Page Comparison

Compliance Rulesets Update - 16:00 UTC

Type: Improvement

Description:  Adding new rules to the Azure best practices ruleset. A complete list can be found here. 
Known limitations: N/A 
Affected Components: 

Serverless - Generate Obsolete Runtime Task - 15:00 UTC

Type: Improvement
Description: For the functions with runtimes, that have reached end of support from AWS, an ObsoleteRuntimeTask will be created to notify the user that the account has the functions with unsupported runtimes. The task will have an information how to resolve that.

Please visit the link below for information on runtime end of support dates.
https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html

Known limitations: N/A 
Affected Components:   

Serverless - Dot-net auto protect bug fix - 15:00 UTC

Type: Bug Fix
Description: Update Dot-net FSP instrumentation libraries to latest version.
FSP has been changed. the new version: 1.5.60
Known limitations: N/A 
Affected Components:   

Azure Cosmos DB - 15:00 UTC

Type: Improvement
Case ID: DFR-2028
Description: Added the following properties to Azure Cosmos DB in compliance engine.

• isVirtualNetworkFilterEnabled

• keyVaultKeyUri

• privateEndpointConnections

• publicNetworkAccess

• virtualNetworkRules

Known limitations: N/A  
Affected Components:  

Serverless - fix list append - 16:00 UTC

Type: Bug Fix
Description: Bug fix in k8s whitelist creation
Known limitations: N/A 
Affected Components:   

Serverless - profile according to callstack info  - 16:00 UTC

Type: Improvement
Description: Add support for callstack profiling and enforcement in Kubernetes - parent process/process that generate network activity.
Known limitations: N/A 
Affected Components:   

Serverless - intercept csharp function with harmony - 16:00 UTC

Type: Improvement
Description: Intercept azure function using Harmony
FSP has been changed. the new version: 1.5.59
Known limitations: N/A 
Affected Components:   

AWS IAM User - 11:30 UTC

Type: Bug Fix
Case ID: DFT-1359
Description: Set consistent order for the IAM access keys in compliance engine 
Known limitations: N/A 
Affected Components: 

AWS Red Shift & AWS IAM User - 11:30 UTC

Type: Improvement 
Description: Improve error handling in the compliance engine.
Known limitations: N/A 
Affected Components: 

Serverless - Added support for kafka and mq triggers - 15:00 UTC

Type: Improvement
Description: Added support for kafka and mq triggers when generating suggested roles .
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html
Known limitations: N/A 
Affected Components:   

Serverless - Proact - Get token from env var - 15:00 UTC

Type: Improvement
Description: You can now use `CLOUDGUARD_ACCESS_TOKEN` environment variable to provide the token to cloudguard tool.
Earlier only config file and command line parameters were supported.
Known limitations: N/A 
Affected Components:   

Serverless - get function errors - HF - 15:00 UTC

Type: Bug Fix
Description: Serverless lambda errors (fsp injector, log subscription, inside vpc)
Serverless azure function app errors
Known limitations: N/A 
Affected Components:   

Serverless - WRP auto identify os distribution - 15:00 UTC

Type: Improvement
Description: Implement loader which responsible for identifying container OS, and initialize appropriate (per OS) libosfsp.so
FSP has been changed. the new version: 1.5.52
Known limitations: N/A 
Affected Components:   

Serverless - FSP node14.x support aws - 15:00 UTC

Type: Improvement
Description: AWS is obsoleting node10.x runtime. We have removed Cloudguard FSP support for node10.x runtime and added support for node14.x. It is recommended to use latest nodejs runtime to continue protecting your functions with FSP.
FSP has been changed. the new version: 1.5.57
Known limitations: N/A 
Affected Components:   

AWS IAM Credentials Report - 14:00 UTC

Type: Bug Fix
Description: Fixed an internal issue that caused a failure to generate the credentials report in some cases.
Known limitations: N/A 
Affected Components:   

Azure Insights - 12:00 UTC

Type: Improvement
Description: Infra Improvement for Azure Insights data fetcher.
Known limitations: N\A
Affected Components:  

Shiftleft - Ignoring un relevant file types- 9:30 UTC
Type: Improvement
Description: Internal change in order to ignore not relevant files.
Known limitations: N/A 
Affected Components: 

Alibaba RAM Password Policy - 17:00 UTC

Type: Bug Fix
Description: Rename property from 'ramPolicyPasswordId' to 'policyPasswordId' in compliance engine
Known limitations: N/A 
Affected Components: 

Alibaba KMS - 17:00 UTC

Type: Bug Fix
Description: Change 'automaticRotation' property from date time to string type in compliance engine
Known limitations: N/A 
Affected Components: 

Support AWS Osaka Japan Region - 17:00 UTC

Type: Improvement
Description: Added support for Osaka region.
Known limitations: N/A 
Affected Components: 

AWS Application and Network Load Balancer - 16:00 UTC

Type: Improvement
Description:  Internal performance improvement
Known limitations: N/A 
Affected Components: 

Alibaba RDS - 13:00 UTC

Type: Improvement
Description: Adjust db type and version enrichment fetching for Alibaba RDS.
Known limitations: N\A
Affected Components:  

AWS Application Auto Scaling Policy - 13:00 UTC

Type: New Entity
Case ID: DFR-1653
Description: Added support for AWS Application Auto Scaling Policy in protected assets and compliance engine.
Known limitations: N\A
Affected Components:    

EntityFetchStatus API - 13:00 UTC

Type: Improvement
Description: Internal performance enhancement for the GET request in EntityFetchStatus API.
Known limitations: N\A
Affected Components: 

Service Account - 13:00 UTC

Type: Improvement
Case ID: DFT-1321
Description: Allow to manage service accounts via SSO JIT users.
Known limitations: N\A
Affected Components: 

Intercom - 16:45 UTC

Type: Bug Fix
Description: Added default value for 'registered by' property.
Known limitations: N/A 
Affected Components: 

Support Alibaba Region - China Guangzhou - 15:30 UTC

Type: Improvement
Description: Added support for China Guangzhou region.
Known limitations: N/A 
Affected Components: 

Update Image Risk Score - 12:30 UTC

Type: Improvement
Description: ImageScan result will now feature an Image Risk Score value in the CVSS format of 0-10.0.
Image Risk Score will denote an image’s overall risk potential.
Known limitations: N/A 
Affected Components: 

Serverless - optimise se q flow - 14:00 UTC

Type: Improvement 
Description: Optimize security events handling flow, to prevent delay of processing and display.
Known limitations:  N\A
Affected Components: 

Serverless - Azure python post deploy instrumentation - 14:00 UTC

Type: New Feature
Description: FSP can now be added to an already deployed Azure function app. This support is currently enabled for Python runtime (Linux containers).
Known limitations:  N\A
Affected Components: 

Serverless - Azure post deploy premium - 14:00 UTC

Type: Improvement 
Description: Added support for Azure post deploy functionality for premium and app service plans.
Known limitations:  N\A
Affected Components: 

Serverless - Add dynamic signatures fetch - 14:00 UTC

Type: New Feature
Description: Dynamic update of k8s signatures from Check Point Research team.
Known limitations:  N\A
Affected Components: 

AWS S3 Bucket - 14:00 UTC

Type: Improvement 
Description: Added property 'arn' to AWS S3Bucket entity.
Known limitations:  N\A
Affected Components: 

GCP IAM Group - 12:30 UTC

Type: Bug Fix
Description: Fixed an issue that caused GcpIamGroup.groupData property to be empty.
Known limitations:  N\A
Affected Components: 

GCP IAM User - 10:30 UTC

Type: Improvement 
Description:  

• Added 'roles' property in the compliance engine. 
  This property holds all the roles assigned to the user directly on the onboarded project.

• Added 'userData.groups' property in the compliance engine.
  This property includes holds all groups the user is member in and in the same domain.

Known limitations:  Roles are not include organization inheritance
Affected Components: 

GCP IAM Role - 10:30 UTC

Type: New Entity 
Description:  Added support for GCP Project IAM Role (custom and predefined) including the role permissions in the compliance engine
Known limitations:  N\A
Affected Components: 

GCP VM Instance- 10:30 UTC

Type: Improvement 
Description:  Added 'sourceImage' and 'sourceImageId' properties for each GCP VM Instance Disk in the compliance engine
Known limitations:  N\A
Affected Components: 

GCP Disk - 10:30 UTC

Type: New Entity
Description:  Added support for GCP Disk in the compliance engine
Known limitations:  N\A
Affected Components: 

GCP Image - 10:30 UTC

Type: Improvement
Description:  Added 'creationTimestamp' property for GCP Image in the compliance engine
Known limitations:  N\A
Affected Components: 

GCP Project - 10:30 UTC

Type: Improvement
Case ID: DFR-1698
Description:  Added 'enabledServices' property for GCP Project in the compliance engine
Known limitations:  N\A
Affected Components: 

Azure Function App and Web App - 10:30 UTC

Type: Improvement
Case ID: DFR-1572
Description:  Added 'appServicePlan' property for Azure Function App and Web App in the compliance engine
Known limitations:  N\A
Affected Components: 

Compliance Backend Functionality enhancement - 14:00 UTC

Type: Improvement
Description:  Adding Backend functionality in order to support a new cloud vendor.
Known limitations: N/A 
Affected Components: 

FSP version visibility - 08:00 UTC

Type:  New Feature
Case ID:  PROT-713
Description:  Adding a new visibility for each AWS lambda that’s use FSP, to get the FSP version.
The purpose of this feature is that in the next step we will have the ability to set the FSP version manually.
Known limitations:  N/A
Affected Components: 

Azure Event Hub Namespace - 13:30 UTC

Type: New Entity
Case Id: DFR-1401
Description: Added support for Azure Event Hub Namespace in the compliance engine
GSL Examples:

• Ensure that Azure EventHubNamespace is encrypted:

  EventHubNamespace should not have encryption.keyVaultProperties isEmpty()

Known limitations:  N/A
Affected Components:   

AWS Update Credentials API - 13:30 UTC

Type: Bug Fix
Case Id: DFT-1057
Description: Fixed an issue for handling empty cloud account in user based credentials.
Known limitations: N/A.
Affected Components:  

PREVIEW

Log.ic - Azure Activity Logs - 15:30 UTC

Type: New Feature
Description: Added Log.ic support on Azure Storage, Audit, Signin, Activity Logs.
Known limitations: Currently in Early Availability 
Affected Components: 

GCP App Engine - 11:00 UTC

Type: New Entity
Case ID: DFR-608
Description: Added support for GCP App Engine in the compliance engine
GSL Examples:

• Ensure that GCP AppEngine utilizes Identity-Aware Proxy:       
     AppEngine should have iap.enabled=true

Known limitations:  N/A
Affected Components:   

Azure HDInsight - 11:00 UTC

Type: Improvement
Case ID: DFR-1436
Description: Region and location properties were converted into lower case strings
Known limitations:  N/A
Affected Components: