KSA Platform 1: Connectivity Issue Affecting Multiple Modules Partially [IM-12541]

Incident Report for Qualys, Inc.

Resolved

This incident has been resolved.

Posted Mar 13, 2026 - 02:28 PDT

Monitoring

A fix has been implemented and we are monitoring the results.

Posted Mar 12, 2026 - 20:32 PDT

Update

We are continuing to investigate this issue.

Posted Mar 12, 2026 - 14:51 PDT

Investigating

Qualys Cloud Platform Operations is investigating an issue causing delays in displaying agent and sensor scan data in the UI on the Qualys KSA Platform 1.

The functionalities for the following modules might be impacted.
VM/PC/Cloud Agent: Communication between agents may experience disruptions, preventing delta processing, which results in VM/PC scans not occurring.
CSAM: Large messages related to SWCA events may experience delays in processing
CertView: CertView Scans Impacted
Patch Management: The workflows for PM, MTG, and ISL jobs, including report generation and downloads, may be affected.
Container Security: After scanning, the snapshot will not be uploaded for further scanning using the delta processor.
QGS/CAMS: Customers may encounter issues when attempting to upload or download custom certificates and appliance images.
ETM: The generation of API and Purge reports will not work.
WAS: Reporting functionalities may experience disruptions.
FIM: FIM events and audit data might not be visible.
PCRS: PCRS reporting will be impacted.
Total Cloud: Job managers are unstable, leading to processing delays. This will cause a queue of connectors in both the TC and Connector modules.
SEM: Updated values will not be reflected in the UI; lag increases, and vulnerability details will not be updated.
CAR: There will be breaks in script content, output, asset job results, and the script details page.
Custom QID detections in the VMDR UI will be visible.
Alerting: Alerts may not trigger as expected when events match for all modules utilizing the alerting services.
Reporting: Customers may face challenges when uploading and downloading reports for modules using the RSV2 reporting service, and notifications for these reports will not be sent.
Audit-log-service: Uploading and downloading audit log reports will not work.
OCA: Delta processing will be paused, and the last scan date will not update.
CIPS: Customers using the CIPS service will be affected and will not see the data.
EDR: There will be a delay in EDR and MITRE events because Flink checkpoints are currently failing. As a result, EDR Forensic functionality will also be impacted.

We will provide further updates as they become available.

Ticket reference for this incident is IM-12541

Posted Mar 12, 2026 - 14:42 PDT

This incident affected: KSA Platform 1 (Global AssetView (GAV) /CyberSecurity Asset Management (CSAM), CertView (CERT), Total Cloud, Container Security (CS), File Integrity Monitoring (FIM), Patch Management (PM), Policy Audit (PA), Qualys Gateway Service (QGS), Vulnerability Management (VM), Custom Assessment and Remediation (CAR), Endpoint Detection and Response (EDR), Out-of-Band Configuration Assessment (OCA)).