Page Comparison

Description: The first Release of the AWS CSA CCM v4 Ruleset; The first release of the Alibaba CIS v1.0 Ruleset; The first release of the K8S GKE CIS v1.4 ruleset; French support for GCP best practices; New AWS and Azure rules. A complete list can be found here.

Case ID: IN-7955, DFT-2595, DFT-2585, DFT-2367, DFT-2404, DFR-2316
Known limitations: N/A 
Affected Components:

Description: Policy unassociation will publish a closing alert with a status pass
Case ID: PLAT-8366
Known limitations: N/A 
Affected Components:

Description: Add support for Aws WorkSpace services for Mumbai region in AWS
Case ID: DFT-2641
Known limitations: N/A 
Affected Components:

Description: The first Release of the AWS CSA CCM v4 Ruleset; The first release of the Alibaba CIS v1.0 Ruleset; The first release of the K8S GKE CIS v1.4 ruleset; French support for GCP best practices; New AWS and Azure rules. A complete list can be found here.

Case ID: IN-7955, DFT-2595, DFT-2585, DFT-2367, DFT-2404, DFR-2316
Known limitations: N/A 
Affected Components:

Description: A new endpoint was added to fetch data about Oracle compartments:
Get all compartments under an account: https://api.dome9.com/v2/OciCompartment
Get all compartments of a specific cloud account: https://api.dome9.com/v2/OciCompartment/{id}
Case ID: DFR-2733
Known limitations: N/A 
Affected Components:

Description: Azure Storage Account ‘table’ and ‘queue’ Encryption flags show the correct value. Previously, encryption on 'table' and 'queue' was enabled by default when creating a storage account in Azure. However, now we have the option to choose not to enable encryption for these components.
Case ID: IN-1554
Known limitations: N/A 
Affected Components:

Description: KMS aliases in China region were not updated.
Case ID: DFT-2547
Known limitations: N/A 
Affected Components:

Description: Fixed an issue where disabled AWS regions showed up in protected assets table, and caused an error when trying to access them. From now on disabled region will not be available in the protected asset.
Case ID: DFT-2554
Known limitations: N/A 
Affected Components:

Description: Support for GKE Autopilot (except for Runtime Protection)
Case ID: CON-5273
Known limitations: N/A 
Affected Components:

Description: Configure agents with node-critical and cluster-critical priority classes by default (improved support for clusters with small nodes)
Case ID: CON-5273
Known limitations: N/A 
Affected Components:

Description: Support multiple DaemonSet configurations per node pool
Case ID: CON-5273
Known limitations: N/A 
Affected Components:

Description: Runtime Protection: keep running if EBPF probe can't be built/loaded; multiple optimizations
Case ID: CON-5273
Known limitations: N/A 
Affected Components:

Description: Inventory: Improved support for large inventory of Kubernetes resources
Case ID: CON-5273
Known limitations: N/A 
Affected Components:

Description: Change imageScan.mountPodman default to false (reduce dependencies on node configuration)
Case ID: CON-5273
Known limitations: N/A 
Affected Components:

Description: OCI Network Load Balancer now correctly shows connected network security group ids
Case ID: DFT-2568
Known limitations: N/A 
Affected Components:

Description: Support the Network Exposure risk modifier for Azure Storage Account.
Case ID: SEC-801
Known limitations: N/A 
Affected Components:

Description: Fixed an issue where the “GcpIamGroup” entity was causing assessment failures.
Case ID: DFT-2578
Known limitations: N/A 
Affected Components:

Description: A connector was added to the Azure “ApplicationGateway” entity, allowing to query its relation to “RegionalWAF” entity directly.
Case ID: DFT-2591
Known limitations: N/A 
Affected Components:

Description: “New” labels were removed from the GSL builder UI, for 30 days old entities.
Case ID: IN-7609
Known limitations: N/A 
Affected Components:

Description: The first Release of the AWS CIS Controls v8 Ruleset; New AWS rules. A complete list can be found here.

Case ID: IN-7818
Known limitations: N/A 
Affected Components:

Description: Added “imageDetails” property for the CloudInstance API.
Case ID: DFT-2509
Known limitations: N/A 
Affected Components:

Description: Fixed a bug in Alibaba ECS Instance, where Is Running column in the protected assets did not show the status.
Case ID: DFT-2540
Known limitations: N/A 
Affected Components:

Description: Added support for ‘encryptionConfig’ property in AWS EksCluster in Compliance Engine & Protected Assets.
Case ID: IN-6979
Known limitations: N/A 
Affected Components:

Description: Added support for "AWS X-Ray" in compliance engine and protected assets. A total of 3 new entities were added: XRayGroup, XRaySamplingRule, XRayEncryptionConfig.
Case ID: IN-7734
Known limitations: N/A 
Affected Components:

Description: Added support for "AWS MemoryDB for Redis" in compliance engine and protected assets. A total of 4 new entities were added: MemoryDbCluster, MemoryDbSnapshot, MemoryDbUser, MemoryDbAcl.
Case ID: IN-7644
Known limitations: N/A 
Affected Components:

Description: Added support for "AWS Neptune" in compliance engine and protected assets. A total of 4 new entities were added: NeptuneGlobalCluster, NeptuneCluster, NeptuneClusterSnapshot, NeptuneInstance.
Case ID: IN-7655
Known limitations: N/A 
Affected Components:

Description: Added support for "AWS CodeArtifact" in compliance engine and protected assets. Two new entities were added: CodeArtifactDomain, CodeArtifactRepository.
Case ID: IN-7705
Known limitations: N/A 
Affected Components:

Description: Fixed an issue with nested aggregations counters in protected-assets group-by-properties API.
Case ID: SEC-1085
Known limitations: N/A 
Affected Components:

Description: Added validation of S3 Access Points when measuring the IAM exposure of S3 Buckets.
Case ID: SEC-960
Known limitations: N/A 
Affected Components:

Description: Added "Azure AD Conditional Access Named Locations" support in the compliance engine and protected assets.
Case ID: IN-7812
Known limitations: N/A 
Affected Components:

Description: Added "Azure AD Conditional Access Policies" support in the compliance engine and protected assets.
Case ID: IN-7813
Known limitations: N/A 
Affected Components:

Description: Added support for ‘iamDatabaseAuthenticationEnabled’ property in AWS RDS in Compliance Engine & Protected Assets.
Case ID: IN-6979
Known limitations: N/A 
Affected Components:

Description: Fixed Large CIEM events and findings are missed.
Case ID: DFT-2558
Known limitations: N/A 
Affected Components:

Description: Update testing following sanity test fails to improve stability and improve performance
Case ID: PLAT-8359
Known limitations: N/A 
Affected Components:

Description: Corrected string 'now' to account.lastUsed in “src/app/users-management/service-accounts/service-accounts.ctrl.js“
Case ID: DFT-2481
Known limitations: N/A 
Affected Components:

Description: Removed old protected asset page for all users and set the new one as default.
Case ID: PLAT-8306
Known limitations: N/A 
Affected Components:

Description: The first release of the AKS CIS v1.3.0 Ruleset; New Azure CIS rules; DFT fix; A complete list can be found here.

Rule Deprecation D9.AZU.MON.03 : Property in azure is no longer supported/exists

Rule Deprecation D9.AWS.LOG.09: Duplicate Rule

Case ID: IN-7890, DFR-2802, DFT-2597, DFT-2367
Known limitations: N/A 
Affected Components:

Description: KMS keys in China region were not updated.
Case ID: DFT-2547
Known limitations: N/A 
Affected Components:

Description: Added data fetching for S3 multi-region Access Points using ListMultiRegionAccessPoints AWS API.
Case ID: SEC-1073
Known limitations: N/A
Affected Components:

Description: The value of hubIpAddresses property in Azure Firewall entity was empty. Fixed it to contain the data.
Case ID: SEC-1013
Known limitations: N/A 
Affected Components:

Description: Fixed a wrong condition that forced the filterPanel to change for every environment.
Case ID: DFT-2512, DFT-2539
Known limitations: N/A 
Affected Components:

Description: Added OCI Autonomous Database to billable assets.
Case ID: IN-7362
Known limitations: N/A 
Affected Components:

Description: For customers with a large number of IAM roles the API call (https://api.dome9.com/v2/CloudIamRole) resulted with an error. This issue is now fixed.
Case ID: DFT-2454
Known limitations: N/A 
Affected Components:

Description: All of cloudGuard Emails are now being sent under CheckPoint Domain (@checkpoint.com), where it was previously under dome9 domain (@dome9.com) except User gets Locked and Account Created using MSP
Email Display name is now "CloudGuard Checkpoint" or "CloudGuard Reporter" where it had been changed from (''dome9" or "do-not-reply")
Email Subject of CloudGuard scheduled reports notifications now start with "CloudGuard" as they previously started with "dome9".
Case ID: DFT-2002, PLAT-5106
Known limitations: N/A 
Affected Components:

Description: Added a new measurement for AWS S3 Bucket that shows their IAM exposure (Public/Private).
Case ID: SEC-1042, SEC-1003, SEC-442
Known limitations: N/A 
Affected Components:

Description: Fixed an issue with the aggregations counter in protected-assets search API.
Case ID: SEC-1060
Known limitations: N/A 
Affected Components:

Description: Added support for new regions in AWS in Compliance Engine and Protected Assets: Hyderabad (ap-south-2), Jakarta (ap-southeast-3), Melbourne (ap-southeast-4), Zurich (eu-central-2) & Spain (eu-south-2).
Case ID: DFR-2729, DFR-2680
Known limitations: N/A 
Affected Components:

Description: Added support for ‘keyPolicy’ and ‘encryption.requireInfrastructureEncryption’ properties in Azure Storage Account in Compliance Engine & Protected Assets.
Case ID: IN-7478
Known limitations: N/A 
Affected Components:

Description: Added support for ‘enableRbacAuthorization’ property in Azure Key Vault in Compliance Engine & Protected Assets.
Case ID: IN-7493
Known limitations: N/A 
Affected Components:

Description: Added support for "AWS Document DB" in Compliance Engine and Protected Assets - 4 new entities were added: DocDbCluster, DocDbClusterSnapshot, DocDbGlobalCluster, DocDbInstance.
Case ID: IN-7623
Known limitations: N/A 
Affected Components:

Description: New AWS rules; DFT fix; Support for the EKS autopilot ruleset. A complete list can be found here.

Case ID: IN-7818, DFT-2479
Known limitations: N/A 
Affected Components:

Description: Fixed a bug that caused assessments failures related to Azure ADAccessReviewsScheduleDefinition.

Case ID: DFT-2587
Known limitations: N/A 
Affected Components:

Description: Added data fetching for S3 Access Points using ListAccessPoints AWS API.
Case ID: SEC-1038
Known limitations: N/A
Affected Components:

Description: Switch AC default policy to the new default ruleset. Admission Control default policy has been updated to include only high value security rules, and reduced alerts.
Case ID: CON-5606
Known limitations: N/A
Affected Components:

Description: Return time zone in iso date format from the APIs. A complete list can be found here.
Case ID: CON-5665
Known limitations: N/A
Affected Components:

Description: Deploy RP partial profiling code. A complete list can be found here.
Case ID: CON-5678
Known limitations: N/A
Affected Components:

Description: Agent status report CSV api. A complete list can be found here.
Case ID: CON-5720
Known limitations: N/A
Affected Components:

Description: Allow offboarding through old controller (Terraform). A complete list can be found here.
Case ID: CON-5736.
Known limitations: N/A
Affected Components:

Description: Workloads Images redesign, Kubernetes Version in Environment Table. A complete list can be found here.
Case ID: CON-5805
Known limitations: N/A
Affected Components:

Description: Added new property under “properties“ called “anonymousPullEnabled” to Azure ContainerRegistry entity.
Case ID: DFR-2129
Known limitations: N/A
Affected Components:

Description: We have added support for adding ERM related condition in the GSL. Each entity will have its relevant ERM data available through the “riskModifiers” property.
Case ID: SEC-1016
Known limitations: N/A
Affected Components: