Yes, you can import and export user defined controls in XML format. Learn more
We automatically assign a unique control ID (CID) to each user-defined control, starting at 100000. For example, if you added 2 user-defined controls they would have the CIDs 100000 and 100001.
Creating controls using the UI: If a control exists in your account with the same scan parameters as a control you are adding, you'll be prompted to either assign the description in the existing control to the new control or to overwrite it. If you overwrite it, all controls with the same scan parameters will be updated with the new description.
Importing controls from XML: If a control exists in your account with the same scan parameters as controls being imported, we assign the DESCRIPTION parameter of the existing control to the DESCRIPTION parameter of all imported controls with the same scan parameters.
The scan parameters are used to gather data needed for compliance evaluation at scan time. Scan parameters differ for each control type. Learn more
The data type is the type of data that's returned by scans for a control, These data types vary by control type:
Boolean - Returns a True or False value.
String - Returns a string value.
String List - Returns a list of string values
Line List - Returns a list of line values
Integer - Returns an integer (whole number) value.
For File and Directory Integrity Checks, the hash type identifies the algorithm to be used for computing the file hash. The supported hash types are: MD5 (insecure competitive matching only) 16-byte digest, SHA1 (insecure competitive matching only) 20-byte digest, and SHA256 (Secure) 32-byte digest.
A registry hive is a top level registry key predefined by the Windows system to store registry keys, subkeys and values for specific objectives. All registry hives begin with HKEY and appear as file folders at the top level on the left hand side of the Registry Editor window.
These common hives are supported:
This hive contains information about registered applications, such as Associations from File Extensions and OLE Object Class IDs tying them to the applications used to handle these items. The information stored here ensures that the correct program opens when you open a file by using Windows Explorer. HKEY_CLASSES_ROOT is a subkey of HKEY_LOCAL_MACHINE\Software.
This hive contains the root of the configuration information for the user who is currently logged on. The user's folders, screen colors, and Control Panel settings are stored here. This information is referred to as a user's profile. HKEY_CURRENT_USER is a subkey of HKEY_USERS.
This hive contains the root of all user profiles on the computer.
This hive contains configuration information particular to the computer. The information stored here is general to all users on the computer.
A registry key appears as a file folder on the left side of the Windows Registry Editor window. Registry keys may contain registry sub-keys, which are keys within a key.
A registry value is a string of data that appears on the right side of the Windows Registry Editor window for a selected key. A value entry has three parts: name, data type and the value itself. The name of the registry value is the part you want to enter in the Scan Parameters section. Note that you'll enter the expected value associated with the name in the Control Technologies section (after you've saved the scan parameters). A different expected value may be entered for each technology the control applies to.
The registry value name is optional when defining scan parameters for a registry value content check. If you do not specify a registry value name, then the service will check the content of the default value for the specified registry key. The default value appears as (Default) in the Name column in the Registry Editor window.
A Unix File Content Check control includes 2 regular expressions:
- The first is entered in the Scan Parameters section and is used to filter results on the target file/directory at the time of the scan. This regular expressions must follow "Basic Regular Expression (BRE)" standard as supported by a "grep" command on specific Unix platforms.
In case you are scanning the same host using the scanner and the agent, you might get different compliance results. Agent supports the regex match on multiline text, whereas the scanner supports single line regex match. To get the same scan results, you can modify the regular expression in the Scan Parameters section to support single line regex match only.
- The second is entered as the default value in the Control Technologies section and is used to perform the pass/fail evaluation of the returned results. This regular expression must follow "Perl Compatible Regular Expressions (PCRE)" standard.
View sample controls
Yes, these four system variables are supported:
%SystemRoot% %windir% %ProgramFiles% %CommonProgramFiles%
You can set the remediation information for each user-defined control. In order to view the remediation information in reports, you must enable the Remediation Info options in the policy compliance template. You'll see N/A in the reports when no remediation information is available.
(Applicable to File Integrity Check, Directory Integrity Check)
There is a difference in how a digest of an empty file is calculated on Windows and Unix. On Windows the control does not return a digest on an empty file (calculates buffer size 0 and no digest is generated). On Unix a native digest command produces a digest on an empty file (i.e. digest of paddingblock).The difference between Windows and Unix means you’ll get different results when you change the digest algorithm in control settings (e.g. SHA-256 to MD5). Unix will return a Fail with a changed digest, and Windows will return Pass as no change is detected.
(Applicable to File Integrity Check, Directory Integrity Check)
When the Use scan data as expected value option is enabled, the control returns Pass from the 1st scan of a target system. After that Pass/Fail status is calculated by comparing the expected and actual values (digest values).
After you create a user-defined control, Qualys Cloud Agent immediately picks it up for scans. This is what we call the first scan. If you add that control to a Policy after this first scan, and run the policy scan, control evaluation for the Use scan data as expected value fails. To get the evaluation as 'Passed,' you must wait for the next scan to be completed to get the expected posture evaluation.