Extended Release Notes

improvement AWS Cloud Formation Stack - 13:00 UTC

Description: Reduced the amount of DescribeStack API calls, same data s fetched.
Case ID: DFT-4191
Known limitations: N/A
Affected Components:

IMprovement Risk Management Protected Assets Toxic Combinations column UI change - 16:00 UTC

Description: Changed how the Toxic Combination data is represented in the column.
Case ID: CNAPP-10677
Known limitations:
Affected Components: Risk management

feature Asynchronous Assessment run over multiple cloud accounts - 00:40 UTC

Description: Add new microservice to support asynchronous assessment run for multpile cloud accounts.
Case ID: CNAPP-10241, CNAPP-9993, DFT-3489
Known limitations: Pending UI deployment.
Affected Components: compliance engine

feature Asynchronous Assessment run over multiple cloud accounts - 22:30 UTC

Description: Add new API to support asynchronous assessment run for multpile cloud accounts.
Case ID: CNAPP-10239, CNAPP-10240
Known limitations: N/A
Affected Components: compliance engine

improvement GCP Asset Inventory fetching system - 11:00 UTC

Description: General improvement to the GCP Asset Inventory fetching system, including state machine for flow management and architecture update.
Case ID: CNAPP-9417
Known limitations: N/A
Affected Components:

improvement Teams and Slack immediate finding integrations - 22:20 UTC

Description: Alert ID field added to integrations modal.
Case ID: CNAPP-9370
Known limitations: N/A
Affected Components: integrations

feature GCP Asset Inventory Mongo Updater - 13:00 UTC

Description: New component - GcpAssetInventoryMongoUpdater. Designated to sync Asset Inventory entities with to the latest exported version.
Case ID: CNAPP-7819
Known limitations: Only for Prod EU - Customers may experience duplicated BigQueryTable entities in the following 24h.
Affected Components:

feature GCP Additional fetching system - 13:00 UTC

Description: Some assets are now fetched using a new fetching system.
Case ID: CNAPP-8525
Known limitations: GCP Asset Inventory API permission should be given
Affected Components: protected assets compliance engine fetchers

improvement Minor UI improvements in ERM, CDR, and CIEM areas - 11:00 UTC

Description: Did various minor UI fixes and improvements around the aforementioned areas (e.g. You can now click the environment in the CDE Event popup)
Case ID: CNAPP-7973, CNAPP-7962
Known limitations: N/A
Affected Components: UI

improvement Azure SDK Upgrade - 05:40 UTC

Description: Upgraded Azure SDK for Azure Redis.
Case ID: CNAPP-8895
Known limitations: N/A
Affected Components: fetchers

improvement Compliance Engine - 01:05 UTC

Description: Internal Improvement of closing findings.
Case ID: CNAPP-8189, CNAPP-7645
Known limitations: N/A
Affected Components: compliance engine

improvement Azure SDK Upgrade - 05:40 UTC

Description: Upgraded Azure SDK for: Application Gateway & Azure Log Monitor
Case ID: CNAPP-8894
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS Fetchers - 14:30 UTC

Description: Added Azure Token Lambda exception support for Azure fetchers' permission retry mechanism.
Case ID: CNAPP-8664
Known limitations: N/A
Affected Components: fetchers

improvement Azure SDK Upgrade - 06:40 UTC

Description: Upgraded Azure SDK for: Azure WebApp and Azure Function App
Case ID: IN-8043
Known limitations: N/A
Affected Components: fetchers

Improvement Teams and Slack single findings - 00:50 UTC

Description: Added Namespace field for teams and slack single findings.
Case ID: CNAPP-8799, CNAPP-8819
Known limitations: Security Events
Affected Components: compliance engine

Improvement Minor fixes in ERM and Protected Assets UI - 12:00 UTC

Description: Various cosmetic and performance fixes in the UI.
Case ID: CNAPP-8222
Known limitations: N/A
Affected Components: protected assets UI

improvement Azure Fetchers - 10:15 UTC

Description: Updated client initialization on expired token for:

Microservices/AzureActivityLogAlert
Microservices/AzureActivityLogDiagnosticSetting
Microservices/AzureApplicationGateway
Microservices/AzureDataExplorer
Microservices/AzureEventHubNamespace
Microservices/AzureHDInsight
Microservices/AzureKeyVault
Microservices/AzureMySqlDbFlexibleServerConfig
Microservices/AzureRedis
Microservices/AzureServiceFabricCluster
Microservices/AzureSqlServer
Microservices/AzureStorage
Microservices/AzureStorageBlobContainer
Microservices/AzureStorageBlobServices
Microservices/AzureStorageFileServices
Microservices/AzureStorageQueueServices
Microservices/AzureStorageTableServices
Microservices/AzureVirtualMachine
Microservices/AzureVirtualMachineScaleSet
Case ID: CNAPP-8403
Known limitations: N/A
Affected Components: fetchers

improvement Integration Audit Throttler - 02:00 UTC

Description: Add throttling mechanism for integration event auditing
Case ID: CNAPP-8317
Known limitations: N/A
Affected Components: compliance engine

feature Elastic Search Alias Support - 12:00 UTC

Description: Alias support was added for the asset indexer cluster, meaning we are now reading and writing from the alias, and not from the index.
Case ID: CNAPP-8525
Known limitations: N/A
Affected Components: protected assets

IMPROVEMENT FetchingRunStatus - 8:45 UTC

Description: Updated FetchingRunStatus to use sqs-batch-deletion.
Case ID: IN-8648
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Azure Fetchers - 14:00 UTC

Description: Removed ‘clientId’ dependencies from Azure fetchers.
Case ID: CNAPP-8646
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS Fetchers - 9:30 UTC

Description: Updated the AWS fetchers' microservices to use sqs-delete-in-batches.
Case ID: CNAPP-8555
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Azure Fetchers - 8:00 UTC

Description: Updated the Azure fetchers' microservices to use sqs-delete-in-batches.
Case ID: CNAPP-8554
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT GCP Fetchers - 8:00 UTC

Description: Updated the GCP fetchers' microservices to use sqs-delete-in-batches.
Case ID: CNAPP-8553
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Alibaba Fetchers - 8:00 UTC

Description: Updated the following microservices to use sqs-delete-in-batches:

Microservices/AlibabaOssBucket
Microservices/AlibabaRamRole
Microservices/AlibabaRamUser
Microservices/AlibabaSecurityGroup
Microservices/AlibabaSlb
Microservices/AlibabaVpc
Case ID: CNAPP-8552
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Slack Formatter - single findings - 01:00 UTC

Description: Add new MS - SlackFormatter.
Case ID: CNAPP-7276, CNAPP-7497
Known limitations: N/A
Affected Components: compliance engine integrations

IMPROVEMENT Generic Fetchers - 8:00 UTC

Description: Updated the following microservices to use sqs-delete-in-batches:

Microservices/AlibabaGenericEntity
Microservices/AwsGenericEntity
Microservices/AzureGenericEntity
Microservices/GcpGenericEntity
Microservices/OciGenericEntity
Case ID: CNAPP-7889
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENTAzure Token Generator - 06:30 UTC

Description: Updated Azure’s Network Security Group fetcher and Azure’s Virtual Network Peering token generator implementations.
Case ID: CNAPP-8285, CNAPP-8284
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENTAzure Token Generator - 13:00 UTC

Description: Upgraded Azure Storage Account internal client to use Azure Token Generator.
Case ID: CNAPP-8289
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENTAzure Token Generator - 7:15 UTC

Description: Upgraded Azure KeyVault internal client to use Azure Token Generator.
Case ID: CNAPP-8288
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Teams Formatter - single findings - 00:40 UTC

Description: Add new MS - TeamsFormatter.
Case ID: CNAPP-7496
Known limitations: N/A
Affected Components: compliance engine integrations

IMPROVEMENT Minor UI changes in the Security Issues page - 00:40 UTC

Description: Added the table footer and some more minor internal changes.
Case ID: CNAPP-8218
Known limitations: N/A
Affected Components: UI Risk Management

IMPROVEMENT Azure Token Generator - 11:10 UTC

Description: The following microservices' AzureBaseArmClientWrapper were upgraded to use the Azure Token Generator:

Microservices/AzureVirtualNetwork
Microservices/AzureVirtualNetworkGateway
Microservices/AzureFirewall
Microservices/AzureLoadBalancer
Microservices/AzurePrivateEndpoint
Microservices/AzurePublicIPAddress
Microservices/AzureRegionalWAF
Microservices/AzureBastion
Case ID: CNAPP-6773
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Azure Token Generator - 7:25 UTC

Description: The following microservices' AzureBaseClientWrapper were upgraded to use the Azure Token Generator:

Microservices/AzureActivityLogAlert
Microservices/AzureActivityLogDiagnosticSetting
Microservices/AzureApplicationGateway
Microservices/AzureDataExplorer
Microservices/AzureEventHubNamespace
Microservices/AzureHDInsight
Microservices/AzureKeyVault
Microservices/AzureMySqlDbFlexibleServerConfig
Microservices/AzureRedis
Microservices/AzureServiceFabricCluster
Microservices/AzureSqlServer
Microservices/AzureStorage
Microservices/AzureStorageBlobContainer
Microservices/AzureStorageBlobServices
Microservices/AzureStorageFileServices
Microservices/AzureStorageQueueServices
Microservices/AzureStorageTableServices
Microservices/AzureVirtualMachine
Microservices/AzureVirtualMachineScaleSet
Case ID: CNAPP-6775
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Azure Token Generator - 7:05 UTC

Description: Upgraded the following microservices' AzureApiWrapper to use the Azure Token Generator:

Microservices/AzureApplicationGateway
Microservices/AzureApplicationSecurityGroup
Microservices/AzureCosmosDbAccount
Microservices/AzureFunctionApp
Microservices/AzureLocks
Microservices/AzureLogicApp
Microservices/AzureNetworkInterface
Microservices/AzurePostgreSQL
Microservices/AzureResourceGroup
Microservices/AzureRouteTable
Microservices/AzureServiceBus
Microservices/AzureSubnet
Microservices/AzureWebApp
Case ID: CNAPP-6774
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT GCP New Fetching System - 10:00 UTC

Description: Added integration between the current GCP project onboarding’s API to the new GCP system fetching system.
Case ID: CNAPP-7761
Known limitations: The new fetching system is not active in US an EU production environments yet.
Affected Components: fetchers api

IMPROVEMENT Risk Management - 12:00 UTC

Description: Internal changes in the way we gather CVEs, Threats and Secrets counters when calculating the risk score of assets.
Case ID: CNAPP-4802
Known limitations: N/A
Affected Components: risk management

IMPROVEMENT Aws ECS Task - 11:00 UTC

Description: Align ECS task data for all clients in Elastic Search with MongoDB data as some entities where deleted but still left in Elastic Search.
Case ID: DFT-3485
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Internal Integrations Improvement - 01:15 UTC

Description: Internal Improvement in the CSPM Integrations Flow.
Case ID: CNAPP-6296
Known limitations: N/A
Affected Components: compliance engine

IMPROVEMENT Azure DDD - 11:30 UTC

Description: Migrate AzureBaseNoResourceGroupFetcher and its dependent micro services together for inventory azure DDD initiative.

Case ID: IN-8559
Known limitations: N/A
Affected Components: fetchers protected assets

FIX Generic Entities - 9:30 UTC

Description: Update entity with new additional fields, not only from generic configuration, but also form handlers in the code.
Case ID: DFT-3217
Known limitations: N/A
Affected Components: PROTECTED ASSETS

IMPROVEMENT Protected Assets API - 11:00 UTC

Description: Internal error handling changes in Protected Assets API.
Case ID: CNAPP-7511
Known limitations: N/A
Affected Components: API

FIX Context graph - 16:00 UTC

Description: Fixed an issue where the context graph for some AWS entities would display an incorrect route table.
Case ID: DFT-3040, CNAPP-4785
Known limitations: N/A
Affected Components: UI

IMPROVEMENT Various UI changes in the Risk Management area - 16:00 UTC

Description: Changed some icons, texts, and spacings.
Case ID: CNAPP-6557
Known limitations: N/A
Affected Components: UI

IMPROVEMENT Internal Improvement - 03:10 UTC

Description: Internal Logging Improvement of Security Event.
Case ID: CNAPP-7547
Known limitations: N/A
Affected Components: compliance engine

IMPROVEMENT Internal Improvement - 02:00 UTC

Description: DDD - Teams and Slack Notifications.
Case ID: CNAPP-7110
Known limitations: N/A
Affected Components: compliance engine

IMPROVEMENT Internal Improvement - 23:45 UTC

Description: DDD - Teams and Slack Notifications.
Case ID: CNAPP-7109
Known limitations: N/A
Affected Components: compliance engine

IMPROVEMENT SyncNow will not trigger AWS generic fetching for excluded vendors - 12:15 UTC

Description: Align the behavior of SyncNow with the regular flow to ignore excluded vendors. For now, the fix will affect only for AWS generic entities.
Case ID: IN-8588
Known limitations: Not working yet in Azure & OCI (not relevant for GCP & Alibaba which have only one cloud vendor), and only for generic entities.
Affected Components: fetchers

IMPROVEMENT Azure DDD - 11:30 UTC

Description: Migrate GenericEntityFetcher and its dependent infra together for inventory azure DDD initiative.

Case ID: IN-8561
Known limitations: N/A
Affected Components: fetchers protected assets

IMPROVEMENT Azure Generic Fetcher - 11:30 UTC

Description: Azure generic fetcher was upgraded. Tokens are now pulled from the AzureTokenGenerator Lambda instead of being issued individually on the microservice.

Case ID: CNAPP-6772
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Azure DDD - 12:15 UTC

Description: Migrated all the Micro Services that are related to the AzureBaseFetcherV3 fetcher to use new inventory tenant level fetcher (with DDD approach):

Case ID: IN-8560
Known limitations: N/A
Affected Components: fetchers protected assets

IMPROVEMENT Azure DDD - 12:15 UTC

Description: Migrated all the Micro Services that are related to the IConsumer fetcher to use new inventory tenant level fetcher (with DDD approach):

Case ID: IN-8562
Known limitations: N/A
Affected Components: fetchers protected assets

IMPROVEMENT Azure Fetchers - 09:30 UTC

Description: Azure fetchers were upgraded for 28 entities - All that are using Inventory's AzureRestApi/AzureGraphApi wrappers.
Tokens are now pulled from the AzureTokenGenerator Lambda instead of being issued individually on each MS .

Case ID: CNAPP-6771
Known limitations: N/A
Affected Components: fetchers

fixed Azure MySQL Flexible Server - 08:20 UTC

Description: Update API version and Schema of Azure MySQL Flexible Server.
Case ID: IN-8094
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Azure DDD - 09:30 UTC

Description: Migrated all the Micro Services that are related to the AzureBaseNoResourceGroupFetcherV2 base fetcher to use new inventory tenant level fetcher (with DDD approach):

Case ID: IN-8534
Known limitations: N/A
Affected Components: fetchers protected assets

IMPROVEMENT Azure DDD - 14:30 UTC

Description: Migrated all the Micro Services that are related to the base fetcher listed below to use new inventory tenant level fetcher (with DDD approach):

• AzureRestApiFetcher

• AzureBaseFetcher

• AzureBaseFetcherV2

Case ID: IN-8500, IN-8501, IN-8518
Known limitations: N/A
Affected Components: fetchers protected assets

IMPROVEMENT Update support in China for Azure services - 10:15 UTC

Description: Update Azure unsupported services - all China or specific regions in China.
Case ID: CNAPP-5048
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Rearrange AWS Read Only On-Boarding IAM Policy - 11:00 UTC

Description: Remove redundant permissions that are already included in Security Audit IAM policy.
Case ID: IN-8506
Known limitations: N/A
Affected Components: oboarding

IMPROVEMENT Azure DDD - 14:30 UTC

Description: Migrated all the Micro Services that are related to the base fetcher listed below to use new inventory tenant level fetcher (with DDD approach):

• AzureEnrichedBaseFetcher

• AzureRestApiFetcherV2

• AzureRestApiFetcherV3

Case ID: IN-8450, IN-8452, IN-8451
Known limitations: N/A
Affected Components: fetchers protected assets

fixed AwsEc2Instance api get-by-id - 08:20 UTC

Description: Fixed query of AwsEc2Instance api get-by-id to get the correct account ID.
Case ID: IN-3351
Known limitations: N/A
Affected Components: api

IMPROVEMENT Account / Environment Deletion - 09:30 UTC

Description: Internal notification changes for account and environment deletion APIs.
Case ID: CNAPP-5605
Known limitations: N/A
Affected Components: API MSP

fixed AWS Generic Fetcher - 10:40 UTC

Description: Throw an error on unsupported property type in AWS fetcher
Case ID: IN-5317
Known limitations: N/A
Affected Components: FETCHERS

fixed Basic Enrichment - 10:45 UTC

Description: Added support for {resourceGroupName} in basic enrichment.
Case ID: IN-8449
Known limitations: N/A
Affected Components: FETCHERS

fixed Azure Generic Fetcher - 10:45 UTC

Description: Added Null Check in Bson Document manipulation.
Case ID: IN-8467
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Compliance Integrations - Log Additional Information - 00:30 UTC

Description: Additional Information for compliacne integrations logs was added.
Case ID: DFT-3051, CNAPP-5019
Known limitations: N/A
Affected Components: notification

IMPROVEMENT Compliance Notifications - Send Finding On Each Occurrence For Security Event- 01:40 UTC

Description: Add functionality to support security events from non-posture flows (without assessments), to send findings to notification integrations for each occurrence
Case ID: DFR-2773, CNAPP-4858
Known limitations: Protected by feature flag and will be opened to single account for Intelligence flow.
Affected Components: eventsnotification

IMPROVEMENT Azure DDD - Tenant Level Fetcher - 14:30 UTC

Description: Migrated azure Tenant Level Micro Services to use new inventory tenant level fetcher (with DDD approach)
Case ID: IN-8220
Known limitations: N/A
Affected Components: fetchers compliance engineprotected assets

IMPROVEMENT Azure Network Exposure - 10:00 UTC

Description: Internal changes in Azure Network Exposure calculation. Preparation to support FunctionApp.
Case ID: CNAPP-4802
Known limitations: N/A
Affected Components: RISK MANAGEMENT

IMPROVEMENT Azure DDD - Access Review Schedule Migration- Tenant Level Fetcher - 10:00 UTC

Description: Migrated Azure Access Review Schedule Micro Service to use new inventory tenant level fetcher.
Case ID: IN-8218
Known limitations: N/A
Affected Components: fetchers compliance engineprotected assets

FIX Minor UI adjustments and fixes in Risk Management - 13:00 UTC

Description: Fixed the behavior of the “favorites” button in all the risk management pages and some other minor fixes.
Case ID:
Known limitations: N/A
Affected Components: UI

IMPROVEMENT Minor UI adjustments in Risk Management Dashboard - 10:00 UTC

Description: Changed the order between critical and high colored bars, and some other fixes.
Case ID: CNAPP-3778
Known limitations: N/A
Affected Components: UI

IMPROVEMENT Fetchers - Improve SumoLogic Terraform - 8:30 UTC

Description: Improved SumoLogic components Terraform structure.
Case ID: CNAPP-2492
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Azure AD Cond Access Named Location, Azure AD Access Reviews Schedule Definition, Azure AD Cond Access Policy - 10:00 UTC

Description: Fixed a JsonSerializationException in AzureADCondAccessNamedLocation, AzureADAccessReviewsScheduleDefinition, AzureADCondAccessPolicy.
Case ID: IN-8103
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Supported classic builder for Azure Generic Entity framework - 10:00 UTC

Description: Added support for classic builder in AzureGenericEntity framework.
Case ID: IN-8178
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS Generic Fetcher - 12:00 UTC

Description: Added support for not matching request and response pagination parameters.
Case ID: IN-8204
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Permission error classification - 11:00 UTC

Description: Classified “is not authorized to perform assume role” error as permission error
Case ID: IN-7931
Known limitations: N/A
Affected Components:

fixed Generic entity - Allowed exceptions - 14:30 UTC

Description: Added allowed exception configuration to the generic entity scheme.
Case ID: IN-8125
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT GSL field rename - 11:00 UTC

Description: Renamed the field riskModifiers to additionalInfo in all relevant entities.
Case ID: CNAPP-1694
Known limitations: N/A
Affected Components: ERM

IMPROVEMENT Migrate AzureSubnet to Inventory azure domain - 11:00 UTC

Description: Migrate first Azure MS to Inventory azure domain - AzureSubnet
Case ID: IN-8064
Known limitations: N/A
Affected Components: FETCHERS

fixed Azure ADCondAccessNamedLocation - 18:00 UTC

Description: Fixed a JsonSerializationException in AzureADCondAccessNamedLocation.
Case ID: IN-8057
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Support China - Fix .NET Code self-built ARNs - 14:15 UTC

Description: Fix self-built ARNs in MSs' .NET Code, to support Cloud Guard on China.
Case ID: CNAPP-1142
Known limitations: N/A
Affected Components: FETCHERS compliance engine protected assets

IMPROVEMENT API Calls Spreading - 09:00 UTC

Description: Producers' WorkItems are now published with an account offset which spreads the workload across time, preventing the high peaks we had due to the different polling mechanisms that we have.
Case ID: IN-1328, IN-7795
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Support China - Fix Terraform self-built ARNs - 07:00 UTC

Description: Fix self-built ARNs in MSs' Terraform, to support CloudGuard on China.
Case ID: CNAPP-843
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Azure SDK version upgrade - 12:25 UTC

Description: Upgraded the SDK to retrieve information from Azure for the mentioned services.
AzureBastion, AzureFirewall, AzureLoadBalancer, AzurePrivateEndpoint, AzurePublicIPAddress, AzureRegionalWAF, AzureStorage, AzureVirtualMachine, AzureVirtualNetworkGateway
Case ID: IN-7936
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Missing Permissions - 14:25 UTC

Description: Internal improvement, cleanup and testing, for ignorable missing permissions.
Case ID: PLAT-8492
Known limitations: N/A
Affected Components: missing permissions

IMPROVEMENT Fetchers - Read from secondary Mongo in same AZ only - Prod - 11:45 UTC

Description: Added mechanism to use secondary Mongo in same availability zone.
Case ID: IN-8044
Known limitations: N/A
Affected Components: FETCHERS

fixed AWS VPC Flow Log 15:00 UTC

Description: Fixed an issue where NullExceptions were preventing new AwsVpcFlowLog entities from being added to the DB.
Case ID: IN-5440
Known limitations: N/A
Affected Components:

IMPROVEMENT Code decupling - Removed old files of Inventory from legacy projects 10:15 UTC

Description: Code decupling - removed old files of Inventory from legacy projects and added references to Inventory new libraries or to the CGN.Common libraries.
Case ID: IN-7772
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Fetchers - Split Sumo SourceCategory into several fields in SumoLogic - 16:00 UTC

Description: Changed sourceCategory to be identical for all Inventory Components, and added three new filterable fields: microserviceName, businessFlow & Vendor.
Case ID: IN-7339
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Fetchers - Read from secondary Mongo in same AZ only - Stage testing - 16:00 UTC

Description: Added mechanism to use secondary Mongo in same availability zone.
Case ID: IN-3851
Known limitations: N/A
Affected Components: FETCHERS

fixed AwsIamUserAttachedPolicyRelation - 07:00 UTC

Description: A migration was done to AwsIamUserAttachedPolicyRelation entities, old entities that were holding AwsIamRoleAttachedPolicyRelation SRLs were migrated to hold the new SRL form.
Case ID: IN-8018
Known limitations: N/A
Affected Components:

fixed Minor UI fixes in Risk Management pages - 14:30 UTC

Description: Fixed various display issues mainly in the Protected Assets table and the Protected Asset page of Risk Management
Case ID: SEC-1076, SEC-1115, SEC-1108
Known limitations: N/A
Affected Components: ERM

fixed AwsIamUserAttachedPolicyRelation - 11:30 UTC

Description: An issue where AwsIamUserAttachedPolicyRelation entities were issued with AwsIamRoleAttachedPolicyRelation’s SRLs was fixed.
Case ID: IN-7756
Known limitations: N/A
Affected Components: FETCHERS

fixed Deprecated API for GCP Essential contact - 07:30 UTC

Description: Changed deprecated API for GCP Essential contact.
Case ID: IN-7952
Known limitations: N/A
Affected Components: FETCHERS

fixed AzureADCondAccessPolicy - 07:30 UTC

Description: Fixed a JsonSerializationException in AzureADCondAccessPolicy.
Case ID: IN-7993
Known limitations: N/A
Affected Components:

IMPROVEMENT GSL2 Connectors - 07:30 UTC

Description: Updates to the rule parser to log connectors at the bundle level instead of the rule level, to reduce logs
Case ID: IN-7697
Known limitations: N/A
Affected Components: compliance enginecompliance ruleset

IMPROVEMENT Azure Storage - 07:30 UTC

Description: Upgraded the SDK to retrieve advanced threat protection settings for Azure storage accounts.
Case ID: IN-7080
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Enable health check in all fetchers - 14:00 UTC

Description: Enable health check with self healing in all fetchers.
Case ID: IN-7195
Known limitations: N/A
Affected Components: FETCHERS

fixed Minor UI fixes in ERM Dashboard - 14:20 UTC

Description: Fixed title and By Type chart sort
Case ID: SEC-1010
Known limitations: N/A
Affected Components:

IMPROVEMENT AWS Generic Fetcher 9:30 UTC

Description: The "StringsListResponsePropertyToInitiate" property was deprecated from ApiConfig configurations for AWS Generic Fetcher.
Case ID: IN-7740
Known limitations: N/A
Affected Components: FETCHERS

FEATURE Added Network Exposure to GSL - 09:20 UTC

Description: The Network Exposure property is now supported in GSL queries.
Case ID: SEC-990
Known limitations: N/A
Affected Components: GSL

fixed Azure App Registration Bug fix - 17:20 UTC

Description: Fixed null reference
Case ID: IN-7911
Known limitations: N/A
Affected Components:

fixed health check for all fetchers - 17:20 UTC

Description: Fix parameters for health check with self healing in all fetchers.
Case ID: IN-7195
Known limitations: N/A
Affected Components: FETCHERS

feature Assets with open findings report OCI support - 13:00 UTC

Description: Added support for OCI entities with open findings, now the assets with open findings report will include them as well.
Case ID: IN-6641, IN-7680, DFR-2526
Known limitations: N/A
Affected Components:

IMPROVEMENT Add health check for all fetchers - 14:00 UTC

Description: Added ability to health check with self healing in all fetchers.
Case ID: IN-7195
Known limitations: N/A
Affected Components: FETCHERS

fixed Assets With Open Findings Report - 11:00 UTC

Description: Fixed assets with open findings report bad gateway exception
Case ID: IN-7789
Known limitations: N/A
Affected Components:

fixed AccountsPollingInterval - 11:00 UTC

Description: Fixed a bug related to the decrement of the polling interval for customers which renewed their plan after their polling frequency was already reduced.
Case ID: IN-7866
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Migrated bulk of Aws MS to Inventory Domain - 11:30 UTC

Description: Migrated the following bulk of Aws MS to Inventory Domain: AwsAccessAnalyzer, AwsAccessAnalyzerFinding, AwsAccountAlternateContact, AwsApplicationAutoScalingPolicy, AwsAutoScalingGroup, AwsConfigSettings, AwsCustomerGateway, AwsEc2Images, AwsEcrRepository, AwsEcsCluster, AwsEcsService, AwsEcsTask, AwsEcsTaskDefinition, AwsEcsTaskDefinitionTags, AwsElasticIP, AwsElasticLoadBalancer, AwsElasticsearch, AwsEmrCluster, AwsGuardDutyDetector, AwsIamAccountSummary, AwsIamInstanceProfile, AwsIamPasswordPolicy, AwsIamRoleAttachedPolicies, AwsIamRoleInlinePolicies, AwsIamServerCertificate, AwsInternetGateway, AwsInspector, AwsLookupEvent, AwsMetricAlarm, AwsMqBroker, AwsNatGateway, AwsOrganizationAccount, AwsOrganizations, AwsOrganizationUnit, AwsPersonalize, AwsRds, AwsRdsDbSnapshot, AwsRdsOptionGroup, AwsRdsParameterGroup, AwsRedShift, AwsRoute53Domains, AwsRoute53HostedZones, AwsSes, AwsTransfer, AwsTransitGateway, AwsTranslationJob, AwsTranslationTerminology, AwsVirtualMfaDevices, AwsVpcEndpoint, AwsVpcFirewall, AwsVPNConnection, AwsVpnGateway, AwsWAFRegional, AwsWAFRegionalV2, AwsSnsSubscription, AwsGlueConnection, AwsGlueSecurityConfiguration, AwsSagemaker, AwsSageMakerTrainingJob, AwsSnsPlatformApplication, AwsTranscribeJob, AwsTranscribeMedicalJob, AwsWorkspace, AwsWorkspaceDirectory.
Case ID: IN-7773
Known limitations: N/A
Affected Components: FETCHERS

feature External API| Azure Org onboarding create and read API - 14:00 UTC

Description: External API| Azure Org onboarding create and read API
This is under feature flag
Case ID: PLAT-8209
Known limitations: N/A
Affected Components: ONBOARDING

fixed AzureSubscriptionPolicy cron schedule - 08:30 UTC

Description: Enabled cron expression to execute on proper time slot.
Case ID: IN-7864
Known limitations: N/A
Affected Components: Infra

FIX Minor bug fixes with regards to the Context Graph in the Protected Asset page - 12:00 UTC

Description: Various bug fixes in the presentation on the graph on the page.
Case ID: SEC-1034
Known limitations: N/A
Affected Components: UI

IMPROVEMENT AWS bulk migration to new Inventory Domain design - 13:00 UTC

Description: Migrated the following microservices: AwsEventRule, AwsLogGroups, AwsRouteTable, AwsSqs, AwsStepFunctionStateMachine, AwsSystemManagerDocument, AwsSystemManagerParameter, AwsDmsEndpoint, AwsEfs, AwsVolume, AwsAcmCertificate, AwsEbsSnapshot, AwsEbsSnapshotCreateVolumePermissions, AwsSecretManager
Case ID: IN-7723
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS Org onboarding improvements - 13:00 UTC

Description: Improvement for wizard and internal improvement of scaling of onboarding
AWS org onboarding is under feature flag
Case ID: PLAT-8230, PLAT-8232, PLAT-7923, PLAT-8212
Known limitations: N/A
Affected Components: UI onboarding

IMPROVEMENT AWS EC2 Instance - 13:00 UTC

Description: Internal improvement to better fetch Aws Ec2 images.
Case ID: IN-7218
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Upgrade AWS SDK Core to latest stable - 13:00 UTC

Description: AWSSDK.Macie2 was upgraded from 3.7.10.15 to 3.7.101.15 or newer
Case ID: IN-7510
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Upgrade AWS SDK Core to latest stable - 13:00 UTC

Description: Upgraded the AWS SDK Core to the next stable major version  (3.7.13.11 to 3.7.106.35).
Case ID: IN-7509
Known limitations: N/A
Affected Components: All backend components

IMPROVEMENT Internal Improvement - 22:35 UTC

Description: Add notification support for closed alerts.
Case ID: PLAT-8257
Known limitations: N/A
Affected Components: compliance engine

IMPROVEMENT Various bug fixes and enhancements in the Protected Asset Page - 13:00 UTC

Description: Fixed various issues and did minor enhancements in the Protected Asset Page.
Case ID: SEC-975, SEC-994, SEC-939, SEC-981
Known limitations: N/A
Affected Components: UI

IMPROVEMENT AWS bulk migration to new Inventory Domain design - 13:00 UTC

Description: Migrated the following microservices: AwsApiGatewayV2, AwsAthenaWorkGroup, AwsCognitoIdentityPool, AwsCognitoUserPool, AwsSnsTopic, AwsIamUserAccessKey, AwsIamUserAttachedPolicies, AwsIamUserEnrichments, AwsIamUserGroups, AwsIamUserInlinePolicies, AwsIamUserSSHPublicKeys
Case ID: IN-7684
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Internal Infrastructure Upgrade - 08:45 UTC

Description: Upgrade NodeJS version for some supporting Lambdas to 16.
Case ID: PLAT-8213
Known limitations: N/A
Affected Components: Compliance engine RLM

IMPROVEMENT Changed Inventory libraries to .net standard 2.0 - 07:00 UTC

Description: Changed Inventory libraries to .net standard 2.0
Case ID: IN-7685
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT GSL 2.0 - Compliance Configurations Lambda - 09:00 UTC

Description: Upgrade lambda to supported nodeJS version 16.
Case ID: IN-5475
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS bulk migration to new Inventory Domain design - 09:00 UTC

Description: Migrated the following microservices: AwsCloudTrail, AwsDynamodb, AwsIamPolicyGlobal, AwsIamPolicyLocal, AwsIamRole, AwsIamUser, AwsKinesisStream, AwsKms, AwsKmsAlias, AwsNacl, AwsRegion, AwsSecurityGroup, AwsSubnet, AwsVpc, AwsVpcFlowLog, AwsVpcPeeringConnection
Case ID: IN-7653
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS AwsGenericEntity migrated to new Inventory Domain design - 09:00 UTC

Description: The Microservice AwsGenericEntity was migrated to new design as part of the inventory code decoupling.
Case ID: IN-7440
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS LambdaFunction migrated to new Inventory Domain design - 09:00 UTC

Description: The Microservice LambdaFunction migrated to new design as part of the inventory code decoupling.
Case ID: IN-7366
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS AwsIamRoleEnrichments migrated to new Inventory Domain design - 09:00 UTC

Description: The Microservice AwsIamRoleEnrichments migrated to new design as part of the inventory code decoupling.
Case ID: IN-7370
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Add Support for AWS Classic Builder For Generic Entities - 11:00 UTC

Description: Adding an AWS Classic Builder for a generic entity is now possible.
Case ID: IN-7458
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS EksCluster migrated to new Inventory Domain design - 09:00 UTC

Description: The Microservice AwsEksCluster migrated to new design as part of the inventory code decoupling.
Case ID: IN-7200
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS S3Bucket migrated to new Inventory Domain design - 09:00 UTC

Description: The Microservice AwsS3Bucket migrated to new design as part of the inventory code decoupling.
Case ID: IN-7369
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AWS CloudFrontDistribution migrated to new Inventory Domain design - 08:30 UTC

Description: The Microservice AwsCloudFrontDistribution was migrated to new design as part of the inventory code decoupling.
Case ID: IN-7368
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT AwsApiGatway migrated to new Inventory Domain design - 08:30 UTC

Description: The Microservice AwsApiGatway was migrated to new design as part of the inventory code decoupling.
Case ID: IN-6393
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT OCI User- 13:30 UTC

Description: Added support for “groupMemberships" property.
Case ID: DFR-2614
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

FEATURE OCI Generic Entity - 13:30 UTC

Description: Implemented tags aggregation for all entities in OCI Generic Entity Fetcher.
Case ID: IN-7065
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

fixed OCI Analytics Instance - 13:30 UTC

Description: Removed the redundant 'Tags' property from OCI Analytics Instance
Case ID: IN-7162
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed OCI Compartment - 13:30 UTC

Description: Removed the redundant 'Tags' property from OCI Compartment
Case ID: IN-7162
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed generic-entity-configurations lambda - 13:30 UTC

Description: Fixed the generic-entity-configurations lambda handler to remove any outdated schema files from DynamoDB
Case ID: IN-7161
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FEATURE OCI Event Rule - 13:30 UTC

Description: Added support for EventRule Entity in OCI.
Case ID: DFR-2611
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

IMPROVEMENT Support Risk Score in Protected Assets API - 10:10 UTC

Description: Support Risk Score in protected-asset API.
Case ID: SEC-650
Known limitations: N/A
Affected Components: PROTECTED ASSETS ERM API

improvement Framework configure upgrade - 17:10 UTC

Description: Internal framework configuration - Part 2.
Case ID: PLAT-7715
Known limitations: N/A
Affected Components: Compliance engine

improvement Framework configure upgrade - 20:55 UTC

Description: Internal framework configuration.
Case ID: PLAT-7715
Known limitations: N/A
Affected Components: Compliance engine

feature AWS Org Onboarding - 17:05 UTC

Description: Add labling for cloud accounts that were onboarded with Organization Onboarding process.
Case ID: PLAT-7276
Known limitations: N/A
Affected Components: Organization onboarding

feature OCI Cloud Guard Configuration - 09:00 UTC

Description: Added support for "OCI Cloud Guard Configuration" in Compliance Engine and Protected Assets.
Case ID: DFR-2561
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

fixed OCI Fix freeformTags structure - 08:30 UTC

Description: Fixed the freeformTags property to be presented as an array instead of an object in all OCI entities
Case ID: IN-6812
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

feature OCI Ons Topic - 08:30 UTC

Description: Added support for "OCI Ons Topic" in Compliance Engine and Protected Assets.
Case ID: DFR-2655
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

IMPROVEMENT Minor changes to the Protected Asset page - 13:00 UTC

Description: Minor bug fixes for a very rare case where tab name was not provided as part of the URL.
Case ID: SEC-3
Known limitations: N/A
Affected Components: UI

feature OCI Dynamic Group - 08:30 UTC

Description: Added support for "OCI Dynamic Group" in Compliance Engine and Protected Assets.
Case ID: DFR-2652
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Analytics Instance - 08:30 UTC

Description: Added support for "OCI Analytics Instance" in Compliance Engine and Protected Assets.
Case ID: DFR-2649
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

IMPROVEMENT Compartment - 14:00 UTC

Description: Added an entity that represents the root compartment (Tenancy) in OCI Compartment
Case ID: IN-6967
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT OciGenericEntity - 11:00 UTC

Description: Added support for "ResponsePropertyToUse" in OciGenericEntity.
Case ID: IN-6951
Known limitations: N/A
Affected Components: fetchers

feature Support OCI in protected assets table - 11:00 UTC

Description: Add support to protected assets table for OCI
Case ID: IN-6950
Known limitations: N/A
Affected Components: UI

feature OCI Load Balancer - 11:00 UTC

Description: Added support for "Load Balancer" in Compliance Engine and Protected Assets.
Case ID: DFR-2618
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Network Load Balancer - 11:00 UTC

Description: Added support for "Network Load Balancer" in Compliance Engine and Protected Assets.
Case ID: DFR-2596
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Integration Instance - 11:00 UTC

Description: Added support for "OCI Integration Instance" in Compliance Engine and Protected Assets.
Case ID: DFR-2653
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Tag Default - 11:00 UTC

Description: Added support for "OCI Tag Default" in Compliance Engine and Protected Assets.
Case ID: IN-6587
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Tenancy - 11:00 UTC

Description: Added support for "OCI Tenancy" in Compliance Engine and Protected Assets.
Case ID: IN-6965
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Authentication Policy - 14:00 UTC

Description: Added support for "OCI Authentication Policy" in Compliance Engine and Protected Assets.
Case ID: IN-2616
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI User - 14:00 UTC

Description: Added support for "OCI User" in Compliance Engine and Protected Assets.
Case ID: IN-2615
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Group - 14:00 UTC

Description: Added support for "OCI Group" in Compliance Engine and Protected Assets.
Case ID: IN-6564
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Classic Builders Support - 12:40 UTC

Description: Added support for OCI Classic Builder in Compliance Engine and Protected Assets.
Case ID: IN-6687
Known limitations: N/A
Affected Components: COMPLIANCE ENGINEprotected assets

feature OCI Log Groups - 12:40 UTC

Description: Added support for "OCI Log Groups" in Compliance Engine and Protected Assets.
Case ID: IN-6590
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Kubernetes Engine Cluster - 12:00 UTC

Description: Added support for "OCI Kubernetes Engine Cluster" in Compliance Engine and Protected Assets.
Case ID: DFR-2597
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI VCN - 12:00 UTC

Description: Added support for "OCI VCN" (Virtual Cloud Network) in Compliance Engine and Protected Assets.
Case ID: IN-6747
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI File System - 12:00 UTC

Description: Added support for "OCI File System" in Compliance Engine and Protected Assets.
Case ID: IN-6595
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature OCI Autonomous Database - 12:00 UTC

Description: Added support for "OCI Autonomous Database" in Compliance Engine and Protected Assets.
Case ID: IN-6585
Known limitations: N/A
Affected Components: fetchersCOMPLIANCE ENGINEprotected assets

feature AWS Iam Role internal labels - 5:30 UTC

Description: Added internal label support for AWS Iam Role in Compliance Engine.
Case ID: IN-6724
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS KMS GSL 2.0 Connectors for S3Bucket, RDSDBCluster, DynamoDb, Personalize, CloudTrail - 14:30 UTC

Description: Added support for ‘kms’ property in S3Bucket, RDSDBCluster, DynamoDb, Personalize, CloudTrail in Compliance engine using GSL 2.0.
Case ID: IN-5991
Known limitations: Only when using Active Feature "gsl2-accounts".
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Assests With Open Findings API Rate Limit & Active Feature - 12:00 UTC

Description: Added to the Assests With Open Findings API rate limit of one request per hour and Active Feature per account.
Case ID: IN-6180
Known limitations: N/A
Affected Components: API

FIXED Azure AzureKubernetesCluster- 11:00 UTC

Description: Added "'ExternalObject.Identity.UserAssignedIdentities”" property to Azure AzureKubernetesClusterEntity in mongo only (for internal use)
Case ID: INT-2181
Known limitations: N/A
Affected Components: Fetchers

FIXED Azure VirtualMachine- 10:00 UTC

Description: Added "'Identity”" property to Azure VirtualMachineEntity in mongo only (for internal use)
Case ID: INT-2182
Known limitations: N/A
Affected Components: Fetchers

IMPROVEMENT Compliance Engine - 14:00 UTC

Description: Enabled internal mechanism in the Compliance Engine to enhance GSL capabilities in future releases.
Case ID: SEC-578
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FIXED Azure FunctionApp - 10:00 UTC

Description: Added "'inner.identity.userAssignedIdentities”" property to Azure FunctionApp in mongo only (for internal use)
Case ID: INT-2180
Known limitations: N/A
Affected Components: Fetchers

IMPROVEMENT Azure Active Directory Authorization Policy enrichment - 12:00 UTC

Description: Optimized enrichment API call for "Azure Active Directory Authorization Policy".e.
Case ID: IN-6523
Known limitations: N/A
Affected Components: fetchers

FIXED XSS Vulnerability in AG grid text fields - 11:00 UTC

Description: Fix possible XSS vulnerabilities exploitation in AG grid table text fields across CloudGuard platform.
Case ID: PLAT-6672
Known limitations: N/A
Affected Components: UI

FIXED Azure VM Builder - 13:00 UTC

Description: Handled case where VM's nic has no ipConfigurations.
Case ID: IN-6055
Known limitations: N/A
Affected Components: compliance engine protected assets

IMPROVEMENT Compliance Engine - Internal Changes - 12:30 UTC

Description: Resiliency improvements in the Compliance Engine.
Case ID: IN-5903
Known limitations: N/A
Affected Components: compliance engine

GSL containSecrets() function is more lax - 12:00 UTC

Description: containSecrets() function was adjusted to find only secrets relevant to cloud assets.
Case ID: PLAT-6492, PLAT-6408
Known limitations: N/A
Affected Components: compliance engine

GSL Minor adjustment to how results of GSL tester on List<> entities are displayed - 12:00 UTC

Description: The result will show the List as the tested entity and not the entities in the list.
Case ID: PLAT-6525
Known limitations: N/A
Affected Components: UI

infra Assessment Cleaner- 18:00 UTC

Description: Update Assessment cleaner infrastructure.
Case ID: PLAT-5799
Known limitations: N/A
Affected Components: compliance engine

infra Intercom Sync - 16:40 UTC

Description: Update Intercom infrastructure.
Case ID: PLAT-6109
Known limitations: N/A
Affected Components: intercom

IMPROVEMENT Azure Network Interface - 14:25 UTC

Description: Infrastructure Improvement
Case ID: IN-5406
Known limitations: N/A
Affected Components: protected assetscompliance engineFETCHERS

IMPROVEMENT The implementation of the main menu of the application was changed- 20:40 UTC

Description: The main menu logic was re-written to be more robust, fixing several issues.
Case ID: PLAT-6370
Known limitations: N/A
Affected Components: UI

feature Azure Global WAF connector for FrontDoor Classic - 09:40 UTC

Description: Added support for Azure Global WAF connector for Azure FrontDoor Classic in compliance engine. (Part of GSL 2.0 effort)
Case ID: IN-5574, DFR-2164
Known limitations: N/A
Affected Components: compliance engineFETCHERS

IMPROVMENT Asset Labels Support - 15:00 UTC

Description: Add AssetsIndexer support to "AssetLabelsEntity"
Case ID: IN-4847
Known limitations: N/A
Affected Components: Protected Assets

IMPROVMENT Risk Management - 15:00 UTC

Description: Internal ERM API changes in order to support future enhancements.
Case ID: IN-5645
Known limitations: N/A
Affected Components: ERM API

IMPROVMENT Internal API Changes - 15:00 UTC

Description: Internal changes in the following APIs:

• /v2/Compliance/Finding/search

• /v2/ContinuousCompliancePolicyV2

Case ID: IN-5435
Known limitations: N/A
Affected Components: API

FIXED Azure Null reference Exceptions-15:00 UTC

Description: Azure MS that use "Dome9.AzureInventoryWrappers.AzureExceptionsFactory.CreateAzureException" function caused null reference exceptions
Case ID: IN-3808, IN-5763
Known limitations: N/A
Affected Components: fetchers

improvement Internal Performance Improvements - 15:00 UTC

Description: Internal performance improvements.
Case ID: IN-4531
Known limitations: N/A
Affected Components: fetchers

improvement Improvement - 20:40 UTC

Description: Allow parallel loading of findings table and filter for large accounts to improve interactivity of the table.
Case ID: DFT-2206, PLAT-6319
Known limitations: Filters may take some time to load.
Affected Components: UI

improvement Internal Improvement - 16:40 UTC

Description: Improve assessment history querying performance, for Image Assurance flow, within compliance flow.
Case ID: PLAT-6122
Known limitations: N/A
Affected Components: compliance engine

improvement Risk Management - Misconfiguration - 17:00 UTC

Description: Using all Posture Findings of assets as Misconfigurations.
Case ID: IN-5154
Known limitations: N/A
Affected Components: ERM

IMPROVEMENT Delete CFT files for inventory microservices - 12:00 UTC

Description: Deleted old unused "microserviceInfra.json" files for all inventory faregate microservices ..
Case ID: IN-5514
Known limitations: N/A
Affected Components: N/A

IMPROVEMENT Compliance Engine Infrastructure - 13:00 UTC

Description: Internal enhancements in the Compliance Engine in order to support future capabilities.
Case ID: IN-5248
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Azure Tenant Level - 09:00 UTC

Description: Azure tenant level infrastructure changes - Change tenant work item to be account specific.
Case ID: IN-5565
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT AWS Core SDK Upgrade - 09:00 UTC

Description: Upgraded AWSSDK.Core and dependent packages to latest version.
Case ID: IN-4785
Known limitations: N/A
Affected Components: FETCHERS API Protected Assets

IMPROVEMENT Protected Assets - 12:50 UTC

Description: Extended Protected Assets APIs to support additional parameters for future use.
Case ID: IN-5326
Known limitations: N/A
Affected Components: API

FIXED Risk Management - 08:15 UTC

Description: Fixed an issue that caused ERM to consider two different posture findings as duplications.
Case ID: IN-5376
Known limitations: N/A
Affected Components: ERM

FIXED AWS Inspector - 08:15 UTC

Description: Internal bug fix in AWS Inspector vulnerabilities fetching process.
Case ID: IN-5460
Known limitations: N/A
Affected Components: FETCHERS

FIXED Protected Assets and Posture Findings - 08:15 UTC

Description: Internal bug fix in GroupsByProperties APIs.
Case ID: IN-5218
Known limitations: N/A
Affected Components: API

improvement GenericEntityConfigurationWriter lambda update - 13:00 UTC

Description: Upgraded the Node.js runtime from 12 to 16 LTS
Case ID: IN-5449
Known limitations: N/A
Affected Components: FETCHERS

improvement AWS Lambda Function and AWS Inspector2 - 13:00 UTC

Description: Upgraded AWSSDK.Core and dependent packages to latest version for AWS Lambda Function and AWS Inspector2.
Case ID: IN-5509
Known limitations: N/A
Affected Components: FETCHERS

FIX Azure Exception - 13:00 UTC

Description: Fixed bug on Azure Exception, in order to catch "DisallowedProvider" as a permission error.
Case ID: IN-3729
Known limitations: N/A
Affected Components: FETCHERS

FIX AWS EC2 Instance - 13:00 UTC

Description: Changed the value of "Dome9Id" field from an empty string to its correct value.
Case ID: IN-4984
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

improvement Remove port for magellan logicWebserverUrl - 14:00 UTC

Description: Fixed the Grunt file to run correctly against remote webserver
Case ID: PLAT-5886
Known limitations: N/A
Affected Components: WEBAPP

improvement Update the dependencies in FrontEnd to latest versions - 14:00 UTC

Description: Removed connected-react-router. Its not maintained and we cannot npm install anymore
Case ID: PLAT-5692
Known limitations: N/A
Affected Components: WEBAPP

FIXED Risk Management - 13:15 UTC

Description: Fixed an issue with AWS Lambda CVEs and Secrets counters.
Case ID: IN-5499
Known limitations: N/A
Affected Components: ERM

improvement AWS Credentials Validation - 09:30 UTC

Description: Internal change in AWS Credentials Validation service.
Case ID: IN-655
Known limitations: N/A
Affected Components: NETWORK SECURITY

improvement Risk Management - Internal Changes - 08:00 UTC

Description: Internal changes in Risk Management service.
Case ID: IN-5239
Known limitations: N/A
Affected Components: ERM API

improvement Risk Management - Internal Changes - 13:00 UTC

Description: Internal changes in Risk Management service.
Case ID: IN-5223
Known limitations: N/A
Affected Components: ERM

improvement GFI - Internal Improvement - 02:25 UTC

Description: Improved GFI performance.
Case ID: PLAT-5580
Known limitations: N/A
Affected Components: Compliance Engine

fixed Protected Assets - 14:20 UTC

Description: Remove reorder icons from the new table of protected assets
Case ID: PLAT-5424
Known limitations: N/A
Affected Components: protected assets

FIXed Internal Improvement - 21:00 UTC

Description: Internal improvement.
Case ID: PLAT-0000_Remove-DbAccess-From-AssessmentHistorySrvc
Known limitations: N/A
Affected Components: Compliance Engine

FIXed Azure MySQL Flexible Server - 10:30 UTC

Description: Modified Azure MySQL Flexible Server model to avoid Serialization errors.
Case ID: IN-5302
Known limitations: N/A
Affected Components: Compliance Engine Protected Assets

FIXed Azure Storage - 11:30 UTC

Description: Modified Azure Storage Eqauls and GetHashCode methods to avoid false updates
Case ID: IN-5215
Known limitations: N/A
Affected Components: fetchers

FIXed Alibaba Fetchers - 08:30 UTC

Description: Alibaba fetchers can now handle error responses that do not return in JSON format as well.
Case ID: IN-5196
Known limitations: N/A
Affected Components: fetchers

FIXed Azure Generic Entity Fetcher - 08:30 UTC

Description: Azure Generic Entity Fetcher can now handle responses of json array format as well
Case ID: IN-5227
Known limitations: N/A
Affected Components: fetchers

infra OpenSearch Security Groups - 09:40 UTC

Description: Update relation of new openSearch SGs and their consuming MSs.
Case ID: PLAT-5160
Known limitations: N/A
Affected Components: compliance engine

fixed Compliance Dispatcher - 14:30 UTC

Description: GcpGenericEntityFetcher now get the right number of Max Pages from the GCP generic configuration instead of a fixed value.
Case ID: IN-3407
Known limitations: N/A
Affected Components: fetchers

fixed Compliance Dispatcher - 14:30 UTC

Description: Added two GCP permission errors (storage.buckets.list access and The requested project was not found)
Case ID: IN-5229
Known limitations: N/A
Affected Components: fetchers

improvement Compliance Dispatcher - 10:00 UTC

Description: Improve compliance dispatcher’s performance and change log.
Case ID: PLAT-3627
Known limitations: N/A
Affected Components: compliance engine

improvement GSL Runner infrastructure update - 13:00 UTC

Description: Upgraded the Node.js runtime from 12 to 16 LTS
Case ID: PLAT-5193
Known limitations: N/A
Affected Components: compliance engine

improvement Azure Security Center Integration - 13:00 UTC

Description: Add Unauthorized exception to circuit braker.
Case ID: PLAT-5422
Known limitations: N/A
Affected Components: compliance engine

FIXED Generic Fetchers Collapse Properties - 13:30 UTC

Description: Generic Fetchers Collapse Properties can now handle BsonNull values as well. Also, fixed AwsS3BucketMacieJobInformation configuration.
Case ID: IN-4905
Known limitations: N/A
Affected Components: FETCHERS

improvement GFI Internal Improvement - 9:30 UTC

Description: Internal Improvement of GFI.
Case ID: PLAT-5338
Known limitations: N/A
Affected Components: Compliance engine

PERFORMANCE GCP Generic Fetcher - 8:30 UTC

Description: Reduce GcpGenericFetcher high memory consumption by removing the large "schema" field from Gcp Big Query Table entity, and reduced the amount of data being handled each fetcher run.

Case ID: IN-4501
Known limitations: N/A
Affected Components: FETCHERS Compliance engine

improvement Aws App Load Balancer Target Group - 10:30 UTC

Description: Aws App Load Balancer Target Group now publising messages to AssetsIndexer SNS Topic.

Case ID: IN-5019
Known limitations: N/A
Affected Components: FETCHERS

FIXED Rule Target Type Internal bug - 10:30 UTC

Description: Fix some of the collection names in the Rule Target type json.

Case ID: IN-5076
Known limitations: N/A
Affected Components: N/A

improvement Rule Target Type Improvement - 15:00 UTC

Description: Created a new RuleTargetType table, where the primary key is the rule target type, and the sort key is the vendor. Two new fields were added: "Vendor" and "collection name".

Case ID: IN-4958
Known limitations: N/A
Affected Components: Compliance engine compliance rulesets

improvement CIEM Entitlement Map - 11:00 UTC

Description: In the entitlement map, the consolidated policy is now shown in a table format and not in JSON anymore. The consolidated policy reflects the effective set of permissions granted to the entity when taking into account all policies directly or indirectly attached to it.

Case ID: INT-1438
Known limitations: N/A
Affected Components: CIEM

improvement Feature integration - 12:30 UTC

Description: Create NONCE token to connect to Spectral platform

• new api for spectral integration: getting the model based on nonce

• generating nonce flow for spectral

• new dynamo db table to map nonce to user info, for spectral integration

Case ID: PLAT-4393
Known limitations: N/A
Affected Components: SPECTRAL

improvement Internal Improvement - 16:50 UTC

Description: Move “v2/Compliance/Exclusion” API to new machine.
Case ID: PLAT-4284
Known limitations: N/A
Affected Components: API Compliance engine

fixed Omit Private APIs - 11:40 UTC

Description: Fix functionality for omitting controllers from PRODs swagger UI.
Case ID: PLAT-5060
Known limitations: N/A
Affected Components: API Documentations

IMPROVEMENT CIEM Entitlement Map - 10:15 UTC

Description: Organizations SCPs policies are now shown in the entitlement map.
Case ID: INT-1379
Known limitations: N/A
Affected Components: UI CIEM

IMPROVEMENT CIEM Entitlement Map - 10:15 UTC

Description: Several UI improvements in the entitlement map.
Case ID: INT-1551
Known limitations: N/A
Affected Components: UI CIEM

fixed CIEM IAM Role Overview - 10:15 UTC

Description: Fix issue with IAM Role overview tab where activity graph was showing system events.
Case ID: INT-1154
Known limitations: N/A
Affected Components: UI CIEM

improved Generic Findings Importer - 15:30 UTC

Description: Add custom support for K8S flow via GFI.
Case ID: PLAT-4021
Known limitations: N/A

improvement AWS Application Load Balancer Target Group - 14:00 UTC

Description: Initialized value to uninitialized TimeStamp field of the AwsAppLoadBalancerTargetGroupEntity.
Case ID: IN-4744
Known limitations: N/A
Affected Components: FETCHERS

fixed Continuous Posture - 12:00 UTC

Description: Fix archiving of alerts for deleted policies.
Case ID: PLAT-5018, DFT-2005
Known limitations: N/A
Affected Components: compliance engine Events

fixed Swagger Documentation - 09:00 UTC

Description: Fix swagger documentation.
Case ID: PLAT-4686
Known limitations: N/A
Affected Components: Api

improvement Protected Assets - 14:00 UTC

Description: Internal changes in order to support future enhancements in Protected Assets.
Case ID: IN-4045
Known limitations: N/A
Affected Components: Api PROTECTED ASSETS

fixed Protected Asset Entity Viewer- 09:50 UTC

Description: Internal performance improvement of SpecificEntityBuilder.
Case ID: PLAT-4684
Known limitations: N/A
Affected Components: apiprotected assetes

improvement AWS Inspector - 11:50 UTC

Description: Internal performance improvements in AWS Inspector Data Fetcher.
Case ID: IN-3003
Known limitations: N/A
Affected Components: FETCHERS

improvement CIEM Entitlement Map - 12:00 UTC

Description: The CIEM Entitlement Map now shows policies that are obtained via trust relationships with other IAM Roles (and not directly attached to the context role).
Case ID: INT-1424
Known limitations: N/A
Affected Components: CIEM

improvement Timeline improvements and fix - 12:00 UTC

Description: Timeline Events
Case ID: INT-414, INT-1564
Known limitations: N/A
Affected Components: INTELLIGENCE

improvement Internal Deployment - 19:30 UTC

Description: Internal deployment for new infrastructure.
Case ID: PLAT-4870
Known limitations: N/A
Affected Components:

improvement Compliance Engine - 14:00 UTC

Description: Internal changes in the Compliance Engine in order to support future enhancements.
Case ID: IN-4635
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

improvement Protected Assets / Findings APIs - 09:30 UTC

Description: Internal changes in the GroupsByProperties APIs.
Case ID: IN-4245
Known limitations: N/A
Affected Components: Api

improvement Protected Assets - 07:30 UTC

Description: Internal changes in order to support future enhancements in Protected Assets.
Case ID: IN-4496
Known limitations: N/A
Affected Components: Api PROTECTED ASSETS

improvement Internal Deployment- 10:30 UTC

Description: Internal deployment for new infrastructure.
Case ID: PLAT-4204
Known limitations: N/A
Affected Components: