Deployment October 6th, 2021
Compliance Rulesets Update - 10:15 UTC
Type: Improvement
Description: The first release of CIS Kubernetes Benchmark v1.20 ruleset, fixing Azure rules. A complete list can be found here.
Case ID: DFR-2041
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Rulesets Update - 10:30 UTC
Type: Bug Fix
Description: Running Kubernetes node will now appear when filtering for billable assets.
Known limitations: N/A
Affected Components: KUBERNETES
Compliance Improvement - 14:00 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Azure Storage Account - 13:00 UTC
Type: Improvement
Case ID: DFR-392
Description: Added the following properties to Azure Storage Account in protected assets and compliance engine.
fileServiceProperties
tableServiceProperties
queueServiceProperties
blobServiceProperties (existed before, only internal improvement)
Known limitations: N/A
Affected Components: PROTECTED ASSETS COMPLIANCE ENGINEDATA FETCHERS AZURE
AWS Cognito - 13:00 UTC
Type: Improvement
Description: Fetch Cognito identity and user pools from N. California, São Paulo, Paris, Stockholm and Bahrain
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
AWS MQ Broker - 13:00 UTC
Type: Improvement
Description: Fetch MQ brokers from GovCloud (US-East), GovCloud (US-West), Beijing and Ningxia
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Compliance API - 15:00 UTC
Type: Improvement
Description: Internal configuration change
Known limitations: N/A
Affected Components: API
Compliance Rulesets Update - 12:15 UTC
Type: Improvement
Description: Fixing AWS rules. A complete list can be found here.
Case ID: DFT-1342, DFT-1539
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS SQS - 10:00 UTC
Type: Bug Fix
Case ID: DFT-1458
Description: Support pagination
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Internal changes for several components - 10:00 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: ALL SYSTEM
Compliance Rulesets Update - 10:30 UTC
Type: Improvement
Description: Fixing Azure rules. A complete list can be found here.
Case ID: DFT-1467
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Protected Assets - Alibaba Entities - 11:00 UTC
Type: Improvement
Description:
Added 'Status' as additional field to Alibaba ECS Instance entity in protected assets.
Added 'DBInstanceStatus' as additional field to Alibaba RDS DB Instance entity in protected assets.
Alibaba ECS Instance 'Billable Asset' property is set to 'Yes' in case 'Status' is 'Running'.
Alibaba RDS DB Instance 'Billable Asset' property is set to 'Yes' in case 'DBInstanceStatus' is 'Running'.
Known limitations: N/A
Affected Components: PROTECTED ASSETS API DATA FETCHERS ALI
Serverless - Obsolete dotnetcore2.1 FSP injector changes - 17:00 UTC
Type: New Feature
Description: Add/remove auto-protect feature from webapp UI won't be supported for dotnetcore2.1 runtime.
Cloud Formation template has been changed. the new version: 21
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS CLOUD FORMATION
Serverless - FSP add support for graviton2 - 17:00 UTC
Type: New Feature
Description: Cloudguard FSP Support for AWS Lambda running on Graivton2 processors
FSP has been changed. the new version: 1.5.62
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Azure Subnet and VNET - 08:30 UTC
Type: Bug Fix
Case ID: DFT-1497
Description: Improve the way we correlate subnet to VNET model in compliance engine
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Shift Left - Feature enabled in Preview mode for all customers - 07:00 UTC
Type: New Feature
Description: Releasing it as preview for everyone, supporting Terraform and CFT.
Known limitations: N/A
Affected Components: SHIFTLEFT
Protected Assets Page - 07:00 UTC
Type: Improvement
Description: internal improvements.
Known limitations: N/A
Affected Components: API
Findings Page - 07:00 UTC
Type: Improvement
Description: internal improvements.
Known limitations: N/A
Affected Components: API
Compliance Rulesets Update - 16:00 UTC
Type: Improvement
Description: Azure and GCP rules removal. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Rulesets Update - 16:00 UTC
Type: Improvement
Description: Adding new rules to the Azure best practices ruleset. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Serverless - Generate Obsolete Runtime Task - 15:00 UTC
Type: Improvement
Description: For the functions with runtimes, that have reached end of support from AWS, an ObsoleteRuntimeTask will be created to notify the user that the account has the functions with unsupported runtimes. The task will have an information how to resolve that.
Please visit the link below for information on runtime end of support dates.
https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - Dot-net auto protect bug fix - 15:00 UTC
Type: Bug Fix
Description: Update Dot-net FSP instrumentation libraries to latest version.
FSP has been changed. the new version: 1.5.60
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Azure Redis - 14:30 UTC
Type: Improvement
Description: Internal improvement in error handling.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Google Cloud Account - 13:30 UTC
Type: Improvement
Description: Added new property "ProjectNumber" in protected assets and compliance engine.
Known limitations: N/A
Affected Components: DATA FETCHERS GCPCOMPLIANCE ENGINEPROTECTED ASSETS
AWS SSM Instance Information - 13:30 UTC
Type: Improvement
Description: Removed redundant property "LastPingDateTime" in protected assets and compliance engine.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Data Fetchers - 13:30 UTC
Type: Improvement
Description: Internal improvement in multiple data fetchers.
Known limitations: N/A
Affected Components: DATA FETCHERS AWSDATA FETCHERS AZUREDATA FETCHERS GCP
Compliance Rulesets Update - 10:00 UTC
Type: Improvement
Case ID: SR-352, SR-346
Description: Adding new rules to the Azure best practices ruleset. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Redis - 18:00 UTC
Type: Improvement
Case ID: DFR-1431
Description: Added the following properties to Azure Redis in protected assets and compliance engine.
ReplicasPerMaster
ReplicasPerPrimary
PublicNetworkAccess
MinimumTlsVersion
Instances
PrivateEndpointConnections
Known limitations: N/A
Affected Components: PROTECTED ASSETS COMPLIANCE ENGINEDATA FETCHERS AZURE
Data Fetchers Improvement - 18:00 UTC
Type: Improvement
Description: Internal improvement in all data fetchers
Known limitations: N/A
Affected Components: DATA FETCHERS
Compliance Rulesets Update - 15:00 UTC
Type: Improvement
Case ID: SR-281
Description: The first release of AWS CloudFormation Template ruleset.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
DataFetchers Improvement - 11:00 UTC
Type: Improvement
Description: Internal improvement in all data fetchers
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE NOTIFICATIONS
Findings Page - Sorting - 18:00 UTC
Type: Improvement
Case ID: DFR-1866
Description: Adding Values for Action field: Detect and Prevent
Known limitations: N/A
Affected Components: FINDINGS PAGE
Findings Page - Sorting - 18:00 UTC
Type: Bug Fix
Description: Fix Events alphabetical sorting
Known limitations: N/A
Affected Components: UI FINDINGS PAGE API
Findings Page - Action Buttons Improvement - 14:00 UTC
Type: Improvement
Case ID: DFR-1663
Description: UI change on the Findings actions.
Known limitations: N/A
Affected Components: UI FINDINGS PAGE
Dashboard - Widget Filter fix - 14:00 UTC
Type: Bug Fix
Case ID: DFT-1357
Description: Fixed an issue that affected filter on dashboards widgets.
Known limitations: N/A
Affected Components: UI DASHBOARD
Intelligence Findings - Investigate button fix - 14:00 UTC
Type: Bug Fix
Case ID: DFT-1160
Description: Fixed a bug on the UI that sent the wrong URL when investigating a finding.
Known limitations: N/A
Affected Components: UI
Compliance Report - Passed entities fix - 14:00 UTC
Type: Bug Fix
Case ID: DFT-1325, DFT-1420
Description: Fixed a bug on the UI representation on the report.
Known limitations: N/A
Affected Components: UI
External Findings API - 7:30 UTC
Type: Bug Fix
Description: Fixed a bug where External Findings API returns all types and findings, and not only external findings.
Known limitations: N/A
Affected Components: API
Azure Cosmos DB - 15:00 UTC
Type: Improvement
Case ID: DFR-2028
Description: Added the following properties to Azure Cosmos DB in compliance engine.
isVirtualNetworkFilterEnabled
keyVaultKeyUri
privateEndpointConnections
publicNetworkAccess
virtualNetworkRules
Known limitations: N/A
Affected Components: PROTECTED ASSETS COMPLIANCE ENGINEDATA FETCHERS AZURE
Serverless - fix list append - 16:00 UTC
Type: Bug Fix
Description: Bug fix in k8s whitelist creation
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - profile according to callstack info - 16:00 UTC
Type: Improvement
Description: Add support for callstack profiling and enforcement in Kubernetes - parent process/process that generate network activity.
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - intercept csharp function with harmony - 16:00 UTC
Type: Improvement
Description: Intercept azure function using Harmony
FSP has been changed. the new version: 1.5.59
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
GCP Route - 11:00 UTC
Type: New Entity
Case ID: DFR-1955
Description: Added support for GCP Route in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP PROTECTED ASSETS
GCP Router - 11:00 UTC
Type: New Entity
Case ID: DFR-1954
Description: Added support for GCP Router in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP PROTECTED ASSETS
GCP Instance Template - 11:00 UTC
Type: New Entity
Case ID: DFR-1953
Description: Added support for GCP Instance Template in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP PROTECTED ASSETS
Azure Web App, Azure Function App - 11:00 UTC
Type: Improvement
Case ID: DFR-1833
Description: Added 'scmIpSecurityRestrictionsUseMain' property under 'config' property in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE PROTECTED ASSETS
Azure Web App, Azure Function App - 11:00 UTC
Type: Improvement
Case ID: DFR-1833
Description: Added 'kind' property under 'config.accessRestrictions' property in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE PROTECTED ASSETS
AWS Onboarding - 10:00 UTC
Type: Improvement
Description: Internal change in AWS onboarding flow.
Known limitations: N/A
Affected Components: API
Data Fetchers - 11:30 UTC
Type: Improvement
Description: Internal Improvement
Known limitations: N/A
Affected Components: DATA FETCHERS ALI DATA FETCHERS GCP DATA FETCHERS AZURE DATA FETCHERS AWS
Compliance Engine - 10:00 UTC
Type: Terraform Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
AWS GovCloud Onboarding - 12:30 UTC
Type: Bug Fix
Description: Fixed a bug which prevented onboarding of AWS GovCloud accounts.
Known limitations: N/A
Affected Components: API
Compliance Engine - 13:00 UTC
Type: Removal of obsolete Ticketing system
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Protected Assets - New Infrastructure - 11:00 UTC
Type: Improvement
Description:
Added internal infrastructure to support future features in Protected Assets.
Added additional property 'externalAdditionalFields' in Protected Assets entities.
Known limitations: N/A
Affected Components: PROTECTED ASSETS API
Kubernetes APIs - 14:00 UTC
Type: Improvement
Description: New and updated APIs for Pod Groups.
A new API that queries a specific pod group for its images
A new API that queries a specific pod group for its pods
Change in Kubernetes image pod groups API return value.
When querying for pod groups that use specific KubernetesImage the ‘id’ field which to date returned the Kubernetes Id, will now be renamed as ExternalID.
Instead, the ‘id’ field will now return, CloudGuard id of the pod group and not the Kubernetes id.
Known limitations: N/A
Affected Components:
Data Fetchers Improvement - 13:30 UTC
Type: Improvement
Description: Internal change in several data fetchers of AWS, Azure, GCP and Alibaba.
Known limitations: N/A
Affected Components: DATA FETCHERS ALI DATA FETCHERS GCP DATA FETCHERS AZURE DATA FETCHERS AWS
AWS Onboarding - 11:00 UTC
Type: Improvement
Case ID: DFR-1884
Description: Changed the validation process. We no longer require EC2 permissions in order to complete AWS cloud accounts onboarding.
Known limitations: N/A
Affected Components: API
CloudSecurityGroup API Performance - 11:00 UTC
Type: Improvement
Description: Improved the performance of '/v2/cloudsecuritygroup?forAccess=true' API.
Known limitations: N/A
Affected Components: API
Compliance Engine MongoDB- 10:00 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Account registration and User Password Reset fix- 17:00 UTC
Type: Bug Fix
Case ID: DFT-1370
Description: Fixed a UI issue that blocked specific flows affecting registering new accounts, users and password reset.
Known limitations: N/A
Affected Components: UI AUTHENTICATION
Azure Storage Account - 13:30 UTC
Type: Improvement
Case ID: DFR-1045
Description: Added 'AdvancedThreatProtectionEnabled' and 'BlobSoftDeleteEnabled' properties in protected assets and compliance engine.
Known limitations: 'AdvancedThreatProtectionEnabled' is not supported in the following regions: southafricanorth, southafricawest, westus3, chinaeast2, norwayeast, australiacentral.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZUREPROTECTED ASSETS
Azure Storage Account - 13:30 UTC
Type: Improvement
Case ID: DFR-1045
Description: Enriched information in 'PrivateEndpointConnections' property in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZUREPROTECTED ASSETS
AWS Storage Gateway - 13:00 UTC
Type: Improvement
Description: Remove redundant 'ContentLength', 'HttpStatusCode' and 'ResponseMetadata' properties in compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
GCP HTTP Load Balancer - 13:00 UTC
Type: New Entity
Description: Added support for GCP HTTP Load Balancer in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCPPROTECTED ASSETS
GCP TCP\UDP Load Balancer - 13:00 UTC
Type: New Entity
Description: Added support for GCP TCP\UDP Load Balancer in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCPPROTECTED ASSETS
Compliance Engine- 16:00 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
AWS IAM User - 11:30 UTC
Type: Bug Fix
Case ID: DFT-1359
Description: Set consistent order for the IAM access keys in compliance engine
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
AWS Red Shift & AWS IAM User - 11:30 UTC
Type: Improvement
Description: Improve error handling in the compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Serverless - Added support for kafka and mq triggers - 15:00 UTC
Type: Improvement
Description: Added support for kafka and mq triggers when generating suggested roles .
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - Proact - Get token from env var - 15:00 UTC
Type: Improvement
Description: You can now use `CLOUDGUARD_ACCESS_TOKEN` environment variable to provide the token to cloudguard tool.
Earlier only config file and command line parameters were supported.
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS PROACT
Serverless - get function errors - HF - 15:00 UTC
Type: Bug Fix
Description: Serverless lambda errors (fsp injector, log subscription, inside vpc)
Serverless azure function app errors
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - WRP auto identify os distribution - 15:00 UTC
Type: Improvement
Description: Implement loader which responsible for identifying container OS, and initialize appropriate (per OS) libosfsp.so
FSP has been changed. the new version: 1.5.52
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Serverless - FSP node14.x support aws - 15:00 UTC
Type: Improvement
Description: AWS is obsoleting node10.x runtime. We have removed Cloudguard FSP support for node10.x runtime and added support for node14.x. It is recommended to use latest nodejs runtime to continue protecting your functions with FSP.
FSP has been changed. the new version: 1.5.57
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
AWS IAM Credentials Report - 14:00 UTC
Type: Bug Fix
Description: Fixed an internal issue that caused a failure to generate the credentials report in some cases.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Tenable.io Open Findings - 13:00 UTC
Type: Bug Fix
Description: Fixed a bug which caused Tenable.io external finding to remain open after EC2 instance deletion.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Azure Insights - 12:00 UTC
Type: Improvement
Description: Infra Improvement for Azure Insights data fetcher.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Shiftleft - Ignoring un relevant file types- 9:30 UTC
Type: Improvement
Description: Internal change in order to ignore not relevant files.
Known limitations: N/A
Affected Components: SHIFTLEFT
Azure Virtual Machine - 13:30 UTC
Type: Improvement
Case ID: DFR-1938
Description: Added 'vmId' property to Azure Virtual Machine API
Known limitations: N/A
Affected Components: API
Data Fetchers Improvement - 11:30 UTC
Type: Improvement
Description: Internal change in several data fetchers of Azure, GCP and Alibaba.
Known limitations: N/A
Affected Components: DATA FETCHERS ALI DATA FETCHERS GCP DATA FETCHERS AZURE COMPLIANCE ENGINE
Kubernetes - Clean up old Images - 10:00 UTC
Type: Improvement
Description: Remove kubernetes Image objects that no longer exist in the cluster.
Known limitations: N/A
Affected Components: Kubernetes Images
Kubernetes - Update Admission Control APIs - 10:00 UTC
Type: Improvement
Description:
Adding a targetType for requests and responses to Admission Control policies APIs.
The relevant APIs are:
{Get, Put, Post} at /v2/kubernetes/admissionControl/policy
{Get, Delete} at /v2/kubernetes/admissionControl/policy/{id}.
The available target types for these APIs are "Environment", indicating an environment policy, and "OrganizationalUnit", indicating an Organizational Unit Policy.
Known limitations: N/A
Affected Components: Kubernetes API
Azure Insights - 12:00 UTC
Type: Improvement
Description: Removed redundant fields from Azure Insights entity.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
AWS SES - 12:00 UTC
Type: New Entity
Case ID: DFR-771
Description: Added support for AWS SES in protected assets and compliance engine.
Known limitations: Limited up to 1000 ses items per cloud account .
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS PROTECTED ASSETS
AWS Elastic Beanstalk - 12:00 UTC
Type: Improvement
Case ID: DFR-1337
Description: Added 'Resources' and 'Settings' properties in protected assets and compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Azure Log Profile & AWS Iam User - 12:00 UTC
Type: Improvement
Description: Improve error handling in the compliance engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
AWS Group History - 12:00 UTC
Type: Improvement
Case ID: DFR-1343
Description: Internal improvement for non US regions.
Known limitations: N/A
Affected Components: API
Serverless - Handle old accounts ProtegoAgentBucketPolicy - 18:00 UTC
Type: Improvement
Description: Update Cross account CFT in order to support account update.
cloud formation template has been changed. the new version: 20
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS CLOUD FORMATION
Serverless - Serverless get function errors - 18:00 UTC
Type: New Feature
Description: Serverless lambda errors (fsp injector, log subscription, inside vpc)
Serverless azure function app errors
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - FSP subprocess context support - 18:00 UTC
Type: Improvement
Description: Added support for sub-process in Azure.
FSP has been changed. the new version: 1.5.56
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Kubernetes - New APIs - 15:00 UTC
Type: Improvement
Description:
New APIs for Containers Image Assurance.
A new API that queries a specific image for the image details, including the results of the scan.
A new API that queries a specific image for the Pods and Pod Groups that are deployed from this image.
Known limitations: N/A
Affected Components: KUBERNETES API
Kubernetes - Cluster status improvement - 15:00 UTC
Type: Bug Fix
Description: Fixed a bug where the Kubernetes cluster status could go from Initializing back to Pending status, during the onboarding process.
Known limitations: N/A
Affected Components: KUBERNETES API
Kubernetes - Scan status improvements - 15:00 UTC
Type: Improvement
Description: Added detailed error messages for image scan status when the image exceeds max size limits (as defined in the Helm chart) or exceeds max IP or URL limitation.
When the image hasn’t been scanned yet, the status text was changed from ‘Pending’ to "Pending Scan"
When there is an unrecoverable error during the scan, the status text was changed from ‘Error’ to "Internal Error"
Known limitations: N/A
Affected Components: KUBERNETES IMAGES
Compliance Engine- 07:30 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Serverless - Remove Python2.7 from CLI Tool- 15:00 UTC
Type: Improvement
Description:
From the deprecation date of July 15, 2021, AWS Lambda will no longer apply security patches and other updates to the Python 2.7 runtime used by Lambda functions. In addition, functions using Python 2.7 will no longer be eligible for technical support. You will no longer be able to create new Lambda functions using the Python 2.7 runtime from this date.
Python 2.7 has been removed from Proact Tool supported runtime, if you run the tool on Python 2.7 functions,
you will get below error
`UnsupportedRuntimeError - Runtime Python2.7 will no longer be supported. To continue receiving security updates and support, please upgrade to Python3.x`
Please migrate your Python 2.7 functions to Python 3.x
proact tool has been changed. the new version: 1.5.50
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS PROACT
Serverless - Obsolete node 10x- 15:00 UTC
Type: Improvement
Description: Since AWS will be soon obsoleting node 10.x support, the nodejs scanner is upgraded to node14.x
Known limitations: N/A
Affected Components: SERVERLESS
Alibaba - Organizational Units - 14:00 UTC
Type: Improvement
Case ID: DFR-1903
Description: Added APIs to support Organizational Units management for Alibaba cloud accounts.
Known limitations: Not supported in UI.
Affected Components: COMPLIANCE ENGINE API
Alibaba RAM Password Policy - 17:00 UTC
Type: Bug Fix
Description: Rename property from 'ramPolicyPasswordId' to 'policyPasswordId' in compliance engine
Known limitations: N/A
Affected Components: DATA FETCHERS ALI COMPLIANCE ENGINE
Alibaba KMS - 17:00 UTC
Type: Bug Fix
Description: Change 'automaticRotation' property from date time to string type in compliance engine
Known limitations: N/A
Affected Components: DATA FETCHERS ALI COMPLIANCE ENGINE
Support AWS Osaka Japan Region - 17:00 UTC
Type: Improvement
Description: Added support for Osaka region.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE API SECURITY GROUP MANAGEMENT
Kubernetes - Helm chart 2.4.0 released - 20:00 UTC
Type: New Release
Description: A new Helm chart, version 2.4.0 was released.
The main changes include:
Image Assurance: Image Assurance Engine memory limit modified to be to [MAX_IMAGE_SIZE]+500MB (the default value remains 2GB+500MB).
Runtime Protection: Added Containerd support. Reduce required agent privileges.
Container runtime auto-detection. There is no longer a need to manually set the runtime environment (Docker/Containerd).
Telemetry enhancements
Miscellaneous bug fixes (fix references to Check Point in helm chart docs fields, fix various typos/formatting, etc)
Known limitations : N/A
Affected Components : KUBERNETES HELM
Serverless - FSP support for java8.al2 runtime - 12:00 UTC
Type: Improvement
Description: Add FSP add/remove support for java8.al2 runtime.
FSP has been changed. the new version: 1.5.55
Cloud Formation template has been changed. the new version: 18
Known limitations : N/A
Affected Components : SERVERLESS SERVERLESS RUNTIME PROTECTION SERVERLESS PLUGIN
AWS Backup Vault - 12:00 UTC
Type: New Entity
Case ID: DFR-1789
Description: Added support for AWS Backup Vault in protected assets and compliance engine.
Known limitations: Requires a new permission to cloud guard role - "backup:ListBackupVaults".
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS PROTECTED ASSETS
Azure Function App - 12:00 UTC
Type: Improvement
Case ID: DFR-1935
Description: Added 'externalPrivateEndpoints' property in the compliance engine.
Known limitations: Requires a new permission to cloud guard role - "Microsoft.Web/sites/config/list/action".
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
AWS VPC, Subnet & VPC Peering connection - 12:00 UTC
Type: Improvement
Case ID: DFR-1848
Description: Added 'ownerId' property in the compliance engine and API.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Serverless - Obsolete Python2.7 - 18:00 UTC
Type: Improvement
Description: Obsolete Python2.7 runtime as AWS is going to end Python 2 support for the AWS CLI and SDK.
Known limitations: N\A
Affected Components: SERVERLESS
AWS Security Groups- 13:00 UTC
Type: Improvement
Description: Infrastructure changes for data fetchers responsible for AWS security groups handling.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Data Fetchers - Permissions Handling - 13:00 UTC
Type: Improvement
Description: Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected Components: DATA FETCHERS GCP DATA FETCHERS ALI DATA FETCHERS AZURE COMPLIANCE ENGINE API
Azure Insights - 13:00 UTC
Type: New Entity
Case ID: DFR-891
Description:
Added support for Azure Insights entity. The entity contains Azure resource's Diagnostic Settings.
Currently the following entity types are supported: Virtual Machines, Function Apps, Web Apps, SQL DBs, Network Security Groups.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
Compliance Rulesets Update - 11:45 UTC
Type: Improvement
Case ID: DFR-1661
Description: The first release of Hi-Trust and ITSG-33 rulesets for AWS.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Infrastructure Improvement - 14:00 UTC
Type: Improvement
Case ID: DFT-1353
Description: Improved Posture Findings filters sorting.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Compliance Rulesets Update - 11:25 UTC
Type: Improvement
Description: GCP CloudGuard Network Alerts ruleset depreciation.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Infrastructure Improvement - 09:00 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: API
AWS EKS Cluster - 13:00 UTC
Type: Improvement
Case ID: DFR-1640
Description: Added 'fargateProfiles' property in the compliance engine
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
AWS IAM Role - 13:00 UTC
Type: Improvement
Case ID: DFR-1790
Description: Added 'roleLastUsed' and 'maxSessionDuration' properties in the compliance engine and API.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Serverless - Azure learning - 16:00 UTC
Type: New Feature
Description: Add behavior for Azure Function App
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - Azure - support context in threads - 16:00 UTC
Type: Improvement
Description: A support to identify function name in a thread created by Azure function
FSP has been changed. the new version: 1.5.52
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Serverless - Java FSP remove bug - 16:00 UTC
Type: Bug Fix
Description: Java bug fix FSP add/remove using cli tool.
FSP has been changed. the new version: 1.5.53
The plugin version has been changed.
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION SERVERLESS PLUGIN
Serverless - CLI Python3 Transition - 16:00 UTC
Type: Improvement
Description: Transition of CLI tool to Python3 as AWS is going to end Python 2 support for the AWS CLI and SDK.
FSP has been changed. the new version: 1.5.49
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Serverless - Add severity to security events - 16:00 UTC
Type: Improvement
Description: Add severity to k8s signature security events
Known limitations: N/A
Affected Components: SERVERLESS
AWS SSM Instance Information - 15:00 UTC
Type: Improvement
Description: Improving throttling errors handling
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
AWS Shield - 15:00 UTC
Type: Improvement
Description: Improving throttling errors handling
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Alibaba RDS - 15:00 UTC
Type: Improvement
Description: Added 'dbInstanceIpHostnames' property in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS ALI COMPLIANCE ENGINE
Serverless - Remove logs poller - 15:00 UTC
Type: Improvement
Description: Remove Logs Poller.
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - Generate FSP UUID from plugin - 15:00 UTC
Type: Improvement
Description: Read UUID from cloudguard-fsp-config.json
FSP has been changed. the new version: 1.5.51
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Serverless - Bug fix for azure dot-net function on IO block - 15:00 UTC
Type: Bug Fix
Description: For any IO block event in azure dot-net functions, it should not allow access and return 500 internal server error
FSP has been changed. the new version: 1.5.50
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Serverless - Support network and improve signature alert - 15:00 UTC
Type: New Feature
Description: Add Network profiling and enforcement support for Kubernetes workloads.
Change the Signature security events aggregation logic to include the event action - detect/block.
Known limitations: N/A
Affected Components: SERVERLESS
Serverless - Retry FSP policy download - 15:00 UTC
Type: Improvement
Description: Implemented policy download retry mechanism for Azure FSP.
FSP has been changed. the new version: 1.5.50
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Serverless - Bug fix for azure dot-net function on IO block - 15:00 UTC
Type: Improvement
Description: Generate timestamp UUID azure
FSP has been changed. the new version: 1.5.49
Known limitations: N/A
Affected Components: SERVERLESS SERVERLESS RUNTIME PROTECTION
Compliance Improvement- 17:45 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Infrastructure Improvement - 15:30 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: API
AWS Application and Network Load Balancer - 16:00 UTC
Type: Improvement
Description: Internal performance improvement
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Alibaba RDS - 13:00 UTC
Type: Improvement
Description: Adjust db type and version enrichment fetching for Alibaba RDS.
Known limitations: N\A
Affected Components: DATA FETCHERS ALI
AWS Application Auto Scaling Policy - 13:00 UTC
Type: New Entity
Case ID: DFR-1653
Description: Added support for AWS Application Auto Scaling Policy in protected assets and compliance engine.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS PROTECTED ASSETS
EntityFetchStatus API - 13:00 UTC
Type: Improvement
Description: Internal performance enhancement for the GET request in EntityFetchStatus API.
Known limitations: N\A
Affected Components: API
Service Account - 13:00 UTC
Type: Improvement
Case ID: DFT-1321
Description: Allow to manage service accounts via SSO JIT users.
Known limitations: N\A
Affected Components: API
Compliance Rulesets Update - 15:00 UTC
Type: Improvement
Description: Updating best practices rulesets, changing the name of Alibaba ruleset. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS Instance - 11:40 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement- 11:40 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Authentication Improvements - 12:30 UTC
Type: Improvement
Description: Authentication flows improvements.
Known limitations: N/A
Affected Components: API MSP AUTHENTICATION
AWS Instance - 15:15 UTC
Type: Improvement
Case ID: DFR-1429
Description: Added 'ssmAgentInstanceInformation' property in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE API
Azure Storage Account - Blob Containers - 12:00 UTC
Type: Internal Change
Description: Limited the amount of fetched Blob Containers for each Storage Account.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Compliance Improvement- 10:30 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 12:45 UTC
Type: Improvement
Description: Fix for D9.AWS.CRY.05. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Improvement - 15:30 UTC
Type: Improvement core
Description: Internal improvement upgrading core version.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Azure Key Vault - 12:00 UTC
Type: Improvement
Case ID: DFT-1128
Description: Added 'ipRulesObjects' property in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
AWS Lambda Function - 17:00 UTC
Type: Bug Fix
Case ID: DFT-1133
Description: Fetch lambda functions where package type is image
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Serverless billable asset change - 17:00 UTC
Type: Improvement
Description: Billable assets Serverless ratio was updated to 1:60
Known limitations: N\A
Affected Components: ACCOUNT PAGE
Azure Security Center - 10:00 UTC
Type: New Entities
Case ID: DFR-1226
Description: Added support for Azure AutoProvisioningSettings and SecurityContact in the compliance engine.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
Alibaba RDS - 13:15 UTC
Type: Improvement
Description:
Added 'dbInstanceBackupPolicy' property in the compliance engine
Added 'dbInstanceEndpoints' property in the compliance engine
Added 'dbInstanceEncryptionKey' property in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS ALI COMPLIANCE ENGINE
Azure Data Fetchers - 13:15 UTC
Type: Improvement
Description: Improving permission errors handling
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Kubernetes Agent Status Enchantments - 16:30 UTC
Type: Improvement
Description: The Kubernetes agent status have been refactored with faster and more detailed Agent deployment status information.
Known limitations: N/A
Affected Components: KUBERNETES
Compliance Rulesets Update - 12:45 UTC
Type: Improvement
Description: The first release of the Azure New Zealand Information Security Manual (NZISM) v.3.4 rulesets and fix duplicated rules. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Storage Account - 11:15 UTC
Type: Improvement
Case ID: DFR-1465
Description:
Added 'performance' property in the compliance engine
Added 'replication' property in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure Virtual Machine - 11:15 UTC
Type: Improvement
Case ID: DFR-1465, DFR-1680
Description:
Added 'extensions' property in the compliance engine
Added 'availabilityZones' property in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
AWS Cloud Front - 11:15 UTC
Type: Improvement
Description: Added property 'protectedByShield' to AWS Cloud Front entity.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
AWS Network Load Balancer - 11:15 UTC
Type: Improvement
Description: Added property 'protectedByShield' to AWS NLB entity.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
AWS Application Load Balancer - 11:15 UTC
Type: Improvement
Description: Added property 'protectedByShield' to AWS ALB entity.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
AWS ELB - 11:15 UTC
Type: Improvement
Description: Added property 'protectedByShield' to AWS ELB entity.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Alibaba SLB - 11:15 UTC
Type: New Entity
Case ID: DFR-1506
Description: Added support for Alibaba Server Load Balancer in protected assets and compliance engine.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS ALI PROTECTED ASSETS
Alibaba Auto Scaling Group- 11:15 UTC
Type: New Entity
Case ID: DFR-1512
Description: Added support for Alibaba Auto Scaling Group in protected assets and compliance engine.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS ALI PROTECTED ASSETS
Compliance Improvement - 8:00 UTC
Type: Improvement
Description: Internal improvement Statistics counter improvement.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 15:00 UTC
Type: Improvement
Description: Internal improvement Image Scan model update.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Intercom - 16:45 UTC
Type: Bug Fix
Description: Added default value for 'registered by' property.
Known limitations: N/A
Affected Components: INTERCOM
Support Alibaba Region - China Guangzhou - 15:30 UTC
Type: Improvement
Description: Added support for China Guangzhou region.
Known limitations: N/A
Affected Components: DATA FETCHERS ALI COMPLIANCE ENGINE
Update Image Risk Score - 12:30 UTC
Type: Improvement
Description: ImageScan result will now feature an Image Risk Score value in the CVSS format of 0-10.0.
Image Risk Score will denote an image’s overall risk potential.
Known limitations: N/A
Affected Components: KUBERNETES
Kubernetes new APIs - 16:45 UTC
Type: Improvement
Description: Some Kubernetes API have been changed for better usability.
Kubernetes onboarding and Admission Control APIs have been refactored.
note: Even though the documentation has been updated to reflect the new format, the old format of the APIs will continue to be supported.
Known limitations: N/A
Affected Components: KUBERNETES
Compliance Rulesets Update - 12:45 UTC
Type: Improvement
Description: Adding new rules to new vendor preview ruleset. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Serverless - FSP Version List - 14:00 UTC
Type: New Feature
Description: Adding the ability to set the FSP version manually for AWS Lambda. The plugin and proact tool have been changed.
Known limitations: N\A
Affected Components: SERVERLESS
Serverless - SNS Topic per Account - 14:00 UTC
Type: Improvement
Description: Use SNS topic per account for cross account interaction cloud_formation template has been changed. the new version: 16
Known limitations: N\A
Affected Components: SERVERLESS
Serverless - Ignore IO Values - 14:00 UTC
Type: Bug Fix
Description: This fixes the false positive security events due to change in chrome headers in latest update. FSP has been changed. the new version: 1.5.48
Known limitations: N\A
Affected Components: SERVERLESS
Azure Data Fetchers - Permissions Handling - 10:00 UTC
Type: Improvement
Description: Azure Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE API
Azure Policy Definition - 10:00 UTC
Type: Bug Fix
Description: Fixed an issue with Azure Policy Definition data fetcher which caused sync failures in some cases.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
New Cloud Vendor Support - 17:00 UTC
Type: New Entity
Description: Added support for new entities in the compliance engine
Known limitations: N/A
Affected Components: PROTECTED ASSETS DATA FETCHERS COMPLIANCE
AWS IAM Data Fetchers - 17:00 UTC
Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Compliance Rulesets Update - 12:00 UTC
Type: Improvement
Description: Adding new rules to new vendor preview ruleset. Removing D9.AWS.NET.69. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS IAM Data Fetchers - 18:00 UTC
Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Compliance Rulesets Update - 09:37 UTC
Type: Improvement
Description: Adding new rules to Azure Best Practice ruleset. Fixing D9.AZU.IAM.06 rule.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS Onboarding - Role Trust Policy - 16:00 UTC
Type: Bug Fix
Description: Changes in AWS Roles External ID generation logic.
Known limitations: N/A
Affected Components: API AWS ONBOARDING
Compliance Rulesets Update - 11:10 UTC
Type: Improvement
Description: Azure CloudGuard Network Alerts ruleset depreciation. Replacing old network rules in new network rules.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
GCP Data Fetchers - Permissions Handling - 12:00 UTC
Type: Improvement
Description: GCP Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected Components: DATA FETCHERS GCP COMPLIANCE ENGINE API
Roles Page - Adding Service account indicator - 16:15 UTC
Type: Improvement
Case ID: DFR-1146
Description: Adding Service Accounts indicator.
Known limitations: N\A
Affected Components: UI ROLES PAGE
Dashboards - Public option fix - 16:15 UTC
Type: Bug fix
Case ID: DFT-1146
Description: Fixing an issue while creating a public custom dashboard.
Known limitations: N\A
Affected Components: UI DASHBOARDS
Environments page - typo fix - 16:15 UTC
Type: Bug fix
Case ID: DFT-1153
Description: Fixing a typo on EU West region.
Known limitations: N\A
Affected Components: UI ENVIRONMENTS PAGE
CSV Export - Download fix - 16:15 UTC
Type: Bug fix
Case ID: DFT-1166
Description: Fixing an issue that prevented download on windows system.
Known limitations: N\A
Affected Components: UI CSV EXPORT
Compliance Report - Print fix - 16:15 UTC
Type: Bug fix
Case ID: DFT-1169, DFT-1174
Description: Fixing an issue that affected printing reports.
Known limitations: N\A
Affected Components: UI COMPLIANCE REPORTS
Compliance Improvement - 8:00 UTC
Type: Improvement
Description: Internal improvement Statistics counter improvment.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 10:00 UTC
Type: Improvement
Description: Internal improvement ElasticSearch
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 7:00 UTC
Type: Improvement
Description: Internal improvement Runners.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 8:00 UTC
Type: Improvement
Description: Internal improvement Data Migration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 13:40 UTC
Type: Improvement
Description: Rules added to AWS and GCP best practices rulesets. Rule D9.AWS.IAM.1020 was fixed.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Kubernetes Assets - New columns - 11:00 UTC
Type: Improvement
Description: Kubernetes asset list now support additional columns such as namespace, number of workloads, image tags, etc.
Known limitations: This change only affects new and/or changed objects.
Affected Components: KUBERNETES PROTECTED ASSETS PAGE
Azure Storage Account - 14:00 UTC
Type: Improvement
Case ID: DFR-1535
Description: Added 'blobContainers' property for Azure Storage Account in the compliance engine.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
Azure Container Registry - 14:00 UTC
Type: Improvement
Case ID: DFR-1621
Description: Added networking properties for Azure Container Registry in the compliance engine.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
AWS Athena - 14:00 UTC
Type: Entity Removal
Case ID: DFT-1114
Description: AWS Athena Query Execution (Athena in GSL) was removed in order to prevent rate limit and costs impact.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
AWS RDS DB Instance - 13:00 UTC
Type: Bug Fix
Case ID: DFT-1096
Description: Fetch tags for AWS RDS DB Instance in china and gov regions.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Compliance CSV export - 18:30 UTC
Type: Improvement
Case ID: DFR-1743
Description: Added IsExcluded field to the CSV report.
Known limitations: N/A
Affected Components: COMPLIANCE REPORT
Compliance Rulesets Update - 15:00 UTC
Type: Improvement
Description: Rules added to AWS and GCP best practices rulesets.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS Dynamo DB Table - 13:30 UTC
Type: Bug Fix
Case ID: DFT-1096
Description: Fetch tags for AWS Dynamo DB Table in china and gov regions.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
UI - Infrastructure improvements - 12:30 UTC
Type: Improvement
Description: Internal improvement and new login page.
Known limitations: N\A
Affected Components: UI
Compliance Improvement - 8:00 UTC
Type: Improvement
Description: Internal improvement Teams integrations
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Protected assets - Kubernetes fixes - 22:00 UTC
Type: Bug fix
Case ID: DFT-1142, DFT-1141
Description: Fixing minor UI issues.
Known limitations: N\A
Affected Components: UI PREOTECTED ASSETS
Protected assets page - VPC fix - 22:00 UTC
Type: Bug fix
Case ID: DFT-1147
Description: Fixing an issue that showed AWS VPC as new vendor cloud VPC.
Known limitations: N\A
Affected Components: UI PREOTECTED ASSETS
Serverless - optimise se q flow - 14:00 UTC
Type: Improvement
Description: Optimize security events handling flow, to prevent delay of processing and display.
Known limitations: N\A
Affected Components: SERVERLESS
Serverless - Azure python post deploy instrumentation - 14:00 UTC
Type: New Feature
Description: FSP can now be added to an already deployed Azure function app. This support is currently enabled for Python runtime (Linux containers).
Known limitations: N\A
Affected Components: SERVERLESS
Serverless - Azure post deploy premium - 14:00 UTC
Type: Improvement
Description: Added support for Azure post deploy functionality for premium and app service plans.
Known limitations: N\A
Affected Components: SERVERLESS
Serverless - Add dynamic signatures fetch - 14:00 UTC
Type: New Feature
Description: Dynamic update of k8s signatures from Check Point Research team.
Known limitations: N\A
Affected Components: SERVERLESS
AWS S3 Bucket - 14:00 UTC
Type: Improvement
Description: Added property 'arn' to AWS S3Bucket entity.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
GCP IAM Group - 12:30 UTC
Type: Bug Fix
Description: Fixed an issue that caused GcpIamGroup.groupData property to be empty.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
GCP IAM User - 10:30 UTC
Type: Improvement
Description:
Added 'roles' property in the compliance engine.
This property holds all the roles assigned to the user directly on the onboarded project.Added 'userData.groups' property in the compliance engine.
This property includes holds all groups the user is member in and in the same domain.
Known limitations: Roles are not include organization inheritance
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
GCP IAM Role - 10:30 UTC
Type: New Entity
Description: Added support for GCP Project IAM Role (custom and predefined) including the role permissions in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
GCP VM Instance- 10:30 UTC
Type: Improvement
Description: Added 'sourceImage' and 'sourceImageId' properties for each GCP VM Instance Disk in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
GCP Disk - 10:30 UTC
Type: New Entity
Description: Added support for GCP Disk in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
GCP Image - 10:30 UTC
Type: Improvement
Description: Added 'creationTimestamp' property for GCP Image in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
GCP Project - 10:30 UTC
Type: Improvement
Case ID: DFR-1698
Description: Added 'enabledServices' property for GCP Project in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
Azure Function App and Web App - 10:30 UTC
Type: Improvement
Case ID: DFR-1572
Description: Added 'appServicePlan' property for Azure Function App and Web App in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure Function App - 18:00 UTC
Type: Improvement
Case ID: DFR-1635, DFR-1636, DFR-1642
Description:
Added 'privateEndpoints' property in the compliance engine
Added 'unauthenticatedClientAction' property in the compliance engine
Populate SCM IP Security Restrictions as part of 'config.accessRestrications' property in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Compliance Rulesets Update - 15:00 UTC
Type: Improvement
Description: Rules added to Azure best practices ruleset. Logic fix of D9.GCP.CRY.07.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
New Cloud Vendor Support - New Infrastructure - 14:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: PROTECTED ASSETS DATA FETCHERS COMPLIANCE
AWS Shield - 14:00 UTC
Type: New Entity
Case ID: DFR-1715
Description: Added support for AWS Shield in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
New Cloud Vendor Support - New Infrastructure - 19:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: PROTECTED ASSETS DATA FETCHERS COMPLIANCE
Compliance Rulesets Update - 13:00 UTC
Type: Improvement
Description: The first release of GCP GDPR ruleset. Rules added to GCP best practices ruleset.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Storage Account - 10:30 UTC
Type: Bug Fix
Case ID: DFT-1149
Description: Populate 'resourceGroup' property for Azure Storage Account in compliance engine.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
New Cloud Vendor Support - New Infrastructure - 10:30 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: PROTECTED ASSETS DATA FETCHERS COMPLIANCE
AWS Data Fetchers - 13:30 UTC
Type: Bug Fix
Description: Fixed an issue with missing permissions handling for AWS entities: Sqs, Organization.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Compliance Rulesets Update - 14:00 UTC
Type: Improvement
Description: Fixing an issue affected internally.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Rulesets page - Run assessment permission fix - 13:30 UTC
Type: Bug fix
Case ID: DFT-1124
Description: Fixing an issue that disabled the run button.
Known limitations: N\A
Affected Components: UI RULESETS PAGE
Exclusions page - Free search text fix - 13:30 UTC
Type: Bug fix
Case ID: DFT-1123
Description: Fixing an issue that affected searching for rule names.
Known limitations: N\A
Affected Components: UI EXCLUSIONS PAGE
Event page - Adding missing links - 13:30 UTC
Type: Bug fix
Case ID: DFT-1116
Description: Adding alert missing links.
Known limitations: N\A
Affected Components: UI EVENT PAGE
AWS Onboarding - Fix for full protection - 13:30 UTC
Type: Bug fix
Case ID: DFT-1070
Description: Fixing an issue to restrict converting security groups to full protection.
Known limitations: N\A
Affected Components: UI AWS UNSAFE-ONBOARDING
Log.ic - Fixing time ticker - 13:30 UTC
Type: Bug fix
Case ID: DFT-1095
Description: Fixing an issue affected the time ticker.
Known limitations: N\A
Affected Components: UI LOGIC
New cloud vendor support - Infrastructure change - 13:30 UTC
Type: New feature
Case ID: DFR-1598
Description: Adding new vendor support framework.
Known limitations: N\A
Affected Components: UI
Continuous posture - Showing only associated policies - 13:30 UTC
Type: Improvement
Case ID: DFR-1381
Description: Showing only associated elements.
Known limitations: N\A
Affected Components: UI CONTINUOUS POSTURE
Protected assets - Added DaemonSet asset page - 13:30 UTC
Type: Improvement
Case ID: DFR-1266
Description: Adding DaemonSet asset page.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
New Cloud Vendor Support - New Infrastructure - 17:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: API PROTECTED ASSETS DATA FETCHERS COMPLIANCE
GCP Filestore Instance - 16:30 UTC
Type: New Entity
Case ID: DFR-1558
Description: Added support for GCP Filestore Instance in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
AWS Data Fetchers - 14:00 UTC
Type: Bug Fix
Description: Fixed an issue with missing permissions handling for AWS entities: NatGateway, RDSDBSnapshot.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Compliance Rulesets Update - 12:00 UTC
Type: Improvement
Description: Rules added to Azure and GCP best practices rulesets. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure SQL Server - 11:00 UTC
Type: Improvement
Case ID: DFR-1102
Description: Added 'minimalTlsVersion' property for Azure SQL Server entity in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
New Cloud Vendor Support - New Infrastructure - 11:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: API PROTECTED ASSETS DATA FETCHERS COMPLIANCE
New Cloud Vendor Support - New Infrastructure - 08:30 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: API PROTECTED ASSETS DATA FETCHERS
AWS Route53 Hosted Zone - 14:00 UTC
Type: Improvement
Case ID: DFR-1442
Description: Added 'queryLoggingConfigs' property for AWS Route53 Hosted Zone entity in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
New Cloud Vendor Support - New Infrastructure - 14:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API PROTECTED ASSETS DATA FETCHERS
Compliance Improvement - 10:00 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
New cloud vendor support - Infrastructure change - 10:00 UTC
Type: New feature
Case ID: DFR-1528, DFR-1530, DFR-1531
Description: Adding new vendor support framework.
Known limitations: N\A
Affected Components: UI
Dashboards - Fixing account ID filter - 10:00 UTC
Type: Bug fix
Case ID: DFT-1078
Description: Fixing an issue for specific widgets with account Id.
Known limitations: N\A
Affected Components: UI DASHBOARD
UI changes - Titles removal and filter change - 10:00 UTC
Type: Improvement
Case ID: DFR-1576, DFR-1577
Description: Removing page titles from all system pages, combine the filter and search to a single line.
Known limitations: N\A
Affected Components: UI
Compliance Reports - Adding representation for passed entities - 10:00 UTC
Type: Improvement
Case ID: DFR-377
Description: The assessment results now will show the failed and passed entities.
Known limitations: N\A
Affected Components: UI REPORTS
Notifications page - Improving Error Messages - 10:00 UTC
Type: Improvement
Case ID: DFR-1437
Description: When a Webhook integration fails the page will return the complete error message.
Known limitations: N\A
Affected Components: UI NOTIFICATIONS
Dashboards - Adding Assignee = me - 10:00 UTC
Type: Improvement
Case ID: DFR-1548
Description: Adding filter to represent which alerts assigned to the current user.
Known limitations: N\A
Affected Components: UI DASHBOARD
GCP Data Fetchers - New Infrastructure - 13:00 UTC
Type: Improvement
Description: Added a new Infrastructure for GCP Data Fetchers
Known limitations: N/A.
Affected Components: DATA FETCHERS GCP
New Cloud Vendor Support - New Infrastructure - 15:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API PROTECTED ASSETS DATA FETCHERS
New Welcome Pages - 14:00 UTC
Type: Improvement
Description: Added new default welcome pages to menu sections :
Posture
Network
Identity
Workload Protection
Intelligence
Known limitations: N/A
Affected Components: MENU ITEMS
New Cloud Vendor Support - New Infrastructure - 14:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API PROTECTED ASSETS DATA FETCHERS
Compliance Rulesets Update - 12:30 UTC
Type: Improvement
Description: Rules added to GCP Best Practice ruleset. D9.AWS.DR.04 was removed.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Backend Functionality enhancement - 14:00 UTC
Type: Improvement
Description: Adding Backend functionality in order to support a new cloud vendor.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
FSP version visibility - 08:00 UTC
Type: New Feature
Case ID: PROT-713
Description: Adding a new visibility for each AWS lambda that’s use FSP, to get the FSP version.
The purpose of this feature is that in the next step we will have the ability to set the FSP version manually.
Known limitations: N/A
Affected Components: SERVERLESS
New Cloud Vendor Support - New Infrastructure - 12:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Compliance Rulesets Update - 12:40 UTC
Type: Improvement
Description: Rules added to Azure CIS v1.1,v1.2, and v1.3 rulesets. and Azure CIS v1.2 enrichment. New and fix rules for GCP rulesets. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Improvement - 10:00 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
GSL Builder - Run rule on all Accounts - 14:00 UTC
Type: Improvement
Case ID: DFR-434
Description: Added ability to run a rule on multiple accounts.
Known limitations: N\A
Affected Components: UI GSL BUILDER
Environment page - Log.ic improvements - 14:00 UTC
Type: Improvement
Case ID: DFR-1451, DFR-1452, DFR-1454
Description: Minor UI Improvements
Known limitations: N\A
Affected Components: UI ENVIRONMENTS PAGE
Configuration explorer - Group by fix - 14:00 UTC
Type: Bug fix
Case ID: DFT-1034
Description: Fix for group by option
Known limitations: N\A
Affected Components: UI CONFIGURATION EXPLORER
Exclusions page - Export to CSV fix - 14:00 UTC
Type: Bug fix
Case ID: DFT-1086
Description: Fix for the excluded rule name
Known limitations: N\A
Affected Components: UI EXCLUSIONS
Exclusions page - Rule name fix - 14:00 UTC
Type: Bug fix
Case ID: DFT-1052
Description: Fix for the excluded rule name
Known limitations: N\A
Affected Components: UI EXCLUSIONS
Log.ic - Explorer graph fix - 14:00 UTC
Type: Bug fix
Case ID: DFT-1100
Description: Fix an issue that cause the page to break
Known limitations: N\A
Affected Components: UI LOGIC
Ruleset page - Bug fix on create exclusion - 14:00 UTC
Type: Bug fix
Case ID: DFT-1102
Description: Fix an exception that cause the page to freeze
Known limitations: N\A
Affected Components: UI RULESET PAGE
Compliance Improvement - 13:40 UTC
Type: Improvement
Description: Internal Migration
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE API
ShiftLeft CLI - 12:00 UTC
Type: Improvement
Description: Improving error messages output
Known limitations: N\A
Affected Components: SHIFTLEFT API
Compliance Improvement - 10:40 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Azure Storage Account - 11:30 UTC
Type: Improvement
Case ID: DFR-1485
Description: Added 'privateEndpointConnections' property for Azure StorageAccount entity in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Compliance Rulesets Update - 10:30 UTC
Type: Improvement
Description: The first release of Azure CIS v1.3 ruleset and Azure CIS v1.2 enrichment. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Cloud IAM Role - 09:55 UTC
Type: Improvement
Description: Added 'AssumeRolePolicy’ property to Cloud IAM Role API
Known limitations: N/A
Affected Components: API
New Cloud Vendor Support - New Infrastructure - 09:55 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: PROTECTED ASSETS DATA FETCHERS
Compliance Improvement - 10:00 UTC
Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 12:00 UTC
Type: Improvement
Description: Internal Finding Validation improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
AWS EKS Cluster - 16:00 UTC
Type: Bug Fix
Case ID: DFT-1048
Description: Support node group label/tag key containing dots.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Azure Function App and Web App - 16:00 UTC
Type: Improvement
Case ID: DFR-1461
Description: Access Restrictions with source of type 'Service Tag' are supported.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
New Cloud Vendor Support - New Infrastructure - 13:00 UTC
Type: Improvement
Description: Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A
Affected Components: API
Azure Event Hub Namespace - 15:30 UTC
Type: Improvement
Case ID: DFR-1053
Description: Added 'virtualNetworkRules' property for Azure Event Hub Namespace in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure Data Fetchers - 13:00 UTC
Type: Improvement
Description: Infra Improvement for Azure data fetchers: Bastion and Maria DB.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
AWS API Gateway V2 - 13:00 UTC
Type: New Entity
Case ID: DFR-1470
Description: Added support for AWS HTTP API Gateway in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Azure Function App and Web App - 16:00 UTC
Type: Improvement
Case ID: DFR-1461
Description:
Added the 'accessRestrictions' property to Azure Function App and Web App config in compliance engine
'isAuthenticateOn' property will be null when we fail to retrieve this information
Known limitations: Access Restrictions with at least one source of type 'Service Tag' are not supported. Will be supported on later phase.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Compliance Rulesets Update - 10:00 UTC
Type: Improvement
Description: Adding AWS Best practices rule.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS SQS and SNS - 15:00 UTC
Type: Improvement
Description: Add 'cryptoKeyId' property for AWS SQS and SNS in compliance engine.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Environment API - fixing a minor issue 11:00 UTC
Type: Bug Fix
Description: Fixing an issue that affected removing cloud account.
Known limitations: N\A
Affected Components: API
Remediation - Fixing UI issue - 8:30 UTC
Type: Bug Fix
Case ID: DFT-1084
Description: Fixed an issue that caused the UI to freeze.
Known limitations: N\A
Affected Components: UI REMEDIATION
Compliance dashboard - Export fix - 8:30 UTC
Type: Bug Fix
Case ID: DFT-1059
Description: fixing missing Account Id on export.
Known limitations: N\A
Affected Components: UI DASHBOARD
Exclusions page - New look and feel - 8:30 UTC
Type: Improvement
Case ID: DFR-1212
Description: Adjusted to the general system style.
Known limitations: N\A
Affected Components: UI EXCLUSIONS
Compliance Report - Redirect to referrer page - 8:30 UTC
Type: Improvement
Case ID: DFR-412
Description: After closing the report redirect to the referrer page.
Known limitations: N\A
Affected Components: UI REPORTS
Internal configuration improvement - 14:00 UTC
Type: Improvement
Description: Internal configuration improvement
Known limitations: N\A
Affected Components: DATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP API
Azure Service Fabric Cluster- 14:00 UTC
Type: New Entity
Case ID: DFR-330
Description: Added support for Azure Service Fabric Cluster in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
Azure Bastion - 14:00 UTC
Type: New Entity
Case ID: DFR-1498
Description: Added support for Azure Bastion in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
GCP Security Group - 14:00 UTC
Type: Improvement
Case ID: DFR-458
Description:
Added the 'enabled' property to Security Groups Inbound and Outbound rules.
The property reflects the enforcement status of the corresponding firewall rules.
The change effects GcpSecurityGroup and VMInstance entities.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
AWS Credentials Editing - New infra structure - 14:00 UTC
Type: Improvement
Description: Adding new infra structure in order to support new future features.
Known limitations: N/A
Affected Components: API
Compliance Rulesets Update - 14:00 UTC
Type: Improvement
Description: D9.AWS.VLN.02 fix.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Improvement - 13:00 UTC
Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 11:30 UTC
Type: Improvement
Description: Api Infrastructure improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 08:30 UTC
Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
AWS SQS and SNS - 11:00 UTC
Type: Bug Fix
Case ID: DFT-1079
Description: Populate 'cryptoKey' property for keys without alias name in compliance engine.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 9:20 UTC
Type: Improvement
Description: A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Improvement - 10:00 UTC
Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Azure Subnet - 12:00 UTC
Type: Improvement
Case ID: DFR-1450
Description: Added 'delegationsList' property for Azure Subnet in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
AWS CloudTrail - Organization Trails - 10:30 UTC
Type: Improvement
Case ID: DFT-1042
Description:
Added support for Organization level trails for member accounts.
Added 'isOrganizationTrail' property to CloudTrail entity.
Known limitations: Tags are not supported for organization level trails on member accounts.
Affected Components: PROTECTED ASSETS DATA FETCHERS AWS COMPLIANCE ENGINE
Compliance Rulesets Update - 10:20 UTC
Type: Improvement
Description: Fix two AWS IAM rules. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Kubernetes Onboarding - Saving entered values - 12:00 UTC
Type: Improvement
Case ID: DFR-1449
Description: Saving values entered on onboarding even if the user clicked back.
Known limitations: N\A
Affected Components: UI KUBERNETES
Clarity - Adding missing flow logs link - 12:00 UTC
Type: Bug Fix
Case ID: DFT-1028
Description: Adding missing flow logs link.
Known limitations: N\A
Affected Components: UI CLARITY
Protected Assets - GCP VM UI fix - 12:00 UTC
Type: Bug Fix
Case ID: DFT-1064
Description: Fixing an issue that prevented viewing GCP VM's detailed view.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
AWS NACL - Added ICMP codes - 12:00 UTC
Type: Improvement
Case ID: DFR-1361
Description: Added ICMP types to the UI.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Notifications - Security Hub Integration - 12:00 UTC
Type: Improvement
Case ID: DFR-1460
Description: Added regions to our integration.
Known limitations: N\A
Affected Components: UI NOTIFICATIONS
Compliance Improvement - 14:00 UTC
Type: Improvement
Description: Add new UI functions to API.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE API
Compliance Improvement - 11:00 UTC
Type: Improvement
Description: Improved load time of ruleset page.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Azure Network Security Group - 14:00 UTC
Type: Improvement
Description: Added 'subnetId' property for Azure Network Security Group in the compliance engine
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
AWS Elastic Beanstalk - 14:00 UTC
Type: New Entity
Case ID: DFR-1379
Description: Added support for AWS Elastic Beanstalk in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
Azure Maria DB - 14:00 UTC
Type: New Entity
Case ID: DFR-501
Description: Added support for Azure Maria DB in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
Azure Virtual Machine Scale Set - 11:00 UTC
Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
New Service Now Application - 20:30 UTC
Type: Improvement
Description: New application with new features and certified for Paris Version, find it here
Known limitations: N\A
Affected Components: SERVICENOW APPLICATION
Internal configuration improvement - 19:30 UTC
Type: Improvement
Description: Internal configuration improvement
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP DATA FETCHERS K8S API
Compliance Rulesets Update - 11:00 UTC
Type: Improvement
Description: The first release of Azure CIS Foundations v. 1.2.0. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Data Fetchers - 17:00 UTC
Type: Improvement
Description: Infra Improvement for Azure data fetchers: Virtual Machine, Virtual Machine Scale Set and Redis.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Compliance Improvement- 14:00 UTC
Type: Internal Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Exclusions page - New Dialog - 12:30 UTC
Type: Improvement
Case ID: DFR-1212
Description: Adding new improved dialog.
Known limitations: N\A
Affected Components: UI EXCLUSIONS
Dashboard - Export fix - 12:30 UTC
Type: Bug Fix
Case ID: DFT-1043
Description: Fixing the Dashboard export.
Known limitations: N\A
Affected Components: UI DASHBOARDS
Environments page - Remove instance column - 12:30 UTC
Type: Improvement
Case ID: DFR-1453
Description: Removing the instance column.
Known limitations: N\A
Affected Components: UI ENVIRONMENTS
Kubernetes Onboarding - Blades rename - 12:30 UTC
Type: Improvement
Case ID: DFR-1239
Description: Renamed blades.
Known limitations: N\A
Affected Components: UI KUBERNETES
Compliance Improvement - 12:00 UTC
Type: Internal Improvement
Description: External finding improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 11:00 UTC
Type: Improvement
Description: A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Protected Assets - Index Azure VM private IP - 11:00 UTC
Type: Improvement
Description: Index Azure VM private IP
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE PROTECTED ASSETS
Compliance Improvement- 11:00 UTC
Type: Internal Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Azure Event Hub Namespace - 13:30 UTC
Type: New Entity
Case Id: DFR-1401
Description: Added support for Azure Event Hub Namespace in the compliance engine
GSL Examples:
Ensure that Azure EventHubNamespace is encrypted:
EventHubNamespace should not have encryption.keyVaultProperties isEmpty()
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
AWS Update Credentials API - 13:30 UTC
Type: Bug Fix
Case Id: DFT-1057
Description: Fixed an issue for handling empty cloud account in user based credentials.
Known limitations: N/A.
Affected Components: API
Compliance Rulesets Update - 13:45 UTC
Type: Improvement
Description: A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS Onboarding - New infra structure - 13:00 UTC
Type: Improvement
Description: Adding new infra structure in order to support new future features.
Known limitations: N/A
Affected Components: API AWS ONBOARDING
Add "Sync Now" support for Azure Load Balancer - 13:00 UTC
Type: Improvement
Description: Azure load balancer fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Compliance Improvement - 16:30 UTC
Type: Internal Improvement
Description: Revert due to an issue discovered.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement- 14:00 UTC
Type: Internal Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement - 12:00 UTC
Type: Internal Improvement
Description: External finding improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Improvement- 10:00 UTC
Type: Internal Improvement
Description: Internal API improvement.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Authentication Improvements - 14:00 UTC
Type: Improvement
Description: Authentication flows improvements.
Known limitations: N/A
Affected Components: SSO INFINITY PORTAL AUTHENTICATION
PREVIEW
Log.ic - Azure Activity Logs - 15:30 UTC
Type: New Feature
Description: Added Log.ic support on Azure Storage, Audit, Signin, Activity Logs.
Known limitations: Currently in Early Availability
Affected Components: LOGIC
GCP App Engine - 11:00 UTC
Type: New Entity
Case ID: DFR-608
Description: Added support for GCP App Engine in the compliance engine
GSL Examples:
Ensure that GCP AppEngine utilizes Identity-Aware Proxy:
AppEngine should have iap.enabled=true
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
Azure HDInsight - 11:00 UTC
Type: Improvement
Case ID: DFR-1436
Description: Region and location properties were converted into lower case strings
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
Compliance Improvement- 10:00 UTC
Type: Internal Improvement
Description: Internal importer improvement.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Improvement- 06:45 UTC
Type: Internal Improvement
Description: Managed generic list backend capability only.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Protected assets - Detailed export fix - 20:30 UTC
Type: Bug Fix
Case ID: DFT-1017
Description: minor UI fix.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Notifications - Jira integration - 20:30 UTC
Type: Improvement
Case ID: DFT-1024, DFR-1391
Description: Jira default JSON payload changed, Test button enabled on payload change.
Known limitations: N\A
Affected Components: UI NOTIFICATIONS
Account page - Adding more Logic usage data - 20:30 UTC
Type: Bug Fix
Case ID: DFT-1003
Description: Adding more details to improve usability.
Known limitations: N\A
Affected Components: UI ACCOUNT PAGE
Main Menu - Log.ic menu item - 20:30 UTC
Type: Bug Fix
Case ID: DFT-1001
Description: Log.ic will always be present even if not onboarded.
Known limitations: N\A
Affected Components: UI MENU
Kubernetes Onboarding - Region support - 20:30 UTC
Type: Improvement
Case ID: DFR-1400
Description: Added region support to the HELM command.
Known limitations: N\A
Affected Components: UI KUBERNETES
Compliance Rulesets Update - 14:45 UTC
Type: Improvement
Description: AWS CloudGuard Network Alerts ruleset deprecation.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Storage Account - 14:30 UTC
Type: Improvement
Case ID: DFR-1109
Description: Added multiple properties in compliance engine for Azure Storage Account.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
AWS NACL - 14:30 UTC
Type: Improvement
Description: Added 'icmpProtocol' property in compliance engine for AWS NACL inbound and outbound entries.
Known limitations: N/A
Affected Components: API COMPLIANCE ENGINE
AWS System Manager Document - 14:00 UTC
Type: Improvement
Description: Fetching only documents that are not owned by Amazon.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
AWS S3 Bucket Account Public Access Block - 14:30 UTC
Type: Bug Fix
Case ID: DFT-1037
Description: Fixed a syncing issue when deleting account level public access block settings.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Shift Left - 7:30 UTC
Type: Improvement
Description: Added additional flags, improved the output to be more human readable and option to send the results to assessment history page.
Known limitations: N/A
Affected Components: SHIFTLEFT
Compliance Entities Changes - 15:10 UTC
Type: Improvement
Case ID: DFR-1186
Description: Compliance entities model changes:
Tags - Removed from unsupported entities.
Region - Presented as 'Global' when location information is not available.
Source - Removed from all entities.
Vpc - Relevant for AWS entities only, removed from unsupported entities.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Azure User - 15:10 UTC
Type: Improvement
Case ID: DFR-1214
Description: Added 'assignedRoles' property in compliance engine for Azure User.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
AWS API Gateway - 15:10 UTC
Type: Improvement
Case ID: DFR-1234
Description: Added 'securityPolicy' property in compliance engine for AWS API Gateway
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
MSP Portal - Log.ic Notifications - 13:00 UTC
Type: New feature
Description: Add support to set Log.ic usage notifications from the MSP portal
Known limitations: N/A
Affected Components: MSP PORTAL LOG.IC NOTIFICATIONS
AWS Application Load Balancer and Network Load Balancer - 12:30 UTC
Type: Improvement
Case ID: DFT-658
Description: Additional properties are supported in compliance engine for AWS Application Load Balancer and Network Load Balancer
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
Compliance Rulesets Update - 10:30 UTC
Type: Improvement
Description: The first release of the Azure Security Benchmark ruleset. New rules were added to Azure CloudGuard Best Practices reuleset and some GCP rules fixes. A complete list can be found here.
Known limitations: N/A
Affected Components:
Shift Left - New Infrastructure - 16:00 UTC
Type: Improvement
Description: Added internal infrastructure to support future features for Shift Left.
Known limitations: N\A
Affected Components: WEBAPP COMPLIANCE CORE
Data fetching services - 11:00 UTC
Type: Improvement
Description: Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components: ALL DATA FETCHING COMPONENTS