Page Comparison

GenericList API - 09:20 UTC

Type: New Managed Lists
Description:  Added new Managed List for AccountIds by plarform
Known limitations: N/A 
Case ID: DFR-963
Affected Components: 

Compliance Rulesets Update - 12:23 UTC

Type: Bug Fix
Description: Fixed email attached links to CloudGuard for Infinity Portal users.
Case ID: DFT-1678
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 12:20 UTC

Type: Improvement
Description: New AWS and GCP rules. A complete list can be found here.
Case ID: DFT-1614
Known limitations: N/A 
Affected Components: 

Compliance Webhook API- 09:20 UTC

Type: Improvement
Description:  Improvements the Webhook integration API
Known limitations: N/A 
Affected Components: 

API- 05:30 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

AWS Permissions Management - 15:00 UTC

Type: Improvement
Description: Infrastructure change for AWS missing permissions management.
Known limitations: N/A 
Affected Components: 

Intelligence - 09:15 UTC

Type: Internal Release
Description: Internal release in preparation for upcoming CIEM feature.
Known limitations: N/A 
Affected Components: 

Intelligence - 09:15 UTC

Type: Internal Release
Description: Internal release in preparation for upcoming support of GCP Account Activity in Intelligence
Known limitations: N/A 
Affected Components: 

Intelligence - 09:15 UTC

Type: Bug Fix
Description: Fixed error messages display in Intelligence
Known limitations: N/A 
Affected Components: 

Intelligence - 09:15 UTC

Type: Bug Fix
Description: Fixed bug when number of events was calculated before all logs were loaded in Intelligence Account Activity and Network Traffic log tables.
Known limitations: N/A 
Affected Components: 

Gcp API - 08:30 UTC

Type: Bug fix
Description: Fix logic relevant to the GcpProject API.
Known limitations: N/A 
Affected Components: 

AWS EMR Cluster - 08:30 UTC

Type: Improvement
Description: Internal improvement.
Known limitations: N/A 
Affected Components: 

Billing Report - 12:00 UTC

Type: Improvement
Description: Billing report - improved export file view. Reports for Azure accounts would be displayed by Resource group.
Case ID: DFT-2119
Known limitations: N/A 
Affected Components: 

Intelligence Rulesets Update - 15:20 UTC

Type: Improvement
Description: Rules fixes, adding new rulesets.
Case ID: N/A
Known limitations: N/A 
Affected Components: 

Compliance API- 13:40 UTC

Type: Improvement
Description: new API - AssessmentHistoryV2/LastAssessmentResults/minimized - for getting last assessment with minimized entities
Known limitations: N/A 
Case ID: DFR-2145
Affected Components: 

API- 12:30 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

Compliance Webhook Integration- 11:15 UTC

Type: Improvement
Description: internal improvement in the compliance Webhook integration
Known limitations: N/A 
Affected Components: 

API- 10:15 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

AWS Inspector - 10:00 UTC

Type: Improvement
Description: Updated regions for data fetching:

• Added data fetching from “eu-west-2“ and “us-gov-west-1“.

• Removed data fetching from “cn-north-1“ and “cn-northwest-1“.

Known limitations: N/A 
Affected Components: 

API- 09:15 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

API- 08:30 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 12:10 UTC

Type: Improvement
Description: New GCP and CFT rules. A complete list can be found here.
Case ID: DFT-1665
Known limitations: N/A 
Affected Components: 

AWS EMR Cluster - 08:15 UTC

Type: Improvement
Description: Internal improvement.
Known limitations: N/A 
Affected Components: 

Intelligence - 17:00 UTC
Type: Improvement
Description: The new Azure Network Traffic onboarding via ARM will only create one Storage Account per region instead of one per NSG in case the NSG flow logs are not yet archived to a Storage Account.
Known limitations: N/A
Affected Components: 

Intelligence - 17:00 UTC
Type: Improvement
Description: Added pre-requisites of NSG flow logs in Version 2 in Azure Network Traffic onboarding.
Known limitations: N/A
Affected Components: 

Intelligence - 17:00 UTC

Type: Bug Fix
Description:  Fixed error in instructions for Azure Account Activity onboarding
Known limitations: N/A 
Affected Components: 

Intelligence - 17:00 UTC
Type: Improvement
Description: Added support for several possible configurations of NSGs and Storage Account in Azure Network Traffic onboarding.
Known limitations: N/A
Affected Components: 

Compliance Engine - 13:30 UTC

Type: Improvement
Description:  Added support for double quotes when using getResource method in GSL.
Known limitations: N/A 
Affected Components: 

Several Data Fetchers - 13:30 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: 

Intelligence - 11:15 UTC

Type: Bug Fix
Description:  Fixed a bug when the logs screen was stuck when an error was returned by the back-end API.
Known limitations: N/A 
Affected Components: 

Intelligence - 11:15 UTC

Type: Bug Fix
Description:  Fixed the date column in network traffic logs to show local time
Known limitations: N/A 
Affected Components: 

Intelligence - 11:15 UTC

Type: Bug Fix
Description:  Fixed a bug where number of items was not shown in log tables.
Known limitations: N/A 
Affected Components: 

Intelligence - 11:15 UTC

Type: Bug Fix
Description:  Fixed a bug regarding the timeline in the activity and traffic explorers when there is a big amount of data.
Known limitations: N/A
Affected Components: 

Compliance API- 13:30 UTC

Type: Bug Fix
Description:  Fix Posture finding clearance on Policy deletion.
Known limitations: N/A 
Case ID: DFT-1439
Affected Components: 

Billing Report - 10:30 UTC

Type: Improvement
Description:  Add normalized column to the exported file.
Known limitations: N/A 
Affected Components: 

Compliance Engine- 10:00 UTC

Type: Improvement
Description:  Internal improvements.
Known limitations: N/A
Affected Components: 

Compliance API- 13:30 UTC

Type: Bug Fix
Description:  Fix Posture finding clearance on Policy deletion.
Known limitations: N/A 
Case ID: DFT-1439
Affected Components: 

Billing Report - 10:30 UTC

Type: Improvement
Description:  Add normalized column to the exported file.
Known limitations: N/A 
Affected Components: 

Compliance Engine- 10:00 UTC

Type: Improvement
Description:  Internal improvements.
Known limitations: N/A
Affected Components: 

Intelligence - 16:30 UTC

Type: Improvement
Description:  Internal deployment
Known limitations: N\A
Affected Components:  

GCP Log Based Metric - 14:15 UTC

Type: New Entity
Description:  Added support for GCP Log Based Metric in the compliance engine and protected assets.
Known limitations: N\A
Affected Components:  

GCP Alert Policy - 14:15 UTC

Type: New Entity
Description:  Added support for GCP Alert Policy in the compliance engine and protected assets.
Known limitations: N\A
Affected Components:  

Several Data Fetchers - 14:15 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: 

Azure Databricks Workspace - 14:15 UTC

Type: New Entity
Case ID: DFR-2127
Description:  Added support for Azure Databricks Workspace in the compliance engine.
Known limitations: N\A
Affected Components:  

Azure SQL DB and Azure Data Warehouse - 14:15 UTC

Type: Improvement
Description: Added property ‘resourceGroup’ in Azure SQL DB and in Azure Data Warehouse model in compliance and protected assets.
Known limitations: N/A 
Affected Components: 

AWS Network Interface - 14:15 UTC

Type: Bug Fix
Description: Fix missing subnetId property in AWS Network Interface model in compliance and protected assets.
Case ID: DFT-1601
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 13:45 UTC

Type: Improvement
Description: The new release of the GCP CIS v1.1, the GCP CIS v1.2 and the AWS MITRE ATT&CK rulesets. New GCP and CFT rules. A complete list can be found here.
Case ID: DFT-1535
Known limitations: N/A 
Affected Components: 

API- 07:15 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

Protected Assets - 13:00 UTC

Type: Improvement
Description: Internal change for error handling in the protected assets service.
Known limitations: N/A 
Affected Components: 

AWS Glue Connection - 15:00 UTC

Type: Fix
Description: Remove unsafe password data from protected assets and compliance engine.
Known limitations: N/A 
Affected Components: 

AWS EMR Cluster - 14:45 UTC

Type: Improvement
Description: Internal improvement.
Known limitations: N/A 
Affected Components: 

GCP VM Instance - 12:45 UTC

Type: Fix
Description: Fix missing Firewall inbound\outbound rules in protected assets and compliance engine..
Case ID: DFT-1633
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 11:15 UTC

Type: Improvement
Description: The new release of the Azure CIS v1.3.1 ruleset. New AWS, GCP and CFT rules. A complete list can be found here.
Case ID: -
Known limitations: N/A 
Affected Components: 

Billing Report - Export Improvement 15:00 UTC

Type: Improvement
Description:  Billing report export cosmetic improvements.
Case ID: DFT-1638
Known limitations: N/A 
Affected Components: 

Billing Report 13:00 UTC

Type: Bug Fix
Description:  Billing report export improvement.
Case ID: N/A 
Known limitations: N/A 
Affected Components: 

Compliance Notification API- 14:50 UTC

Type: Bug Fix
Description:  Fix create Notification with null WebhookPayloadFormat
Case ID: DFT-1638
Known limitations: N/A 
Affected Components: 

Compliance - 14:30 UTC

Type: Improvement
Description:  Internal Compliance pipeline improvement
Known limitations: N/A 
Affected Components: 

Compliance API- 09:30 UTC

Type: Improvement
Description:  Change AssessmentHistoryV2/csv/{assessmentResultId} API on GCP Assessment to return ProjectNumber instead of ProjectId
Case ID: DFT-1378
Known limitations: N/A 
Affected Components: 

API- 07:30 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

Dashboard - Refactor Kubernetes Image Assurance Policy APIs15:00 UTC
Type: Improvement
Description:

• Released new APIs for ImageAssurance Policy that use a clearer and more organized flow. Relevant APIs

  • KubernetsImageAssurancePolicy

  • ContainerRegistryImageAssurancePolicy (Container Registry is still in EA)

Known limitations: N/A
Affected Components: 

Dashboard - 13:00 UTC
Type: Bug Fix
Description: Trying to create a widget dashboard of type “Trend Change Summary” or “Trend Line With Change Summary” did not work.
Known limitations: N/A
Affected Components: 

Compliance Engine - 10:00 UTC
Type: Improvement
Description: Internal change in the external findings mechanism to improve performance in the compliance engine.
Known limitations: N/A
Affected Components: 

Cloud Instance API - 10:00 UTC
Type: Improvement
Description: CloudInstance API performance improvement.
Known limitations: N/A
Affected Components: 

Intelligence - 10:15 UTC
Type: Bug Fix
Description: Fixed an issue with the way Intelligence rules were presented in the CloudGuard Portal
Known limitations: N/A
Affected Components: 

Intelligence - 10:15 UTC
Type: New Feature
Description: Added ability to group and sort in Account Activity and Network traffic log tables.
Known limitations: N/A
Affected Components: 

Assessment History - Adding entity links to the report - 14:30 UTC

Type: Bug Fix
Description: Adding links to each entity no matter if it passed or fail.
Case ID: DFT-1623, DFT-1588
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 14:15 UTC

Type: Improvement
Description: New AWS and CFT rules. A complete list can be found here.
Case ID: -
Known limitations: N/A 
Affected Components: 

Compliance API - 12:30 UTC

Type: Bug Fix
Description: Fixed a bug with license activation
Case ID: DFT-1619
Known limitations: N/A 
Affected Components: 

Compliance API - 12:30 UTC

Type: Improvement
Description: Added Cloudbot section to Ruleset API
Known limitations: N/A 
Affected Components: 

Intelligence - 8:15 UTC

Type: Bug Fix
Description: Fixed an issue where a few deprecated rules were still displayed in the portal.
Known limitations: N/A 
Affected Components: 

AWS EMR Cluster - 14:30 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: 

Clarity & GcpPubSub APIs - 13:45 UTC
Type: Improvement
Description: Internal improvements for the following calls:
Clarity API → google-security-groups & google-networks
GcpPubSub API → topics by cloudAccountId
Known limitations: N/A
Affected Components: 

Azure Entities - 13:45 UTC
Type: Improvement
Case ID: DFR-2090
Description: Added support for all types of service tags in networkSecurityGroup's inboundRules.source\outboundRules.Destination field in protected assets and compliance engine for the following Azure entities:
SqlServer, RedisCache, StorageAccount, Subnet, NetworkSecurityGroup, LoadBalancer, VirtualMachine, Vnet & NetworkInterface.
Known limitations: N/A
Affected Components: 

Compliance API - 14:00 UTC

Type: Improvement
Description: Improve exclusion mechanism to support faster findings exclusion
Known limitations: N/A 
Affected Components: 

API- 12:00 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: 

Intelligence - 16:45 UTC
Type: Bug Fix
Description: Fixed a bug where the time range selected was being changed when moving between Activity and Traffic Explorer.
Known limitations: N/A
Affected Components: 

Registration Page - Improved error messages - 13:30 UTC
Type: Improvement
Description: Added human readable error messages to the registration page.
Known limitations: N/A
Affected Components: 

Cloud IAM Role API - 12:30 UTC
Type: Improvement
Case ID: DFT-1590
Description: CloudIamRole API performance improvement when passing ‘roleArns’ as parameter.
Known limitations: N/A
Affected Components: 

Intelligence - 12:30 UTC

Type: Bug Fix
Description: Fixed bug where Intelligence rulesets were not shown in the portal if no account was onboarded to CloudGuard.
Known limitations: N/A
Affected Components:

AWS Inspector - 12:30 UTC

Type: Improvement
Description: Update list of supported regions.
Known limitations: N/A
Affected Components:

AWS EMR Cluster - 11:45 UTC

Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components:

Compliance Rulesets Update - 11:00 UTC

Type: Improvement
Description: The first release of the Azure ITSG-33 ruleset, rules fixes. A complete list can be found here.
New CloudBots were added. AWS CFT rules were added to the GSL website.
Case ID: DFR-1257
Known limitations: N/A 
Affected Components: 

AWS API Gateway - 11:45 UTC

Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components:

Azure Resource Group - 09:45 UTC

Type: Improvement
Description: Show also inherited locks (from subscription) for a resource group in protected assets and compliance engine.
Case ID: DFT-1456
Known limitations: N/A 
Affected Components: 

GCP API Key - 09:45 UTC

Type: New Entities
Description: Added support for GCP API Key in protected assets and compliance engine.
Known limitations: N/A
Affected Components:    

CloudRoute53HostedZone & CloudRoute53RecordSetGroup API - 08:30 UTC

Type: Improvement
Description: Added new APIs for AWS Route53 Hosted Zones & AWS Route53 Record Set Groups.
Case ID: DFR-2123
Known limitations: N/A 
Affected Components: 

Cloud IAM Policy API - 13:00 UTC
Type: Improvement
Case ID: DFT-1590
Description: CloudIamPolicy API performance improvement when passing ‘roleArns’ as parameter.
Known limitations: N/A
Affected Components: 

Intelligence - 11:30 UTC
Type: Bug Fix
Description: Fixed issue in GSL with NOT operator
Known limitations: N/A
Affected Components: 

New agents and Helm chart - 2.8.0 released - 12:00 UTC
Type: New Feature
Description:

• New Image Assurance agent, version 2.0.0: Add support for ACR scanning.

• New Admission Control Policy agent version 1.0.1, Enforcer agent version1.2.2: Collect data on historical API calls for improved verification (validate Admission Control rules based on operation history).

• Address Helm install warnings by removing deprecated Kubernetes objects.

Known limitations: N/A 
Affected Components:  

Intelligence - 17:30 UTC
Type: Improvement
Description: Internal improvements

Known limitations: N/A
Affected Components: 

Compliance API - 17:30 UTC
Type: Improvement
Description: Improve IAC Assessments result

Known limitations: N/A
Affected Components: 

Enrichment Engine - 15:00 UTC
Type: Bux Fix
Description: Fixed issue with Security Group enrichment

Known limitations: N/A
Affected Components: 

New Early Availability Helm chart released - 2.8.0: ACR scan support, Admission Control assessment history, improvements for k8s 1.19+ - 13:30 UTC
Type: New Feature
Description:

• Image Assurance 2.0.0: add ACR scan support

• Admission Control policy 1.0.1, Admission Control enforcer 1.2.2: collect data for improved verification

• Remove deprecated objects referenced to remove warnings during deployment.

Known limitations: N/A
Affected Components: 

Block misconfigured Kubernetes environments - clusters that are onboarded multiple times using the same ClusterID - 13:30 UTC
Type: New Feature
Description:

• A detection mechanism for Kubernetes clusters on-boarding misconfiguration is added

• The mechanism detects cases of multiple clusters accidentally onboarded with the same clusterID

• Detection of such an event is presented in Audit Logs and the cluster's status indications

Known limitations: N/A
Affected Components: 

Added ShiftLeft Image entities - 13:00 UTC
Type: New Feature
Description: ShiftLeftImage entities were added to the Protected Assets page and to the API /api/kubernetes/imageAssurance/image/general

Known limitations: N/A
Affected Components: 

New Admission Control use case to address CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of secrets - 12:30 UTC
Type: Enhancement
Description: A security issue was discovered in ingress-nginx (CVE-2021-25742) where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

Added 2 Use-cases:

1. Ingress should not use unsafe annotations

   1. This rule can prevent the exploitation of CVE-2021-25742

2. Ingress Nginx ConfigMap should not use allow-snippet-annotations

   1. This rule can prevent changing the Nginx configuration to be vulnerable to CVE-2021-25742

Known limitations: N/A
Affected Components: 

Improved Workload Protection Audit logs - 12:00 UTC
Type: Enhancement
Description:

• New audit logs for Runtime Protection configuration changes

• New audit logs when enabling/disabling features

• Admission Control audit title “Admission Control Event” changed to “Kubernetes Admission Control”
  Known limitations: N/A
  Affected Components: 

  Status
  title Kubernetes

  Status
  title Runtime protection

  Status
  title Admission Control

Add support for parent process in Runtime Protection rules and exclusions - 11:30 UTC
Type: New Feature
Description: When creating rules and exclusions for Runtime Protection profiles, the users can now set a parent process. This information is also shown in the rules and exclusions tables as well.
Known limitations: N/A
Affected Components: 

Cloud Instance API - 11:00 UTC
Type: Bug Fix
Case ID: DFT-1589
Description: Cloud Instance API bug fix for EC2 classic.
Known limitations: N/A
Affected Components: 

API- 09:00 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected Components: