Versions Compared

Old Version 1

changes.mady.by.user Guy Shteinberg

Saved on

compared with

New Version Current

changes.mady.by.user Guy Shteinberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Deployment December 28, 2023

Info

Status
colourGreen
titleFEATURE
DSPM Data Classifications - 11:00 UTC

Description:

  • Added support for Data Classifications in the Compliance Engine for entities: S3Bucket, StorageAccount, CosmosDbAccount, PostgreSQL and MySQLDBSingleServer.

  • The possible values are: PII, PCI, PHI, Credentials, Other.

  • Values are set according to the findings and classifications generated by AWS Macie and Azure Purview services.

Case ID: CNAPP-5975
Known limitations: N/A
Affected Components:

Status
titleDSPM
Status
titleCOMPLIANCE ENGINE

Deployment December 27, 2023

Info

Status
colourGreen
titleIMPROVEMENT
AWS CloudFront - 16:05 UTC

Description: Added new property to the AWS CloudFront entity: ‘WAFGlobalV2 ’.

Case ID: DFR-3079
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
AWS WAF Global V2 - 16:05 UTC

Description: Added support for “AWS WAF Global V2” entity in compliance engine and protected assets.

Case ID: DFR-3079
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
AWS Verified Access Instance - 16:05 UTC

Description: Added support for “AWS Verified Access Instance” entity in compliance engine and protected assets.

Case ID: CNAPP-5858
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
Hide unsupported Azure services in China - 14:30 UTC

Description: Remove from the UI all the Azure services which are not support in China.
Case ID: CNAPP-5258
Known limitations: N/A 
Affected Components:

Status
titleUI

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 12:00 UTC

Description: New Rulesets Australia Essential 8 for AWS and Azure; New Rulesets CMMC 2.0 for AWS and Azure; New Rulesets CRI Profile for AWS and Azure; New Rulesets NY DFS 23 CRR 500 for AWS and Azure; New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5921, DFT-3042
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Info

Status
colourGreen
titleFEATURE
GCP Entities labels are now available in the finding Search API - 09:30 UTC

Description: added GCP entities lables to the finding search API
Case ID: CNAPP-3787, DFR-2052
Known limitations: N/A 
Affected Components:

Status
titleAPI

Info

Status
colourGreen
titleFEATURE
Posture Finding - Added Support for Exclusion By Region - 09:30 UTC

Description: We have added an option to exclude by region, in posture finding exclusion.
Case ID: CNAPP-3487, DFR-3152
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titleFEATURE
Risk Management - Network Exposure - 09:30 UTC

Description: Azure FunctionApp support for Network Exposure in Protected Assets and Compliance Engine.
Case ID: CNAPP-4803
Known limitations: N/A 
Affected Components:

Status
titleRISK MANAGEMENT
Status
titleCOMPLIANCE ENGINE
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Machine Image Details - 8:05 UTC

Description: Added machine image details to the Azure Virtual Machine protected assets API, under “Additional Fields”.

Added a new property to the “VirtualMachine“ entity: 'machineImage.id'

Added a new property to the “VMSSInstance“ entity: ‘machineImage.id’.

Case ID: CNAPP-3135
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Cognitive Search - 8:05 UTC

Description: Added support for Azure Cognitive Search Service in Compliance Engine and Protected Assets.

Case ID: CNAPP-4903
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Virtual Machine Image - 8:05 UTC

Description: Added support for Azure VirtualMachineImage entity in Compliance Engine and Protected Assets

Case ID: CNAPP-4905
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Deployment December 26, 2023

Info

Status
colourRed
titleFIXED
Invalid permissions removal - AWS onboarding - 08:00 UTC

Description: Some invalid permissions that was included in the AWS Onboarding CFT was removed.
Case ID: DFT-3209
Known limitations: N/A
Affected Components:

Status
titleonboarding

Deployment December 25, 2023

Info

Status
colourGreen
titlefeature
Fix IamRole Entity Type in Findings - 21:30 UTC

Description: Fix an issue with assigning IamRole entity type in findings as Default.
Case ID: DFT-3009, CNAPP-4270
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE

Deployment December 24, 2023

Info

Status
colourGreen
titlefeature
Azure Virtual WAN - 8:40 UTC

Description: Added support for Azure Virtual WAN entity in Compliance Engine and Protected Assets, as a new entity: VirtualWAN.

Case ID: CNAPP-4233
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Static Web App site - 8:40 UTC

Description: Added support for Azure Static Web App site entity in Compliance Engine and Protected Assets, as a new entity: StaticWebAppSite.

Case ID: CNAPP-5629
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Load Testing - 8:40 UTC

Description: Added support for Azure Load Testing in Compliance Engine and Protected Assets, as a new entity: LoadTest.

Case ID: CNAPP-4230
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Deployment December 21, 2023

Info

Status
colourGreen
titlefeature
2.26.0: RP file reputation, Fedora Core OS - 09:30 UTC

Description: Runtime Protection: daemon 1.11.5, probe 0.30.2-cp-6.

  • Improved File Reputation Blade for Reduced False Positives

  • Support Fedora Core OS.

Affected Components: CloudGuard Workload Protection agents.
Case ID: CON-7773
Known limitations: N/A
Affected Components:

Status
titlecontainers

Deployment December 21, 2023

Info

Status
colourRed
titleFIXED
Risk Management - Risk Levels - 09:30 UTC

Description: Adjusted risk levels and colors for environments and assets risk score.
Case ID: CNAPP-5514, CNAPP-5502
Known limitations: N/A
Affected Components:

Status
titleAPI
Status
titleUI
Status
titleRisk Management

Info

Status
colourRed
titleFIXED
Protected Assets API - 08:10 UTC

Description: Fixed a filtering issue when combining ‘Organizational Units’ and ‘CVEs’ filters.
Case ID: CNAPP-5846
Known limitations: N/A
Affected Components:

Status
titleAPI

Deployment December 20, 2023

Info

Status
colourGreen
titleIMPROVEMENT
Intelligence findings notification output fields - 14:40 UTC

Description: Extend Intelligence findings notification output with additional fields from Intelligence logs.
Case ID: DFR-2363 , CNAPP-299
Known limitations: N/A
Affected Components:

Status
titleIntelligence
Status
titleNotification

Info

Status
colourRed
titleFIXED
OCI Compute Instance - 14:40 UTC

Description: Fixed a bug in OCI Compute Instance entity where “timeCreated” property was in a wrong format, this issue was fixed and now this field is treated as date.
Case ID: DFT-3203
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titlefeature
OCI MySql Service - 14:00 UTC

Description: Added support for Oracle cloud MySql service in Compliance Engine and Protected Assets. The following entities were added:

  • MySqlBackup

  • MySqlDbSystem

  • MySqlConfiguration

  • MySqlChannel.

Case ID: DFR-2915
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourRed
titleFIXED
UI | Dashboard | Cannot export to PDF - 14:40 UTC

Description: Fix the issue that export to PDF got stuck if section was empty
Case ID: DFT-3196
Known limitations: N/A
Affected Components:

Status
titleui

Info

Status
colourRed
titleFIXED
UI | Findings | CIEM Findings - cannot 'close' CIEM source findings - button should be grayed out - 14:40 UTC

Description: ‘close’ button is grayed out for CIEM findings
Case ID: DFT-2657
Known limitations: N/A
Affected Components:

Status
titleui

Info

Status
colourRed
titleFIXED
Fix Azure onboarding wizard description - 14:40 UTC

Description: update wizard description to match Azure UI
Case ID: DFT-2825
Known limitations: N/A
Affected Components:

Status
titleui

Info

Status
colourRed
titleFIXED
GCP IAM Group - 12:00 UTC

Description: Fixed a bug where clicking on a GCP IAM group under protected assets page led to an error and redirection to the index page, now clicking the protected assets link open the GCP IAM Group entity page as expected.
Case ID: DFT-3109
Known limitations: N/A
Affected Components:

Status
titlePROTECTED ASSETS

Info

Status
colourRed
titleFIXED
AWS DMS Endpoints reduced API calls - 12:00 UTC

Description: Reduced the amount of API calls performed to get data.
Case ID: DFT-3215
Known limitations: N/A
Affected Components:

Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Dedicated Host Group - 9:20 UTC

Description: Added support for Azure Dedicated Host Group entity in Compliance Engine and Protected Assets

Case ID: CNAPP-5533
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure NetApp Files - 9:20 UTC

Description: Added support for Azure NetAppAccount entity in Compliance Engine and Protected Assets

Case ID: CNAPP-4236
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 9:00 UTC

Description: New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5784, DFT-3090, DFT-3143
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Deployment December 17, 2023

Info

Status
colourRed
titleFIXED
Compliance Trend Change History widget – display in 1x1 widget tile size is not well presented with trend stats not cleanly displayed - 13:40 UTC

Description: Present Compliance Trend Change History widget in the dashboard in a better way
Case ID: DFT-2998
Known limitations: N/A
Affected Components:

Status
titleui

Info

Status
colourRed
titleFIXED
New dashboards - Filter panel - missing filters - 13:40 UTC

Description: Add additionalFields and Is Public filters to protected assets widget
Case ID: CNAPP-5310
Known limitations: N/A
Affected Components:

Status
titleui

Info

Status
colourGreen
titlefeature
Azure Orbital Spacecraft - 9:40 UTC

Description: Added support for Azure Orbital Spacecraft in Compliance Engine and Protected Assets.

Case ID: CNAPP-4232
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourRed
titleFIXED
Azure BatchAccount - 09:40 UTC

Description: Fixed the “BatchAccount” entity’s schema for GSL Builder and Compliance Engine.
Case ID: IN-8470
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titlefeature
Azure Data Migration Service - 9:40 UTC

Description: Added support for 2 Azure Data Migration Service entities in Compliance Engine and Protected Assets:

  • Data Migration.

  • Data Migration Classic.

Case ID: CNAPP-4229
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Log Analytics - 9:40 UTC

Description: Added support for Azure Log Analytics as a new entity: LogAnalyticsCluster.

Case ID: CNAPP-5524
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
GCP Organization Policy - 9:40 UTC

Description: Added support for the GCP Organization Policy service.

  • A new entity: AvailableOrgPolicyConstraint

  • A new property to the “Project” entity: orgPolicies[].

  • A new property to the “Folder” entity: orgPolicies[].

  • A new property to the “GcpOrganization” entity: orgPolicies[].

Case ID: DFR-2863
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Deployment December 13, 2023

Info

Status
colourGreen
titleIMPROVEMENT
AWS ECS Task - 14:30 UTC

Description: Added new property to the AWS ECS Task entity: ‘SecurityGroups’ - an array of the security groups that are attached to the ENI of the current Task.

Case ID: DFT-3028, IN-8494
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titleIMPROVEMENT
AWS Security Group - 14:30 UTC

Description: Aws Security Group now includes network assets statistics on ECS Task. Can be found under ‘networkAssetsStats' where type = “EcsTask”.

Case ID: DFT-3028
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titlefeature
Azure Policy Set Definition - 12:40 UTC

Description: Added support for Azure Policy Set Definition (initiatives definition).

Case ID: DFR-2913
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
AWS Config Rule - 12:40 UTC

Description: Added a new property ‘compliance’ to AWS “ConfigRule“ entity.

Case ID: DFR-2895
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 11:00 UTC

Description: New Ruleset CSA CCM v4.0 for GCP; New Ruleset MLPS 2.0 for AWS; New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5586, DFT-3097, DFT-3118
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Info

Status
colourGreen
titlefeature
Azure Data Share - 8:40 UTC

Description: Added support for Azure Data Share as a new entity: DataShareAccount.

Case ID: CNAPP-5458, DFR-2978
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
GCP KMS - 8:40 UTC

Description: Added property to the GCP KmsKeyRing entity: ‘cryptoKeys[].protectionLevel’.

Case ID: DFR-2521
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleapi

Info

Status
colourGreen
titlefeature
GCP Organization - 8:40 UTC

Description: Added support for GCP Organization as a new entity: GcpOrganization.

Case ID: DFR-2964
Known limitations: Only organizations that are visible to the service account will appear. Requires to set a policy binding on the organizational level with a view permission for the service account.
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Deployment December 12, 2023

Info

Status
colourGreen
titlefix
Azure fetching for China - 15:00 UTC

Description: Fix support for Azure China in all Azure entities.
Case ID: CNAPP-5254
Known limitations: Phase 1 of the fix, not all of the entities supported for China yet.
Affected Components:

Status
titlefetchers

Deployment December 11, 2023

Info

Status
colourGreen
titleIMPROVEMENT
Aws DaxCluster - 15:30 UTC

Description: Added support for SecurityGroup property in AWS Dax Cluster in Compliance Engine.

Case ID: DFR-2722
Known limitations: This property can be used to query the securityGroup property and to pass/fail the rule according to it, but currently not visible in the Entity Viewer in the UI.
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titleIMPROVEMENT
Azure VirtualMachine - 06:00 UTC

Description: Added support for the following NIC properties: ‘dnsSettings’, ‘nicType’, ‘workloadType’, and ‘privateLinkService’ in Azure VirtualMachine entity.

Case ID: DFR-2840
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titlePROTECTED ASSETS

Deployment December 7, 2023

Info

Status
colourGreen
titleFEATURE
Risk Management - Data Sensitivity - 11:00 UTC

Description: Risk Management supports Data Sensitivity indication for Azure PostgreSQL and MySQLDBSingleServer using Azure Purview data.
Case ID: CNAPP-4977
Known limitations: N/A
Affected Components:

Status
titleDSPM
Status
titleRISK MANAGEMENT
Status
titlePROTECTED ASSETS
Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titlefeature
Risk Management - Network Exposure - 09:00 UTC

Description: Azure FunctionApp Support for Network Exposure in Protected Assets and Compliance Engine.
Case ID: CNAPP-4804
Known limitations: N/A 
Affected Components:

Status
titleRisk Management
Status
titleCOMPLIANCE ENGINE
Status
titlePROTECTED ASSETS

Info

Status
colourRed
titleFIXED
Permissions for AWS onboarding page - 07:30 UTC

Description: Fixed missing permissions from AWS Organization onboarding, added missing permissions to regular onboarding instructions and fixed needed permissions for Sage Maker Notebook.
Case ID: CNAPP-4277
Known limitations: N/A
Affected Components:

Status
titleonboarding

Deployment December 6, 2023

Info

Status
colourGreen
titlefeature
AWS Timestream Query - 10:45 UTC

Description: Added support for AWS Timestream Query entity in Compliance Engine and Protected Assets.

Case ID: DFR-2414
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Batch - 10:45 UTC

Description: Added support for Azure BatchAccount entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4227
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Event Grid - 10:45 UTC

Description: Added support for Azure EventGridNamespace entity in Compliance Engine and Protected Assets.

Case ID: DFR-2837
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
Azure Compute Gallery - 10:45 UTC

Description: Added support for Azure Compute Gallery in Compliance Engine and Protected Assets.

Case ID: CNAPP-4228
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titlefeature
GCP Folder - 10:45 UTC

Description: Added support for GCP Folder in Compliance Engine and Protected Assets.

Case ID: DFR-2963
Known limitations: Only folders that are visible to the service account will appear. Requires to set a policy binding on the folder's level with a view permission for the service account.
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
GCP AppEngine - 10:45 UTC

Description: Added support for GCP Identity-Aware Proxy as new properties in AppEngine: “iapSettings”.

Case ID: DFR-2971
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
GCP BackendService - 10:45 UTC

Description: Added support for GCP Identity-Aware Proxy as new properties in BackendService: “iapAccessSettings” and “iapApplicationSettings“.

Case ID: DFR-2971
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 11:00 UTC

Description: CSA CCM v4.0 for Azure enrichment;New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5348, DFT-2970, DFT-2993, DFT-3045, DFT-3075, DFT-3100
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Deployment December 3, 2023

Info

Status
colourGreen
titlefeature
Workload Protection for Kubernetes: helm 2.25.0 - 11:00 UTC

Description: Image Assurance 2.27.0:

  • Fix “Internal error” image scan errors: on nodes with containerd Container runtime configured to discard compressed image layers once they were unpacked. Affects GKE 1.27+ and all EKS with AMIs released after July 28 2023 

Admission Control Enforcer 2.10.0

  • Fix escaping in GSL if regular expression defined.

Case ID: CON-7715
Known limitations: N/A
Affected Components:

Status
titleCONTAINERS

Info

Status
colourGreen
titlefeature
AWS Firewall Manager - 11:00 UTC

Description: Added support for AWS FirewallManagerAdminAccount and FirewallManagerPolicy entities in Compliance Engine and Protected Assets.

Case ID: CNAPP-3511
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS