Versions Compared

Old Version 1

changes.mady.by.user Guy Shteinberg

Saved on

compared with

New Version Current

changes.mady.by.user Guy Shteinberg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Deployment February 29, 2024

Info

Status
colourGreen
titlefeature
2.28.0: GitHub Registry, reduce URLs for Image Assurance - 10:00 UTC

Description: Image Assurance 2.29.0:

  • Release Github Container Registry Scanning support

  • Reduced the number of URLs that need to be accessed by the agents (relevant for Scan Engine Version 2.0.0 only). CloudGuard agents must have connectivity to these region-specific URLs.

Security enhancements - all agents:

  • Image Assurance 2.29.0

    • Admission Control: Enforcer 2.11.0 & Policy 1.8.0

    • Inventory 1.14.0

    • Flow-logs 0.14.0

    • Runtime Policy 1.8.0

Case ID: CON-8312
Known limitations: N/A 
Affected Components:

Status
titleCOntainers

Deployment February 28, 2024

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 10:00 UTC

Description: New Ruleset SOX for AWS, Azure and GCP; New Ruleset CITSG-33 for GCP; New AWS, Azure, and GCP rules. A complete list can be found here.

Case ID: CNAPP-7373, DFT-3436, DFT-3427
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Info

Status
colourGreen
titlefeature
GCP Firebase App Distribution Tester - 12:30 UTC
Description: Added support for GCP Firebase App Distribution Tester entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1464
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourGreen
titleIMPROVEMENT
Azure Service Bus - 07:35 UTC
Description: Added support for ‘MinimumTlsVersion’ property in Azure Service Bus.
Case ID: DFR-2869
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE

Info

Status
colourRed
titlefixed
Exclusion with expired date will not allow to create new one - 14:00 UTC

Description: Bug fix in case a new exclusion is created while the same one exists but it is expired

Case ID: DFT-3047
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE engine
Status
titleui

Deployment February 25, 2024

Info

Status
colourRed
titlefixed
UI | duplicate add policy in ruleset - 12:45 UTC
Description: UI duplicate add policy in ruleset, removed the additional option button from the Ruleset Card.
Case ID: DFT-3354
Known limitations: N/A
Affected Components:
Status
titleui

Info

Status
colourGreen
titlefeature
GCP Firestore Dataset - 09:40 UTC
Description: Added support for GCP Firestore Dataset entity in Compliance Engine and Protected Assets.
Case ID: DFR-2967
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Deployment February 21, 2024

Info

Status
colourRed
titlefixed
UI | Assessment history page stuck after clicking on rule details - 12:45 UTC
Description: Fix the issue that sub menu in “Posture Management” were stuck after clicking on rule details
Case ID: DFT-3355
Known limitations: N/A
Affected Components:
Status
titleui

Info

Status
colourRed
titlefixed
GCP IAM Group - 12:30 UTC
Description: Fix GCP IAM Group to enable updates in data.
Case ID: IN-8603
Known limitations: N/A
Affected Components:
Status
titlefetchers

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 9:00 UTC

Description: New Ruleset CIS Foundations Benchmark v2.1 for Azure; New Ruleset CIS Foundations Benchmark v3 for AWS; New Rulesets ACSC (ISM) for AWS, Azure & GCP; New Rulesets FFIEC for AWS, Azure & GCP;New Rulesets ISO27002 for AWS, Azure & GCP; New Rulesets  PIPEDA for AWS, Azure & GCP; New Rulesets  NIST 800-172 for AWS, Azure & GCP; New Rulesets  SCF for AWS, Azure & GCP; New Rulesets  SWIFT for AWS, Azure & GCP; New Rulesets  ISO27017 for AWS, Azure & GCP; New Ruleset  NIST 800-171 for GCP; New Ruleset  HITRUST Latest for GCP; New Rulesets  New Zealand ISMv3.6 for Azure & GCP; New Ruleset  ASD Essential Eight for GCP; New Ruleset  CMMC2.0 for GCP; New Ruleset  CRI Profile for GCP; New Ruleset  NY DFS Part 500 23 CRR for GCP, New AWS rule. A complete list can be found here.

Case ID: CNAPP-7240, DFT-3330, DFT-3398, DFT-3409, DFT-3410, DFT-3349
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Info

Status
colourRed
titlefixed
Azure MySQLDBFlexibleServer - 08:10 UTC
Description: Fixed an issue in Azure MySQLDBFlexibleServer fetching mechanism.
Case ID: DFT-3437
Known limitations: N/A
Affected Components:
Status
titlefetchers

Deployment February 19, 2024

Info

Status
colourGreen
titlefeature
GCP Vertex AI Notebook - 15:30 UTC
Description: Added support in Compliance Engine and Protected Assets for the following entities:

  • GcpVertexAINotebookRuntimeEntity

  • GcpVertexAINotebookInstanceEntity

  • GcpVertexAINotebookEnvironment

Case ID: CNAPP-1462
Known limitations:
Affected Components:

Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Deployment February 18, 2024

Info

Status
colourRed
titlefixed
AWS SQS CryptoKey in AWS China region - 15:00 UTC
Description: Fixed a bug in which KMS keys in AWS China region were not shown in the SQS entity in CloudGuard.
Case ID: DFT-3413
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE
Status
titlefetchers

Deployment February 14, 2024

Info

Status
colourGreen
titlefeature
AWS Shield Subscription - 15:30 UTC
Description: Added support for the AWS MSK Connect Connector entity in Compliance Engine and Protected Assets.
Case ID: DFR-3270
Known limitations:
Affected Components:
Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Info

Status
colourRed
titlefixed
AWS IAM User - 13:30 UTC
Description: Fixed an issue where the ‘sslPolicy.minProtocolVersion’ property was not set for Application Gateways that are using predefined policies.
Case ID: DFT-3328
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE
Status
titlefetchers

Info

Status
colourRed
titlefixed
GCP Disk Region - 12:00 UTC
Description: Fixed a bug in which some regions were specified as global, which affected the dome9 id as well.
The fix included a deletion and recreation for the affected entities.
Case ID: DFT-3243
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE
Status
titlefetchers

Info

Status
colourRed
titlefixed
Agents | Windows download link is broken - 08:30 UTC
Description: Fixed an issue for downloading windows and linux agents scripts
Case ID: DFT-3327
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 9:00 UTC

Description: New Ruleset CIS Controls v8 for Azure; New Ruleset FedRAMP (moderate) for AWS, Azure, and GCP; New AWS, and Azure. A complete list can be found here.

Case ID: CNAPP-7156, DFT-3165, DFT-3357, DFT-3392
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Info

Status
colourGreen
titleIMPROVEMENT
AWS API Gateway V2 - 09:00 UTC
Description: Added support for ‘Stages’ property in AWS API Gateway V2 in Compliance engine & Protected Assets.
Case ID: DFR-2678
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titleIMPROVEMENT
GCP Disk - 07:40 UTC
Description: Added new API for GCP Disk entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components:
Status
titleapi

Info

Status
colourGreen
titleIMPROVEMENT
GCP Image - 07:40 UTC
Description: Added new API for GCP Image entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components:
Status
titleapi

Deployment February 13, 2024

Info

Status
colourGreen
titleFEATURE
CDR (Intelligence) - Azure Centralized storage onboarding - 9:35 UTC
Description: Azure onboarding enhancements and options for Account Activity and Network Traffic including Azure centralized storage support & auto-onboarding.
Case ID: CNAPP-105, DFR-2562, DFR-2304, DFR-3414
Known limitations: N/A
Affected Components:
Status
titleCDR
Status
titleINTELLIGENCE
Status
titleONBOARDING

Info

Status
colourRed
titlefixed
AWS IAM User - 7:35 UTC
Description: Fixed an issue in the AWS’ ‘IamUser’ entity that caused the ‘secondAccessKey’ property sometimes to appear as the ‘firstAccessKey’ property.
Case ID: DFT-3405
Known limitations: N/A
Affected Components:
Status
titleCOMPLIANCE ENGINE

Info

Status
colourRed
titlefixed
UI | Protected assets - Asset page - Findings getting disappear - 7:35 UTC
Description: Fixed an issue in protected assets where findings were disappearing or appearing and then being refreshed with the correct data
Case ID: DFT-3272
Known limitations: N/A
Affected Components:
Status
titleui

Deployment February 08, 2024

Info

Status
colourGreen
titlefix
OCI Compliance Engine - 9:45 UTC

Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE

Deployment February 07, 2024

Info

Status
colourGreen
titleIMPROVEMENT
Compliance Rulesets Update - 15:00 UTC

Description: New Ruleset CIS Foundations Benchmark for AWS v3; New AWS, Azure, GCP, and OCI rules. A complete list can be found here.

Case ID: CNAPP-7018
Known limitations: N/A 
Affected Components:

Status
titleCOMPLIANCE RULESETS

Info

Status
colourGreen
titlefix
OCI Compliance Engine - 13:15 UTC

Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE

Info

Status
colourGreen
titleIMPROVEMENT
GCP Virtual Machine Instance - 15:00 UTC
Description: The “sourceMachineImage” was exposed in Protected Assets API under “additionalFields” for GCP’s “VMInstance” entity.
Case ID: DFR-3134
Known limitations: N/A
Affected Components:
Status
titleapi

Info

Status
colourGreen
titleIMPROVEMENT
Azure Virtual Machine Image - 13:05 UTC
Description: A new API was added for Azure’s “VirtualMachineImage” entity: https://api.dome9.com/v2/AzureVirtualMachineImage.
Case ID: DFR-3156
Known limitations: N/A
Affected Components:
Status
titleapi

Deployment February 05, 2024

Info

Status
colourGreen
titlefix
GCP IAM User - 13:15 UTC

Description: Fix GCP IAM User to enable updates in data.
Case ID: DFT-3290, DFT-3266
Known limitations: N/A
Affected Components:

Status
titlefetchers

Info

Status
colourGreen
titlefix
UI | Dashboard | Cannot filter for security groups, missing entity types - 09:30 UTC

Description: Added support for filterering by AWS SecurityGroups Entity Type
Case ID: DFT-3125
Known limitations: N/A
Affected Components: UI

Info

Status
colourGreen
titleIMPROVEMENT
AWS Workspace - 9:15 UTC
Description: Exposed the “ipAddress” property for the AWS Workspace entity in the Protected Assets report, under the “PrivateIPs” field.
Case ID: DFT-3254
Known limitations: N/A
Affected Components:
Status
titlePROTECTED ASSETS
Status
titleFETCHERS

Info

Status
colourGreen
titlefix
Terraform provider | Need to add regions support - missing Israel - 09:00 UTC

Description: Added Tel Aviv region to terraform provider
Case ID: DFT-3323
Known limitations: N/A
Affected Components:

Status
titleCOMPLIANCE ENGINE

Deployment February 05, 2024

Info

Status
colourGreen
titlefeature
AWS Shield Subscription - 10:40 UTC
Description: Added support for the AWS Shield Subscription in Compliance Engine and Protected Assets.
Case ID: CNAPP-5587
Known limitations:
Affected Components:
Status
titleCOMPLIANCE ENGINE
Status
titleFETCHERS
Status
titlePROTECTED ASSETS

Deployment February 04, 2024

Info

Status
colourGreen
titleFEATURE
Send security event notification per occurrence - 11:00 UTC
Description: Added the option to send notification each time occurrence is logged for “Threat & Security events” supported sources.
Case ID: CNAPP-499
Known limitations: N/A
Affected Components:
Status
titleNOTIFICATIONS

Info

Status
colourGreen
titleIMPROVEMENT
Azure Virtual Machine - 7:30 UTC
Description: Added new property for the “VirtualMachine” entity: disks[].sseType. This enrichment reflects disk’s encryption-at-rest type.
Case ID: DFT-3319, DFT-3334, DFT-3330
Known limitations: N/A
Affected Components:
Status
titleFETCHERS
Status
titleCOMPLIANCE ENGINE

Deployment February 01, 2024

Info

Status
colourGreen
titleFEATURE
Risk Management - AWP integration for Azure FunctionApp - 12:00 UTC

Description: Risk Management support for Azure FunctionApp CVEs and Secrets information generated by AWP.
Case ID: CNAPP-1336
Known limitations: N/A
Affected Components:

Status
titleRISK MANAGEMENT
Status
titlePROTECTED ASSETS