Page Comparison

Compliance Rulesets Update - 16:15 UTC

Type: Improvement
Description:  New rules were added to AWS CloudGuard Best Practices. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Compliance Update - 15:45 UTC

Type: Internal Improvement
Description:  Created new Retry with backoff mechanism. 
Known limitations: N/A 
Affected Components: 

Compliance Update - 13:45 UTC

Type: Internal Improvement
Description:  Added backend support for new feature. 
Known limitations: N/A 
Affected Components: 

Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  New rules were added to Azure rulesets. Additionally, we have made changes to existing AWS rules. a complete list can be found here. 
Known limitations: N/A 
Affected Components: 

AWS EC2 Instance  - 14:30 UTC

Type: Improvement
Case ID: DFR-1327
Description: Added Public DNS and Private DNS properties in compliance engine for AWS Instance entity
Known limitations:  N/A
Affected Components:   

AWS SSM Document - 14:30 UTC

Type: New Entity
Case ID: DFR-1360
Description: Added support for AWS SSM Document in the compliance engine
GSL Examples:

• Ensure that Dms Endpoint is utilizing ssl:
  SystemManagerDocument should not have accountSharingInfoList contain [ accountId='all' ]

• Ensure that the SystemManagerDocument of specific account supports the 'Windows' platform:
  SystemManagerDocument where owner = 989524331127 should have platformTypes contain [ 'Windows']

Known limitations:  N/A
Affected Components:   

AWS DMS Endpoint - 14:30 UTC

Type: New Entity
Case ID: DFR-1254
Description: Added support for AWS DMS Endpoint in the compliance engine
GSL Examples:

• Ensure that Dms Endpoint is utilizing ssl:
  DmsEndpoint should not have sslMode='none'

• Ensure that Dms Endpoint is encrypted using Kms:
  DmsEndpoint should not have kmsKeyId isEmpty()

Known limitations:  N/A
Affected Components:   

Azure Regional WAF - 14:30 UTC

Type: New Entity
Case ID: DFR-1210
Description: Added support for Azure Regional WAF (aka Azure Web Application Firewall) in the compliance engine
GSL Examples:

• Ensure that ApplicationGateway utilizes WAF with Ruletype set to 'OWASP' and version '3.0':
  ApplicationGateway should have (getResource('RegionalWAF', regionalWAFPolicyId) contain[managedRules.managedRuleSets contain [ ruleSetVersion='3.0'] and managedRules.managedRuleSets contain [ ruleSetType='OWASP' ]]) or (firewall.enabled=true and firewall.ruleSetType='OWASP' and firewall.ruleSetVersion='3.0')

• Ensure that WAF policy for detection mode is in state enabled:
  RegionalWAF where policySettings.state.mode = 'Detection' should have policySettings.state='Enabled'

Known limitations:  N/A
Affected Components:   

AWS RDS DBCluster - 14:30 UTC

Type: New Entity
Case ID: DFR-1339
Description: Added support for AWS RDS DBCluster in the compliance engine
GSL Examples:

• Ensure that all the cluster storages are encrypted:
  RDSDBCluster should haveStorageEncrypted=true

Known limitations:  N/A
Affected Components:   

AWS Storage Gateway - 14:30 UTC

Type: New Entity
Case ID: DFR-1312
Description: Added support for AWS Storage Gateway in the compliance engine
GSL Examples:

• Ensure that all the gateways are operational:
  StorageGateway should have gatewayOperationalState='ACTIVE'

Known limitations:  N/A
Affected Components:   

AWS MSK Cluster - 14:30 UTC

Type: New Entity
Case ID: DFR-1297
Description: Added support for AWS MSK Cluster in the compliance engine
GSL Examples:

• Ensure that MSK Clustert has data encrypted in Cluster while in Transit:
  MskCluster should have encryptionInfo.encryptionInTransit.inCluster=true

Known limitations:  N/A
Affected Components:   

Compliance Engine - 14:00 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components:     

Compliance Notifications - Webhook - Jira Integration - 10:30 UTC

Type: New Feature
Case ID: DFR-445
Description: Fixing unrequired calls from UI.
Known limitations: N\A
Affected Components: 

Environments - Serverless UI calls fix - 10:30 UTC

Type: Bug fix
Description: Fixing unrequired calls from UI.
Known limitations: N\A
Affected Components: 

Environments - Kubernetes page - 10:30 UTC

Type: Minor fix
Description: Fix expand all behavior.
Known limitations: N\A
Affected Components: 

Environments - Added Compliance policy tab - 10:30 UTC

Type: Improvement
Case ID: DFR-1187
Description: Added additional information on Environment page..
Known limitations: N\A
Affected Components: 

AWS Fetching System Improvement - 08:30 UTC

Type: Improvement
Description: Fetch data based on activity. 
Known limitations: Not supported in AWS S3 Bucket.
Affected Components: DATA FETCHERS AWS   

AWS Data Fetchers - 08:30 UTC

Type: Improvement
Description:  Infra Improvement for AWS data fetchers: IAM Role, IAM Instance Profile.
Known limitations: N\A
Affected Components:    

AWS Data Fetchers - 13:30 UTC

Type: Improvement
Description:  Infra Improvement for AWS data fetchers: S3 Bucket, IAM Role, IAM Instance Profile.
Known limitations: N\A
Affected Components:    

Intelligence & Threat Hunting. - Azure NSG Flow Logs - 10:30 UTC

Type: New Feature
Description: Released a new version of Azure NSG Flow Logs with a new onboarding method.
Known limitations: NA. 
Affected Components:   

Platforms API - 09:00 UTC

Type: Improvement
Description: Added additional regions and zones to GCP.
Known limitations: N/A.
Affected Components:   API

Protected Assets - 09:00 UTC

Type: Bug Fix
Case ID: DFT-999
Description:  Fixed Billable Asset value for AWS Cloud Formation Stack and Kinesis Firehose entities.
Known limitations: N\A
Affected Components:    

Azure Virtual Network Gateway - 09:00 UTC

Type: Improvement
Description:  Infra Improvement for Virtual Network Gateway data fetcher.
Known limitations: N\A
Affected Components:    

Compliance Engine - 12:40 UTC

Type: Improvement
Description: Update assessment model , Internal model improvement 
Known limitations: N/A.
Affected Components:   

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description:  New rules were added to Terraform AWS CIS Foundations ruleset. Additionally, we have made changes to existing rules and remove one rule. a complete list can be found here. 
Known limitations: N/A 
Affected Components: 

AWS ECS Task Definition - 14:30 UTC

Type: Improvement
Description:  Infra Improvement
Known limitations: N\A
Affected Components:    

AWS Data Fetchers - 13:30 UTC

Type: Improvement
Description:  Infra Improvement for AWS data fetchers: IAM Account Summary, IAM Password Policy, IAM Policy, IAM Role Attached Policies, IAM Role Inline Policies, IAM Role Permissions Boundary, IAM Server Certificate, IAM User, IAM User Attached Policies, IAM User Groups, IAM User Inline Policies, IAM User Permissions Boundary, IAM User Tags, Organization, Virtual MFA Devices.
Known limitations: N\A
Affected Components:    

Azure Data Fetchers - 10:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Virtual Network Gateway, Role Definition, Virtual Machine Scale Set.
Known limitations: N\A
Affected Components:    

Shift Left environment onboarding - 18:00 UTC

Type: Improvement
Description: Adding Infra structure for Shift left - currently not visible to customers.
Known limitations: N\A
Affected Components:    

Azure Data Fetchers - 11:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Storage Account, Analysis Service, Application Gateway, Logic App, Api Management, Disk, Application Security Group, Container Registry.
Known limitations: N\A
Affected Components:    

Compliance Rulesets Update - 10:30 UTC

Type: Improvement
Description:  The first release of AWS CIS Foundations v. 1.3.0 ruleset. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Azure Role Definitions - 13:00 UTC

Type: New Entity
Case ID: DFR-1214
Description: Added support for Azure Role Definitions in the compliance engine
GSL Examples:

• Ensure that `MULTI-FACTOR AUTH STATUS` is `Enabled` for all users who are ‘Owner’:
  RoleAssignment should have (properties contain [getResource('User', principalId) contain [userCredentialRegistrationDetails.isRegisterWithMfa=true]] and properties contain [getResource('RoleDefinition',roleDefinitionId) contain [properties.roleName = 'Owner']])

Known limitations:  N/A
Affected Components:   

Azure Role Assignment - 13:00 UTC

Type: New Entity
Case ID: DFR-1214
Description: Added support for Azure Role Assignment in the compliance engine
GSL Examples:

• Ensure that the password used for the 'Owner' role assignment is changed every 90 days or less:
  RoleAssignment should have (properties contain [getResource('User', principalId) contain [lastPasswordChangeDateTime after(-90, 'days') ]] and properties contain [getResource('RoleDefinition',roleDefinitionId) contain [properties.roleName = 'Owner']])

Known limitations:  N/A
Affected Components:   

Azure WebApp, FunctionApp and CosmosDB Account Fetchers - 13:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure WebApp, FunctionApp and CosmosDB Account data fetcher.
Known limitations: N\A
Affected Components:    

MSP Portal - Logo fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-964
Description: Fixed an issue that affected uploaded logo's visibility.
Known limitations: N/A.
Affected Components:   

Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  One new network rule was added to AWS CloudGuard Best Practices ruleset. Additionally, we have made changes to existing rules and remove six old rules. a complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Azure Subnet  - 10:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure Subnet data fetcher.
Known limitations: N\A
Affected Components:    

Single Sign On - Fixes and Improvements - 9:50 UTC

Type: Improvement and Bug Fix
Case ID: DFT-910, DFT-956
Description: SSO improvements for large SAML elements, fixes for JIT groups.
Known limitations: N/A.
Affected Components:   

AWS SNS Platform Application - 12:30 UTC

Type: New Entity
Description: Added support for AWS SNS Platform Application in the compliance engine

Known limitations:  N/A
Affected Components:   

AWS Glue Connection - 12:30 UTC

Type: New Entity
Description: Added support for AWS Glue Connection in the compliance engine
GSL Examples:

• Ensure that GlueConnection enforce SSL for JDBC connections:
  GlueConnection should have connectionProperties contain [ key='JDBC_ENFORCE_SSL' and value='true' ] where connectionType = 'JDBC'

Known limitations:  N/A
Affected Components:   

GCP VM Instance - 12:30 UTC

Type: Bug fix

Case ID: DFR-1215

Description: Project level setting not mapped to resources
Known limitations:  N/A
Affected Components:   

AWS VPC Endpoint  - 12:30 UTC

Type: Improvement
Case ID: DFR-1209
Description: Additional properties are supported in compliance engine for AWS VPC Endpoint entity
Known limitations:  N/A
Affected Components:   

Azure Data Explorer - 12:30 UTC

Type: New Entity
Description: Added support for Azure Data Explorer in the compliance engine
GSL Examples:

• Ensure that Azure DataExplorerCluster is enabled for purge:
  DataExplorerCluster should have enablePurge=true

• Ensure that Auzre DataExplorerCluster is encrypted:
  DataExplorerCluster should have enableDiskEncryption=true

Known limitations:  N/A
Affected Components:   

Azure Disk - 12:30 UTC

Type: New Entity
Description: Added support for Azure Disk in the compliance engine
GSL Examples:

• Ensure that Azure disks are encrypted:
  Disk should have properties.encryptionSettingsCollection.enabled=true

• Ensure that Azure disks are set with up to 2 shares:
  Disk should have properties.maxShares <= 2

Known limitations:  N/A
Affected Components:   

Azure Role Assignment - 12:30 UTC

Type: New Entity 
Description: Added support for Azure Role Assignment entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components:   

Azure Firewall - 12:30 UTC

Type: New Entity
Case ID: DFR-1274
Description: Added support for Azure Firewall entity in the compliance engine.
Known limitations: N/A.
Affected Components:   

Environment Missing Permissions - 11:00 UTC

Type: Bug Fix
Case ID: DFT-975
Description: Missing permissions were not visible for Gov / China Cloud Accounts.
Known limitations: N/A.
Affected Components:  

Intelligence & Threat Hunting. - Flow Logs Time Line - 12:00 UTC

Type: New Feature
Description: Added timeline to Flow Logs traffic.
Known limitations: NA. 
Affected Components:   

Intelligence & Threat Hunting. - Customize Centralize On-boarding - 12:00 UTC

Type: New Feature
Description: Added support to on-board centralized bucket with multiple sources of AWS Cloudtrail and Flow Logs.
Known limitations: NA. 
Affected Components:   

AWS SNS Platform Application - 12:00 UTC

Type: New Entity 
Description: Added support for AWS SNS Platform Application entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components:   

Azure Data Explorer - 12:00 UTC

Type: New Entity 
Description: Added support for Azure Data Explorer entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components:   

Azure HDInsight - 12:00 UTC

Type: New Entity
Description: Added support for Azure HDInsight in the compliance engine
GSL Examples:

• Ensure that HDInsight is encypted with encryptionAtHost:

  HDInsight should have properties.diskEncryptionProperties.encryptionAtHost=true

• Ensure that HDInsight supports TLS version '1.2':

  HDInsight should have properties.minSupportedTlsVersion='1.2'

Known limitations:  N/A
Affected Components:   

AWS ECS Service- 11:15 UTC

Type: Bug Fix
Case ID: DFT-955
Description: Fix 'taskDefinition' property updating issue
Known limitations:  N/A
Affected Components:   

AWS Kinesis Firehose  - 11:15 UTC

Type: New Entity
Description: Added support for AWS Kinesis Firehose in the compliance engine
Known limitations:  N/A
Affected Components:  

AWS Cloud Formation Stack  - 11:15 UTC

Type: New Entity
Description: Added support for AWS Cloud Formation Stack in the compliance engine
Known limitations:  N/A
Affected Components:  

AWS Network Firewall - 11:00 UTC

Type: New Entity
Description: Added support for AWS Network Firewall in the compliance engine:
GSL Examples:

• Ensure that Network Firewall uses the 'Flow' logtype:

  NetworkFirewall should have loggingConfiguration.logDestinationConfigs with [ logType='FLOW' ]

• Ensure that Network Firewall status is 'Ready' and is in-sync:

  NetworkFirewall should have (firewallStatus.status='READY' and firewallStatus.configurationSyncStateSummary='IN_SYNC')

Known limitations:  N/A
Affected Components:   

Azure Virtual Machine API- 08:30 UTC

Type: Bug Fix
Case ID: DFT-953
Description: Fix permission issue in GET Azure Virtual Machine by cloud account id API
Known limitations: N\A
Affected Components: 

Azure ActivityLogMonitor - 08:30 UTC

Type: Bug Fix
Case ID: DFT-965
Description: Fix Typos in ActivityLogMonitor compliance model.
Known limitations: N\A
Affected Components: 

Service Accounts - 08:30 UTC

Type: Improvement
Case ID: DFR-1273
Description: Allow to manage Service Accounts via MSP assumed roles.
Known limitations: N\A
Affected Components: 

Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  Adding new rules to AWS CloudGuard Best Practices ruleset
Known limitations: N\A
Affected Components:    

Compliance Rulesets Update - 14:00 UTC

Type: Bug Fix
Description:  Rules fixes in Terraform AWS CIS Foundations ruleset
Known limitations: N\A
Affected Components:    

Azure HDInsight - 17:00 UTC

Type: New Entity support
Description: Added support for Azure HDInsight entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components:   

K8s Agents Status Notification - 15:00 UTC

Type: Improvement
Description: New Infrastructure for K8s agents status notifications.
Known limitations: N/A
Affected Components:   

Compliance Engine - 15:00 UTC

Type: Bug Fix
Description: Infra Improvement.
Known limitations: N/A.
Affected Components:   

Compliance Engine - 15:00 UTC

Type: Bug Fix
Description: Fixed internal issues that caused assessment failures on the following entities: AWS ELB, AWS EcsService.
Known limitations: N/A.
Affected Components:   

Azure Data Fetchers - 12:30 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components:    

GCP Image - 12:00 UTC

Type: Improvement
Case ID: DFR-613
Description: Added support for GCP Image in the compliance engine:
GSL Examples:

• Ensure that Image has a sha235 key encryption:

  Image should not have imageEncryptionKey.sha256 isEmpty()

• Ensure that Image has a kms encryption:

  Image should not have imageEncryptionKey.kmsKeyName isEmpty()

Known limitations:  N/A
Affected Components:   

GCP Redis - 12:00 UTC

Type: Improvement
Case ID: DFR-613
Description: Added support for GCP Redis in the compliance engine:
GSL Examples:

• Ensure that Redis tier is equal 'STANDARD_HA':

  Redis should have tier='STANDARD_HA'

• Ensure that Redis is utilizing a valid configuration:

  Redis should not have redisConfigs isEmpty()

Known limitations:  N/A
Affected Components:   

AWS Athena Work Group - 12:00 UTC

Type: Improvement
Case ID: DFR-613
Description: Added support for AWS Athena Work Group in the compliance engine:
GSL Examples:

• Ensure that the settings for the workgroup override client-side settings:

  AthenaWorkGroup should have configuration.enforceWorkGroupConfiguration=true

• Ensure that AthenaWorkGroup is ecnrypted with 'SSE_KMS':

  AthenaWorkGroup should have configuration.resultConfiguration.encryptionConfiguration.encryptionOption='SSE_KMS'

Known limitations:  N/A
Affected Components:   

Compliance Assessment - Fixed IPV6 conversion on network functions 8:15 UTC

Type: Bug Fix
Case ID: DFT-962
Description: Fixed an issue that caused discrepancies in results when using specific IPV4 ranges on GSL network functions.
Known limitations: N\A
Affected Components: 

Log.ic - new anomalies detection for account activity- 17:50 UTC

Type: New Feature
Description:  Anomalies detection based on Machine Learning models for account activity.
Added Features:
- console login of users by the user agent and geolocation;
- user API events by geolocation and user agent
- baseline by event name or target type. 
Known limitations: N\A
Affected Components: 

System notification - Notify when local storage is disabled - 15:30 UTC

Type: Improvement
Description: Added notification when the browser local storage is disabled.
Known limitations: N\A
Affected Components: 

Status page  - Indicator improvement - 15:30 UTC

Type: Improvement
Description: Added status page incident as alert in content.
Known limitations: N\A
Affected Components: 

Compliance Assessment - Drop Down improvements - 15:30 UTC

Type: Improvement
Description: Improved the drop down selectors on run assessment page.
Known limitations: N\A
Affected Components: 

Protected Assets - Fixed Navigation Issue - 15:30 UTC

Type: Bug Fix
Description: Fixed an issue that affected routing between asset page to log.ic.
Known limitations: N\A
Affected Components: 

Azure Log.ic - Fixed Onboarding Text - 15:30 UTC

Type: Bug Fix
Description: Modified text on the Azure Log.ic steps.
Known limitations: N\A
Affected Components: 

IP Addresses - Fixed exception handling - 15:30 UTC

Type: Bug Fix
Description: Fixed exception handling on specific cases.
Known limitations: N\A
Affected Components: 

Dashboard - Fixed Gauge widget on no data - 15:30 UTC

Type: Bug Fix
Description: Fixed widget behavior on click and no data.
Known limitations: N\A
Affected Components: 

IP Addresses - Fixed exception - 15:30 UTC

Type: Bug Fix
Description: Fixed exception on specific cases.
Known limitations: N\A
Affected Components: 

Dynamic Access - Fixed filters state - 15:30 UTC

Type: Bug Fix
Description: Fixed the filters state on refresh.
Known limitations: N\A
Affected Components: 

Terraform Rulesets - Added CLI command line snippet - 15:30 UTC

Type: Improvement
Case ID: DFR-1196
Description: Added CLI snippet to copy paste easily.
Known limitations: N\A
Affected Components: 

Kubernetes Onboarding - Runtime protection support - 15:30 UTC

Type: Improvement
Case ID: DFR-1193
Description: Added Runtime protection support to the features list
Known limitations: N\A
Affected Components: 

GSL Builder - Kubernetes Categories - 15:30 UTC

Type: Improvement
Case ID: DFR-1188
Description: Adding Categories grouping to Kubernetes.
Known limitations: N\A
Affected Components: 

Cloud Accounts - Rebranding as Environments - 15:30 UTC

Type: Improvement
Case ID: DFR-1185
Description: Renaming the cloud accounts to environments.
Known limitations: N\A
Affected Components: 

Compliance engine - CFT Tab Removal - 15:30 UTC

Type: Improvement
Case ID: DFR-1053, DFR-1056
Description: Removed CFT tab from run assessment, will be possible in the future to run CFT as a platform.
Known limitations: N\A
Affected Components: 

Compliance Rulesets Update - 10:00 UTC

Type: Improvement
Description: The first release of Terraform Azure CIS Foundations, EKS CloudGuard Best Practices, Kubernetes v.1.14 CloudGuard Best Practices and CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 rulesets.  Additionally, we have made changes to existing Azure network rules:  D9.AZU.NET.26;D9.AZU.NET.18.
Known limitations: N/A 
Affected Components: 

AWS Athena - 18:00 UTC

Type: Improvement
Case ID: DFR-830
Description: Added support for AWS Athena Query executions in the compliance engine:
GSL Examples:

• Ensure that the Athena associated DB and Catalog are valid:

  Athena should not have (queryExecutionContext.catalog isEmpty() or queryExecutionContext.database isEmpty())

• Ensure that the Athena execution results are encrypted:

  Athena should have (resultConfiguration.encryptionConfiguration.encryptionOption='SSE_KMS' or resultConfiguration.encryptionConfiguration.encryptionOption='SSE_S3')

Known limitations:  Query executions are fetched for Primary Work Group.

Affected Components:   

Azure API Management Service- 18:00 UTC

Type: Improvement
Case ID: DFR-1204
Description: Added support for Azure API Management in the compliance engine:
GSL Examples:

• Ensure that the API Management Service holds a specific IP address:

  ApiManagementService should have privateIPAddresses contain [ '10.1.0.5']

• Ensure that the API Management is associated with a subnet with the 10.1.0.0/26 range:

  ApiManagementService should have virtualNetworkConfiguration contain [ getResource('Subnet', subnetResourceId) contain [addressRange = '10.1.0.0/26']]

Known limitations:  Identity property returns assigned only if it was created along with the API Management service itself. If added later, it will still return as null.

Affected Components:   

Azure Data Fetchers - 13:30 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components:    

AWS IAM Access Keys - 13:30 UTC

Type: Improvement
Description:  Infra Improvement in fetching system.
Known limitations: N\A
Affected Components:    

New toolbar action design- 14:30 UTC

Type: Improvement
Description: Redesign action toolbar for security group, user management and role management pages .
Known limitations: N/A.
Affected Components:   

404 Page - 14:30 UTC

Type: Improvement
Description: Redesign for 404 page
Known limitations: N/A.
Affected Components:   

Azure On Boarding - 14:30 UTC

Type: Update
Case ID: DFR-912
Description: Updated Azure on boarding instructions
Known limitations: N/A.
Affected Components:   

Kubernetes On Boarding - 14:30 UTC

Type: Update
Case ID: DFR-912
Description: Updated Kubernetes on boarding instructions
Known limitations: N/A.
Affected Components:   

New Data Centers - 14:30 UTC

Type: Improvement
Case ID: DFR-1139
Description: Added two new data centers for login - Europe (EU) and asia pacific (AP)
Known limitations: N/A.
Affected Components:   

Compliance Engine - AWS Personalize - 13:40 UTC

Type: Improvement
Case ID: DFR-834
Description: Added support for AWS Personalize in the compliance engine:
GSL Examples:

• Ensure AWS Personalize data encryption is active:

  Personalize should not have kmsKeyArn isEmpty()

Known limitations: N/A.
Affected Components:   

Compliance Engine - AWS Translation Terminology- 13:40 UTC

Type: New Entity
Description: Added support for AWS Translation Terminology in the compliance engine.
Known limitations: N/A.
Affected Components:   

Compliance Engine - AWS Translate - 13:40 UTC

Type: New Entity
Case ID: DFR-835
Description: Added support for AWS Translate in the compliance engine:
GSL Examples:

• Ensure translation jobs status is not failed:

  TranslationJob should not have jobStatus='FAILED'
• Ensure translation jobs has associated terminology: TranslationJob should not have terminologyNames isEmpty()

Known limitations: N/A.
Affected Components:   

Compliance Engine - AWS Transcribe Medical - 13:40 UTC

Type: New Entity
Description: Added support for AWS Transcribe Medical in the compliance engine.
Known limitations: N/A.
Affected Components:   

Compliance Engine - AWS Transcribe - 13:40 UTC

Type: New Entity
Case ID: DFR-832
Description: Added support for AWS Transcribe in the compliance engine:
GSL Examples:

• TranscribeJob should have 'wav' media format:

  TranscribeJob should have mediaFormat='wav'
• TranscribeJob should have up to 5 speaker labels defined: TranscribeJob should have settings.maxSpeakerLabels<=5

Known limitations: N/A.
Affected Components:   

Compliance Engine - Azure Activity Logs - 13:00 UTC

Type: Improvement
Case ID: DFR-877
Description: Added support for Azure Activity Log Alert Rules and Diagnostic Settings in the compliance engine:

• New entity called 'ActivityLogMonitor' contains Activity Log Diagnostic Settings and aggregated information of Activity Log Alert Rules operations.
• New entity called 'ActivityLogAlertRule' contains specific information about each Activity Log Alert Rule in the subscription.

GSL Examples:

• Ensure the Storage Container storing the Activity Logs is not publicly accessible:

  'ActivityLogMonitor should not have diagnosticSettings contain [ storageContainer.properties.publicAccess isEmpty()=false and storageContainer.properties.publicAccess!='None' ]'

• Ensure that Activity Log Alert exists for Create or Update Network Security Group:

  'ActivityLogMonitor should have alertRuleOperations contain-any [$ in ('microsoft.network/networksecuritygroups/write', 'microsoft.network/networksecuritygroups/all', 'all') ]'

Known limitations: N/A.
Affected Components:   

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
Description: First release of the  AWS NIST 800-171 and Azure NIST 800-171 rulesets.  As part of this release we have added 7 new rules across various services in AWS. Additionally we have made changes to existing rules, a complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Azure Private Endpoints - 14:00 UTC

Type: Improvement
Description: Added Azure Private Endpoints entity
Known limitations:  Entity is not available in compliance engine and protected assets page. Will be available at later release as a part of Azure Virtual Network entity.
Affected Components:   

ServiceNow App - 13:40 UTC

Type: Improvement
Description: Dome9 ServiceNow App supports Orlando version in the ServiceNow store: https://store.servicenow.com/sn_appstore_store.do#!/store/application/659f0e251b3eb30071e463d07e4bcbd9/1.1.0
Known limitations: N/A 
Affected Components: N/A

Support Private and Service endpoints properties for Azure Subnet - 14:30 UTC

Type: Improvement
Description: Added Private and Service endpoints properties for Azure Subnet entity as enrichment
Known limitations: Infra only
Affected Components:   

AWS Translation Job and AWS Translation Terminology - 14:30 UTC

Type: Improvement
Description: Added AWS Translation Jobs and AWS Translation Terminology entities
Known limitations:  Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components:   

Azure Virtual Network Gateway - 12:30 UTC

Type: Improvement
Description: Added Azure Virtual Network Gateway entity
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components:  

Service Account - API support - 15:00 UTC

Type: New Feature
Case ID: DFR-520
Description: Added internal support for service accounts.
Known limitations: Not visible on UI yet.
Affected Components:   

Compliance Engine - AWS RDS - 14:00 UTC

Type: Improvement
Description: Added sync status information for AWS RDS option groups and parameter groups.
Known limitations: N/A.
Affected Components: