Qualys list_scans command to retrieve scan metadata from VMDR, WAS, Container Security, and Total Cloud modules with filtering by date range and optional JSON export
Qualys diagnostics script enhancements to include scan and report listing validation for all four main Qualys services
Changed
Prisma Cloud CSV import modernized to use Scanner Integration framework with shared models and automatic deduplication
Prisma Cloud integration now supports optional software inventory processing with --enable-software-inventory flag
Config updates to improve support and functionality
Fixed
Prisma Cloud OS version parsing regex backtracking vulnerability replaced with safer lookahead assertions and explicit character classes
Config fixed an issue where merge config would overwrite values with defaults
Qualys Policy Compliance integration with three new commands for policy management
list_policies: List all policies from Qualys Policy Compliance with framework and control count
export_policy: Export individual policies to JSON format for backup or review
import_policy: Import Qualys policies into RegScale Security Plans or Components as Policy objects
AWS Audit Manager control ID matching for non-NIST frameworks
Fixed
Minor Bug fixes to Axonius Integration
AWS IAM evidence collection now properly creates assets for compliance tracking
QRadar query_events evidence filenames now use full date-time format (YYYYMMDD_HHMMSS) instead of date-only format for better traceability and to prevent file overwrites
Evidence record titles now include full date-time format (YYYY-MM-DD HH:MM:SS) instead of date-only or missing timestamps for better traceability
QRadar query_events evidence titles now include full timestamp
QRadar sync_events evidence titles now include time component
AWS evidence generators (Audit Manager, Config, GuardDuty, IAM, KMS, Organizations, SecurityHub) now include time component
AWS sync_findings_and_assets command now supports --force-refresh flag to bypass 8-hour inventory cache
AWS Audit Manager evidence collection NameError for undefined scan_date variable in _upload_consolidated_evidence
QRadar query_events timeouts now treated as failed queries (no results found) instead of raising exceptions
Qualys Policy Compliance integration with three new commands for policy management
list_policies: List all policies from Qualys Policy Compliance with framework and control count
export_policy: Export individual policies to JSON format for backup or review
import_policy: Import Qualys policies into RegScale Security Plans or Components as Policy objects
AWS Audit Manager control ID matching for non-NIST frameworks
Fixed
Minor Bug fixes to Axonius Integration
AWS IAM evidence collection now properly creates assets for compliance tracking
QRadar query_events evidence filenames now use full date-time format (YYYYMMDD_HHMMSS) instead of date-only format for better traceability and to prevent file overwrites
Evidence record titles now include full date-time format (YYYY-MM-DD HH:MM:SS) instead of date-only or missing timestamps for better traceability
QRadar query_events evidence titles now include full timestamp
QRadar sync_events evidence titles now include time component
AWS evidence generators (Audit Manager, Config, GuardDuty, IAM, KMS, Organizations, SecurityHub) now include time component
AWS sync_findings_and_assets command now supports --force-refresh flag to bypass 8-hour inventory cache
AWS Audit Manager evidence collection NameError for undefined scan_date variable in _upload_consolidated_evidence
QRadar query_events timeouts now treated as failed queries (no results found) instead of raising exceptions
Qualys Policy Compliance integration with three new commands for policy management
list_policies: List all policies from Qualys Policy Compliance with framework and control count
export_policy: Export individual policies to JSON format for backup or review
import_policy: Import Qualys policies into RegScale Security Plans or Components as Policy objects
AWS Audit Manager control ID matching for non-NIST frameworks
Fixed
Minor Bug fixes to Axonius Integration
AWS IAM evidence collection now properly creates assets for compliance tracking
QRadar query_events evidence filenames now use full date-time format (YYYYMMDD_HHMMSS) instead of date-only format for better traceability and to prevent file overwrites
Evidence record titles now include full date-time format (YYYY-MM-DD HH:MM:SS) instead of date-only or missing timestamps for better traceability
QRadar query_events evidence titles now include full timestamp
QRadar sync_events evidence titles now include time component
AWS evidence generators (Audit Manager, Config, GuardDuty, IAM, KMS, Organizations, SecurityHub) now include time component
AWS sync_findings_and_assets command now supports --force-refresh flag to bypass 8-hour inventory cache
AWS Audit Manager evidence collection NameError for undefined scan_date variable in _upload_consolidated_evidence
QRadar query_events timeouts now treated as failed queries (no results found) instead of raising exceptions
Add Container Security integration to sync_qualys command with --include-containers flag supporting mode-aware issue consolidation (Consolidated vs Per-Asset)
WAS (Web Application Scanning) integration to sync_qualys command with --include-was flag
HTTP Basic Auth for WAS API with pagination and threading support
Mode-aware deduplication (Consolidated vs Per-Asset)
OWASP category mapping and WAS-specific fields (URL, parameter, HTTP method)
31 comprehensive unit tests with 100% pass rate
Uses dateutil for robust datetime parsing
Proper error handling with warnings for unexpected data types and duplicates
QRadar query_events now supports flexible field querying (not just AWS Account ID)
New CLI options: --query-field, --query-value, --time-window-hours for flexible querying
Can now query by username, IP address, or any QRadar field (not just AWS Account ID)
Backward compatible: --account-id still works and maps to AWS Account ID query
Introduced QRadarQueryConfig and ControlAssessmentContext data classes for type safety
Assessment descriptions now generic (e.g., "username: jdoe" instead of hardcoded "AWS Account")
Improved data validation and parameter cohesion
Created constants.py module to centralize configuration constants for better maintainability
Replaced hardcoded strings throughout with named constants (ASSESSMENT_RESULT_PASS, ASSESSMENT_RESULT_FAIL, etc.)
Reduced cognitive complexity from 16 to 5 by extracting helper functions
GCP Security Command Center Integration
Asset Collection: Collects inventory for compute, storage, database, and more.
Findings & Vulnerabilities: Fetches SCC findings, parses for multi-framework mapping, and syncs vulnerabilities.
Compliance Integration: Maps findings to frameworks (NIST, CIS, FedRAMP, PCI-DSS, SOC2) and updates control status.
Evidence Collection: Automates evidence gathering per service.
Fixed
QRadar query_events now creates assessments with descriptive text and properly links evidence to both control-level and SSP-level assessments for complete visibility
Changed QRadar query time window from 24 hours to 8 hours for more accurate recent event assessment
Reduce complexity in Qualys inner_join function by extracting helper functions
Fixed critical KeyError: 'domain' crash affecting all Automation Manager integrations in RegScale
Added defensive config access in APIHandler to prevent KeyError crashes
Implemented JSON validation in decryption flow to handle malformed decrypted config
