Account")
    • Improved data validation and parameter cohesion
    • Created constants.py module to centralize configuration constants for better maintainability
    • Replaced hardcoded strings throughout with named constants (ASSESSMENT_RESULT_PASS, ASSESSMENT_RESULT_FAIL, etc.)
    • Reduced cognitive complexity from 16 to 5 by extracting helper functions
  • GCP Security Command Center Integration
    • Asset Collection: Collects inventory for compute, storage, database, and more.
    • Findings & Vulnerabilities: Fetches SCC findings, parses for multi-framework mapping, and syncs vulnerabilities.
    • Compliance Integration: Maps findings to frameworks (NIST, CIS, FedRAMP, PCI-DSS, SOC2) and updates control status.
    • Evidence Collection: Automates evidence gathering per service.

Fixed

  • QRadar query_events now creates assessments with descriptive text and properly links evidence to both control-level and SSP-level assessments for complete visibility
  • Changed QRadar query time window from 24 hours to 8 hours for more accurate recent event assessment
  • Reduce complexity in Qualys inner_join function by extracting helper functions
  • Fixed critical KeyError: 'domain' crash affecting all Automation Manager integrations in RegScale
    • Added defensive config access in APIHandler to prevent KeyError crashes
    • Implemented JSON validation in decryption flow to handle malformed decrypted config
    • Added multi-tier fallback mechanism (local init.yaml → provided parameters → template) when remote config fetch fails
    • Added REGSCALE_USE_LOCAL_CONFIG environment variable for operator control
    • All Automation Manager Integrations (AWS, CrowdStrike, Wiz, Tenable, Defender, etc.) now start successfully with graceful config fallback