Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

 Deployment November 17th, 2021

All Data Fetchers - 14:00 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP DATA FETCHERS ALIBABA

Compliance Rulesets Update - 11:00 UTC

Type: Improvement

Description: The first release of the AWS CIS Foundations v. 1.4.0 ruleset, adding new rules to the AWS CIS Foundations v. 1.3 rulesets, adding new rules to AWS CloudFormation ruleset, rules fixes. A complete list can be found here.

New CloudBots were added

Case ID: DFT-1582, DFR-2045

Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

GCP GSuite User - 09:30 UTC
Type: Improvement
Description: Added support for new field Languages to GCP GSuite User on protected assets and compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP PROTECTED ASSETS

 Deployment November 16th, 2021

Compliance - 11:30 UTC

Type: Improvement
Description:  General improvements. 
Known limitations: N/A 
Affected ComponentsAPI

AzureManagement, AzureGenericEntity, AzureActivityLog, AzureSqlServer - 09:45 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AZURE

Intelligence - 09:30 UTC
Type: New Feature
Description: Added “Remove Intelligence” button for Azure environments. The button can be found under Assets\Environments, within the specific environment’s page. Clicking on it and confirming will off-board the environment from Intelligence (both Account Activity and Network Traffic).
Known limitations: N/A
Affected ComponentsINTELLIGENCE

Intelligence - 09:30 UTC

Type: Bug FiIx
Description:  Unsupported GSL query will now display an error in the UI.
Known limitations: N/A 
Affected ComponentsINTELLIGENCE

Intelligence - 09:30 UTC

Type: Improvement
Description:  New grid implementation in Account Activity and Network Traffic log tables (benefits: endless scroll, reorder/resize columns, etc.)
Known limitations: N/A 
Affected ComponentsINTELLIGENCE

 Deployment November 14th, 2021

Intelligence - 18:50 UTC
Type: Improvement
Description: Updated API documentation for Intelligence
Known limitations: N/A
Affected ComponentsINTELLIGENCE API DOCUMENTATION

AWS Cloud Trail - Lookup Events - 16:00 UTC
Type: Improvement
Description: Improved data fetcher performance.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS

Azure Data Fetchers - 11:00 UTC
Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AZURE

Intelligence - 9:15 UTC
Type: Improvement
Case ID:
Description: Added link to online help in email warning users that Intelligence cannot retrieve their logs from their storage place.
Known limitations: N/A 
Affected Components:  INTELLIGENCE

Intelligence - 9:15 UTC
Type: Improvement
Case ID:
Description: Improvements for move to new infrastructure.
Known limitations: N/A 
Affected ComponentsINTELLIGENCE

 Deployment November 11th, 2021

Compliance- 18:00 UTC
Type: Bug Fix
Case ID: DFT-1439
Description: Added ability to export large amount of events as CSV
Known limitations: N/A 
Affected Components:  EVENTS COMPLIANCE

Intelligence - 10:15 UTC
Type: Bug Fix
Case ID:
Description: Fixed a bug in GSL query for “in” function.
Known limitations: N/A 
Affected ComponentsINTELLIGENCE GSL

 Deployment November 10th, 2021

GCP VM Instance - 18:45 UTC
Type: Improvement
Case ID: DFR-2024
Description: Added multiple properties to GCP VM Instance on protected assets and compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP PROTECTED ASSETS

AWS Cloud Trail - Lookup Events - 14:00 UTC
Type: Improvement
Description: Improved paging and throttling handling.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS

AWS Network Firewall - 13:00 UTC
Type: Improvement
Case ID: DFT-1533
Description: Added support for AWS Network Firewall to the following regions: af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-south-1, ap-southeast-1, ap-southeast-2, cn-north-1, cn-northwest-1, us-gov-east-1, us-gov-west-1, ca-central-1, eu-central-1, eu-north-1, eu-south-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-west-1.
Known limitations: Not supporting the following regions: cn-north-1, cn-northwest-1, us-gov-east-1, us-gov-west-1
Affected ComponentsDATA FETCHERS AWS

AWS Network Firewall - 13:00 UTC
Type: Improvement
Case ID: DFR-1468
Description: Added 'firewallPolicy' property to AWS Network Firewall on protected assets and compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS PROTECTED ASSETS

Compliance Rulesets Update - 11:30 UTC

Type: Improvement

Description: Adding new rules to AWS CloudFormation ruleset, rules fixes. A complete list can be found here.

Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

 Deployment November 4th, 2021

Compliance - 16:20 UTC

Type: Improvement
Description:  Improvements for a new infrastructure. 
Known limitations: N/A 
Affected ComponentsAPI

Compliance API - 10:40 UTC

Type: Improvement
Description:  bug fix for events empty value filter
Known limitations: N/A 
Affected ComponentsAPI

 Deployment November 3rd, 2021

Azure Activity Log Monitor - 14:30 UTC

Type: Improvement
Description:  Enriched Azure Storage Account information in Azure Activity Log Monitor on protected assets and compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE  PROTECTED ASSETS

Azure Container Instance -  14:30 UTC

Type: New Entities
Case ID: DFR-1262
Description: Added support for Azure Container Instance in protected assets and compliance engine.
Known limitations: N/A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS AZURE PROTECTED ASSETS

Compliance Rulesets Update - 12:30 UTC

Type: Improvement

Description: Adding new rules to AWS CloudFormation ruleset, rules fixes. A complete list can be found here. New CloudBots were added.

Case ID: DFT-1069
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

 Deployment November 2nd, 2021

Azure Storage Blob Containers - 10:00 UTC

Type: Improvement
Description: Internal data fetcher logic improvement.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AZURE

 Deployment November 1st, 2021

Intelligence - 13:30 UTC

Type: Improvement
Description: We improved both quality and accuracy of geolocation data for account activity and network traffic logs.
Known limitations: N/A 
Affected ComponentsINTELLIGENCE

 Deployment October 31th, 2021

API - 22:45 UTC

Type: Improvement
Description: Improvements for a new infrastructure. 
Known limitations: N/A 
Affected ComponentsAPI

 Deployment October 28th, 2021

Compliance - 12:20 UTC

Type: Improvement
Description: Improvements for a new infrastructure. 
Known limitations: N/A 
Affected ComponentsAPI COMPLIANCE CORE COMPLIANCE INTEGRATIONS

AWS Security Groups - 12:20 UTC

Type: Bug Fix
Description: Fixed edge cases that prevented Security Groups to be visible in the Security Groups page. 
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS

SNS Notification for China- 11:40 UTC

Type: Bug Fix
Description: Adding support to China accounts to send compliance SNS notification. 
Case ID: DFR-2091
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATIONS

Billable Report Api - 08:40 UTC

Type: New Feature
Description: Added API to get a monthly billing report. 
Case ID: DFR-1849
Known limitations: N/A 
Affected ComponentsAPI

GCP Firewall Rules - 08:00 UTC

Type: Bug Fix
Description: Fixed edge cases that prevented data updates. 
Case ID: DFR-2098
Known limitations: N/A 
Affected ComponentsDATA FETCHERS GCP

 Deployment October 27th, 2021

Compliance Rulesets Update - 11:40 UTC

Type: Improvement

Description: Rules fixes. A complete list can be found here

Case ID: DFT-1223, DFT-1519, DFR-2086, DFT-1320, DFT-1428
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

 Deployment October 26th, 2021

Intelligence - 09:00 UTC

Type: Improvement

Description: Internal improvements for data administration and performances.
Known limitations: N/A 
Affected ComponentsINTELLIGENCE

 Deployment October 25th, 2021

Intelligence - 11:00 UTC

Type: Improvement
Description: An email is automatically sent to CloudGuard users when Intelligence cannot retrieve logs from their storage place (support for additional use cases was added).
Known limitations: N/A 
Affected ComponentsINTELLIGENCE

Compliance - 08:30 UTC

Type: Improvement
Description: Improvement
Known limitations: N/A 
Affected ComponentsAPI

Authentication - Reset password fix - 07:00 UTC

Type: Bug Fix
Description:  Fixed an issue that affected reset password flow in specific edge cases.
Case ID: DFT-1551
Known limitations: N/A 
Affected ComponentsAPI 

 Deployment October 24th, 2021

Intelligence - 12:00 UTC

Type: Improvement
Description: Network Traffic Logs - New columns available in csv export
When exporting network traffic logs from the portal, the csv now contains new columns: Src Address (IP address of the source), Src Type (External, Lambda…), Src Name (will be empty if the entity is not known by Cloudguard), Dst Address (IP address of the destination), Dst Type and Dst Name.
Known limitations: N/A 
Affected ComponentsINTELLLIGENCE NETWORK TRAFFIC

 Deployment October 21st, 2021

Compliance - 14:30 UTC

Type: Improvement
Description: Image Assurance - Reduce the delay between consecutive image scans.
Instead of a single image every 5 minutes, requests for image scans will now be sent from the backend to the scanning agent in batches.
Known limitations: N/A 
Affected ComponentsKUBERNETES IMAGE ASSURANCE

Compliance - 12:30 UTC

Type: New Feature
Description: Admission Control GSL rule verification has been improved. Clicking on the verify button will test the rule based on the cluster's recent API calls history.
Users can now see if the rule violated any of the last 1000 events or the last 7 days of events (the smaller of the two).
Known limitations: N/A 
Affected Components: KUBERNETES ADMISSION CONTROL

Compliance - 12:30 UTC

Type: New Feature
Description: The Runtime Protection feature creates Behavioral profiles for workloads. When creating rules and exclusions for profiles, the users can now set a parent process, this information is also shown in the rules and exclusions table as well.
Known limitations: N/A 
Affected Components: KUBERNETES RUNTIME PROTECTION

 Deployment October 20th, 2021

GCP GSuite User & GCP GSuite Group - 17:00 UTC

Type: Bug Fix
Description:  Support pagination 
Case ID: DFT-1423
Known limitations: N/A 
Affected ComponentsDATA FETCHERS GCP 

GCP Service Account - 14:00 UTC

Type: Bug Fix
Description:  Support pagination 
Case ID: DFT-1555
Known limitations: N/A 
Affected ComponentsDATA FETCHERS GCP 

AWS IAM SAML & AWS IAM Open ID -  10:30 UTC

Type: New Entities
Case ID: DFR-1299
Description: Added support for AWS IAM SAML & AWS IAM Open ID in protected assets and compliance engine.
Known limitations: N/A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS AWS PROTECTED ASSETS

Compliance Rulesets Update - 13:15 UTC

Type: Improvement

Description: The first release of Azure HITRUST v9.5.0 and Source Code Assurance 1.0 rulesets, adding new rules for the Azure platform, fixing Azure and GCP rules. A complete list can be found here. Adding new CloudBots for AWS and Azure platforms.

Case ID: DFR-1913
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

 Deployment October 19th, 2021

Compliance - 12:30 UTC

Type: Bug Fix
Case ID : DFT-1499
Description: Fixing a bug with AWS SSO authentication
Known limitations: N/A 
Affected ComponentsAUTHENTICATION

Compliance - 15:00 UTC

Type: Bug Fix
Description: Fixing a bug with large email reports.
Known limitations: N/A 
Affected ComponentsREPORTS COMPLIANCE NOTIFICATIONS

 Deployment October 17th, 2021

Intelligence - 17:00 UTC

Type: Improvement
Description: Internal Improvements.
Known limitations: N/A 
Affected ComponentsADMINO INTERCOM

 Deployment October 14th, 2021

Compliance Engine - 16:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Compliance Engine - 15:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Compliance API - 11:30 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE API

Posture Findings Exclusions  - 10:00 UTC

Type: Bug Fix
Case ID: DFT-1354
Description: Run Assessment when adding a new posture findings exclusion.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

 Deployment October 13th, 2021

Fetchers Improvement - 16:00 UTC

Type: Improvement
Description: Internal Configuration Improvement.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP DATA FETCHERS ALI

AWS S3 Bucket - 12:00 UTC

Type: Bug Fix
Case ID: DFT-1503
Description: Fix ‘objectLevelLogging’ property
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

 Deployment October 12th, 2021

Fetchers Improvement - 14:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS

Fetchers Permissions Handling Improvement - 09:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS ALIBABA DATA FETCHERS AZURE DATA FETCHERS GCP

 Deployment October 11th, 2021

API Improvement - 15:30 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsAPI

Fetchers Improvement - 09:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AZURE

Compliance API - 07:00 UTC

Type: Improvement

Description: Internal Improvement Webhook integration.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE API

Compliance API - 07:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE API

 Deployment October 10th, 2021

Intelligence - 18:00 UTC

Type: Improvement
Description: Onboarding Azure network traffic logs (a.k.a Azure flow logs) is now done using a custom ARM template. After assigning an additional IAM role to the CloudGuard application and selecting the Network Security Groups to onboard, the system will generate an ARM template for the customer to deploy. The template will handle the requirements for onboarding to Intelligence. This new onboarding replaces the previous onboarding for Azure network traffic logs. It is available to all customers.
Known limitations: N/A 
Affected ComponentsAPI INTELLIGENCE ONBOARDING

AWS SNS Platform Application, AWS Events Rule, AWS System Manager Parameter, AWS Kinesis Firehose, AWS Custom Domain Name - 16:00 UTC

Type: Bug Fix
Description:  Support pagination 
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS 

Fetchers Improvement - 16:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS GCP

 Deployment October 7th, 2021

Compliance API - 18:00 UTC

Type: Improvement
Description: Internal Improvement Webhook integration.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE API

Compliance API - 17:00 UTC

Type: Improvement
Description: Internal Improvement adding a TTL.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE API

Compliance API - 15:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE API

Continuous posture - 15:00 UTC

Type: Bug Fix
Description: Fix a bug on ruleset save operation.
Known limitations: N/A 
Affected ComponentsUI  API

Compliance API - 05:00 UTC

Type: Improvement
Description: Internal Improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE API

Deployment September 23 ,2021

Deployment October 6th, 2021

Compliance Rulesets Update - 10:15 UTC

Type: Improvement

Description: The first release of CIS Kubernetes Benchmark v1.20 ruleset, fixing Azure rules. A complete list can be found here

Case ID: DFR-2041
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Compliance Rulesets Update - 10:30 UTC

Type: Bug Fix
Description: Running Kubernetes node will now appear when filtering for billable assets.
Known limitations: N/A 
Affected ComponentsKUBERNETES

Deployment October 5 ,2021

Compliance Improvement - 14:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATIONS

Azure Storage Account - 13:00 UTC

Type: Improvement
Case ID:  DFR-392
Description: Added the following properties to Azure Storage Account in protected assets and compliance engine.

  • fileServiceProperties

  • tableServiceProperties

  • queueServiceProperties

  • blobServiceProperties (existed before, only internal improvement)

Known limitations: N/A  
Affected Components:  PROTECTED ASSETS COMPLIANCE ENGINEDATA FETCHERS AZURE

AWS Cognito - 13:00 UTC

Type: Improvement
Description: Fetch Cognito identity and user pools from N. California, São Paulo, Paris, Stockholm and Bahrain
Known limitations: N/A  
Affected Components:   DATA FETCHERS AWS

AWS MQ Broker - 13:00 UTC

Type: Improvement
Description: Fetch MQ brokers from GovCloud (US-East), GovCloud (US-West),  Beijing and Ningxia
Known limitations: N/A  
Affected Components:   DATA FETCHERS AWS



Deployment October 4 ,2021

Assessment report - Failed tests by fix - 15:00 UTC

Type: Bug Fix
Description: fix to populate failed by severity value
Known limitations: N/A 
Affected ComponentsUI

Compliance API - 15:00 UTC

Type: Improvement
Description: Internal configuration change
Known limitations: N/A 
Affected ComponentsAPI

Compliance Rulesets Update - 12:15 UTC

Type: Improvement

Description: Fixing AWS rules. A complete list can be found here

Case ID: DFT-1342, DFT-1539
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

AWS SQS - 10:00 UTC

Type: Bug Fix
Case ID: DFT-1458
Description:  Support pagination 
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS 

Internal changes for several components - 10:00 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected ComponentsALL SYSTEM 


Deployment September 29 ,2021

Compliance Rulesets Update - 10:30 UTC

Type: Improvement

Description: Fixing Azure rules. A complete list can be found here

Case ID: DFT-1467
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Protected Assets - Alibaba Entities - 11:00 UTC

Type: Improvement
Description:

  • Added 'Status' as additional field to Alibaba ECS Instance entity in protected assets.

  • Added 'DBInstanceStatus' as additional field to Alibaba RDS DB Instance entity in protected assets.

  • Alibaba ECS Instance 'Billable Asset' property is set to 'Yes' in case 'Status' is 'Running'.

  • Alibaba RDS DB Instance 'Billable Asset' property is set to 'Yes' in case 'DBInstanceStatus' is 'Running'.

Known limitations: N/A 
Affected Components:  PROTECTED ASSETS API DATA FETCHERS ALI

Serverless - Obsolete dotnetcore2.1 FSP injector changes - 17:00 UTC

Type: New Feature
Description: Add/remove auto-protect feature from webapp UI won't be supported for dotnetcore2.1 runtime.
Cloud Formation template has been changed. the new version: 21
Known limitations: N/A 
Affected ComponentsSERVERLESS SERVERLESS CLOUD FORMATION

Serverless - FSP add support for graviton2 - 17:00 UTC

Type: New Feature
Description: Cloudguard FSP Support for AWS Lambda running on Graivton2 processors
FSP has been changed. the new version: 1.5.62
Known limitations: N/A 
Affected ComponentsSERVERLESS SERVERLESS RUNTIME PROTECTION


Deployment September 23 ,2021

Azure Subnet and VNET - 08:30 UTC

Type: Bug Fix
Case ID: DFT-1497
Description: Improve the way we correlate subnet to VNET model in compliance engine
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE


Deployment September 19 ,2021

Shift Left - Feature enabled in Preview mode for all customers - 07:00 UTC

Type: New Feature
Description:  Releasing it as preview for everyone, supporting Terraform and CFT.
Known limitations: N/A 
Affected ComponentsSHIFTLEFT


Deployment September 14 ,2021

Protected Assets Page - 07:00 UTC

Type: Improvement

Description:  internal improvements.
Known limitations: N/A 
Affected ComponentsAPI

Findings Page - 07:00 UTC

Type: Improvement

Description:  internal improvements.
Known limitations: N/A 
Affected ComponentsAPI


Deployment September 13 ,2021

Compliance Rulesets Update - 16:00 UTC

Type: Improvement

Description: Azure and GCP rules removal. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS


Deployment September 9 ,2021

Compliance Rulesets Update - 16:00 UTC

Type: Improvement

Description:  Adding new rules to the Azure best practices ruleset. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Serverless - Generate Obsolete Runtime Task - 15:00 UTC

Type: Improvement
Description: For the functions with runtimes, that have reached end of support from AWS, an ObsoleteRuntimeTask will be created to notify the user that the account has the functions with unsupported runtimes. The task will have an information how to resolve that.

Please visit the link below for information on runtime end of support dates.
https://docs.aws.amazon.com/lambda/latest/dg/runtime-support-policy.html

Known limitations: N/A 
Affected Components:   SERVERLESS  

Serverless - Dot-net auto protect bug fix - 15:00 UTC

Type: Bug Fix
Description: Update Dot-net FSP instrumentation libraries to latest version.
FSP has been changed. the new version: 1.5.60
Known limitations: N/A 
Affected Components:   SERVERLESS  SERVERLESS RUNTIME PROTECTION


Deployment September 5 ,2021

Azure Redis - 14:30 UTC

Type: Improvement
Description: Internal improvement in error handling.

Known limitations: N/A  
Affected Components:   DATA FETCHERS AZURE

Google Cloud Account - 13:30 UTC

Type: Improvement
Description: Added new property "ProjectNumber" in protected assets and compliance engine.

Known limitations: N/A  
Affected Components:   DATA FETCHERS GCPCOMPLIANCE ENGINEPROTECTED ASSETS

AWS SSM Instance Information - 13:30 UTC

Type: Improvement
Description: Removed redundant property "LastPingDateTime" in protected assets and compliance engine.

Known limitations: N/A  
Affected Components:   DATA FETCHERS AWS

Data Fetchers  - 13:30 UTC

Type: Improvement
Description: Internal improvement in multiple data fetchers.

Known limitations: N/A  
Affected Components:   DATA FETCHERS AWSDATA FETCHERS AZUREDATA FETCHERS GCP

Compliance Rulesets Update - 10:00 UTC

Type: Improvement

Case ID: SR-352, SR-346
Description:  Adding new rules to the Azure best practices ruleset. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS


Deployment September 02 ,2021

Azure Redis - 18:00 UTC

Type: Improvement
Case ID: DFR-1431
Description: Added the following properties to Azure Redis in protected assets and compliance engine.

  • ReplicasPerMaster

  • ReplicasPerPrimary

  • PublicNetworkAccess

  • MinimumTlsVersion

  • Instances

  • PrivateEndpointConnections

Known limitations: N/A  
Affected Components:  PROTECTED ASSETS COMPLIANCE ENGINEDATA FETCHERS AZURE

Data Fetchers Improvement - 18:00 UTC

Type: Improvement
Description: Internal improvement in all data fetchers
Known limitations: N/A 
Affected Components:   DATA FETCHERS  


Deployment September 1 ,2021

Compliance Rulesets Update - 15:00 UTC

Type: Improvement

Case ID: SR-281
Description:  The first release of AWS CloudFormation Template ruleset.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

DataFetchers Improvement - 11:00 UTC

Type: Improvement
Description: Internal improvement in all data fetchers
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE      NOTIFICATIONS


Deployment August 31 ,2021

Findings Page - Sorting - 18:00 UTC

Type: Improvement

Case ID: DFR-1866
Description: Adding Values for Action field: Detect and Prevent
Known limitations: N/A 
Affected Components:  FINDINGS PAGE 

Findings Page - Sorting - 18:00 UTC

Type: Bug Fix
Description: Fix Events alphabetical sorting
Known limitations: N/A 
Affected ComponentsUI FINDINGS PAGE API

Findings Page - Action Buttons Improvement - 14:00 UTC

Type: Improvement
Case ID: DFR-1663
Description: UI change on the Findings actions.
Known limitations: N/A 
Affected ComponentsUI FINDINGS PAGE

Dashboard - Widget Filter fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-1357
Description: Fixed an issue that affected filter on dashboards widgets.
Known limitations: N/A 
Affected ComponentsUI DASHBOARD

Intelligence Findings - Investigate button fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-1160
Description: Fixed a bug on the UI that sent the wrong URL when investigating a finding.
Known limitations: N/A 
Affected ComponentsUI

Compliance Report - Passed entities fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-1325, DFT-1420
Description: Fixed a bug on the UI representation on the report.
Known limitations: N/A 
Affected ComponentsUI

External Findings API - 7:30 UTC

Type: Bug Fix
Description: Fixed a bug where External Findings API returns all types and findings, and not only external findings.
Known limitations: N/A 
Affected ComponentsAPI


Deployment August 30 ,2021

Azure Cosmos DB - 15:00 UTC

Type: Improvement
Case ID: DFR-2028
Description: Added the following properties to Azure Cosmos DB in compliance engine.

  • isVirtualNetworkFilterEnabled

  • keyVaultKeyUri

  • privateEndpointConnections

  • publicNetworkAccess

  • virtualNetworkRules

Known limitations: N/A  
Affected Components:  PROTECTED ASSETS COMPLIANCE ENGINEDATA FETCHERS AZURE

Serverless - fix list append - 16:00 UTC

Type: Bug Fix
Description: Bug fix in k8s whitelist creation
Known limitations: N/A 
Affected Components:   SERVERLESS  

Serverless - profile according to callstack info  - 16:00 UTC

Type: Improvement
Description: Add support for callstack profiling and enforcement in Kubernetes - parent process/process that generate network activity.
Known limitations: N/A 
Affected Components:   SERVERLESS  

Serverless - intercept csharp function with harmony - 16:00 UTC

Type: Improvement
Description: Intercept azure function using Harmony
FSP has been changed. the new version: 1.5.59
Known limitations: N/A 
Affected Components:   SERVERLESS  SERVERLESS RUNTIME PROTECTION


Deployment August 26 ,2021

GCP Route -  11:00 UTC

Type: New Entity
Case ID: DFR-1955
Description: Added support for GCP Route in protected assets and compliance engine.
Known limitations: N/A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS GCP PROTECTED ASSETS

GCP Router -  11:00 UTC

Type: New Entity
Case ID: DFR-1954
Description: Added support for GCP Router in protected assets and compliance engine.
Known limitations: N/A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS GCP PROTECTED ASSETS

GCP Instance Template -  11:00 UTC

Type: New Entity
Case ID: DFR-1953
Description: Added support for GCP Instance Template in protected assets and compliance engine.
Known limitations: N/A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS GCP PROTECTED ASSETS

Azure Web App, Azure Function App - 11:00 UTC

Type: Improvement
Case ID: DFR-1833
Description:  Added 'scmIpSecurityRestrictionsUseMain' property under 'config' property in protected assets and compliance engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE PROTECTED ASSETS

Azure Web App, Azure Function App - 11:00 UTC

Type: Improvement
Case ID: DFR-1833
Description:  Added 'kind' property under 'config.accessRestrictions' property in protected assets and compliance engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE PROTECTED ASSETS

AWS Onboarding - 10:00 UTC

Type: Improvement
Description: Internal change in AWS onboarding flow.
Known limitations: N/A 
Affected ComponentsAPI


Deployment August 25 ,2021

Data Fetchers - 11:30 UTC
Type: Improvement
Description: Internal Improvement
Known limitations: N/A 
Affected ComponentsDATA FETCHERS ALI DATA FETCHERS GCP DATA FETCHERS AZURE DATA FETCHERS AWS


Deployment August 24 ,2021

Compliance Engine - 10:00 UTC

Type: Terraform Improvement
Description: Internal improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE 

AWS GovCloud Onboarding - 12:30 UTC

Type: Bug Fix
Description: Fixed a bug which prevented onboarding of AWS GovCloud accounts.
Known limitations: N/A 
Affected ComponentsAPI

Compliance Engine - 13:00 UTC

Type: Removal of obsolete Ticketing system 
Description: Internal improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API


Deployment August 23 ,2021

Protected Assets - New Infrastructure - 11:00 UTC

Type: Improvement
Description:

  • Added internal infrastructure to support future features in Protected Assets.

  • Added additional property 'externalAdditionalFields' in Protected Assets entities.

Known limitations: N/A 
Affected Components:  PROTECTED ASSETS API


Deployment August 19 ,2021

Kubernetes APIs - 14:00 UTC
Type: Improvement
Description: New and updated APIs for Pod Groups.

A new API that queries a specific pod group for its images
A new API that queries a specific pod group for its pods

Change in Kubernetes image pod groups API return value.
When querying for pod groups that use specific KubernetesImage the ‘id’ field which to date returned the Kubernetes Id, will now be renamed as ExternalID.
Instead, the ‘id’ field will now return, CloudGuard id of the pod group and not the Kubernetes id.

Known limitations: N/A 
Affected Components:      

Data Fetchers Improvement - 13:30 UTC
Type: Improvement
Description: Internal change in several data fetchers of AWS, Azure, GCP and Alibaba.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS ALI DATA FETCHERS GCP DATA FETCHERS AZURE DATA FETCHERS AWS

AWS Onboarding - 11:00 UTC

Type: Improvement
Case ID: DFR-1884
Description: Changed the validation process. We no longer require EC2 permissions in order to complete AWS cloud accounts onboarding.
Known limitations: N/A 
Affected ComponentsAPI

CloudSecurityGroup API Performance - 11:00 UTC

Type: Improvement
Description: Improved the performance of '/v2/cloudsecuritygroup?forAccess=true' API.
Known limitations: N/A 
Affected ComponentsAPI


Deployment August 18 ,2021

Compliance Engine MongoDB- 10:00 UTC

Type: Improvement
Description: Internal improvement.

Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API


Deployment August 17 ,2021

Account registration and User Password Reset fix- 17:00 UTC

Type: Bug Fix
Case ID: DFT-1370
Description:  Fixed a UI issue that blocked specific flows affecting registering new accounts, users and password reset.
Known limitations: N/A
Affected ComponentsUI AUTHENTICATION

Azure Storage Account - 13:30 UTC

Type: Improvement
Case ID: DFR-1045
Description:  Added 'AdvancedThreatProtectionEnabled' and  'BlobSoftDeleteEnabled' properties in protected assets and compliance engine.
Known limitations: 'AdvancedThreatProtectionEnabled' is not supported in the following regions: southafricanorth, southafricawest, westus3, chinaeast2, norwayeast, australiacentral.
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZUREPROTECTED ASSETS

Azure Storage Account - 13:30 UTC

Type: Improvement
Case ID: DFR-1045
Description:  Enriched information in 'PrivateEndpointConnections' property in protected assets and compliance engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZUREPROTECTED ASSETS

AWS Storage Gateway - 13:00 UTC

Type: Improvement
Description:  Remove redundant 'ContentLength', 'HttpStatusCode' and 'ResponseMetadata' properties in compliance engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE 

GCP HTTP Load Balancer - 13:00 UTC

Type: New Entity
Description: Added support for GCP HTTP Load Balancer in protected assets and compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCPPROTECTED ASSETS

GCP TCP\UDP Load Balancer - 13:00 UTC

Type: New Entity
Description: Added support for GCP TCP\UDP Load Balancer in protected assets and compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCPPROTECTED ASSETS


Deployment August 16 ,2021

Compliance Engine- 16:00 UTC

Type: Improvement
Description: Internal improvement.

Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API


Deployment August 12, 2021

AWS IAM User - 11:30 UTC

Type: Bug Fix
Case ID: DFT-1359
Description: Set consistent order for the IAM access keys in compliance engine 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE    

AWS Red Shift & AWS IAM User - 11:30 UTC

Type: Improvement 
Description: Improve error handling in the compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE 


Deployment August 11,2021

Serverless - Added support for kafka and mq triggers - 15:00 UTC

Type: Improvement
Description: Added support for kafka and mq triggers when generating suggested roles .
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html
Known limitations: N/A 
Affected Components:   SERVERLESS  

Serverless - Proact - Get token from env var - 15:00 UTC

Type: Improvement
Description: You can now use `CLOUDGUARD_ACCESS_TOKEN` environment variable to provide the token to cloudguard tool.
Earlier only config file and command line parameters were supported.
Known limitations: N/A 
Affected Components:   SERVERLESS  SERVERLESS PROACT

Serverless - get function errors - HF - 15:00 UTC

Type: Bug Fix
Description: Serverless lambda errors (fsp injector, log subscription, inside vpc)
Serverless azure function app errors
Known limitations: N/A 
Affected Components:   SERVERLESS  

Serverless - WRP auto identify os distribution - 15:00 UTC

Type: Improvement
Description: Implement loader which responsible for identifying container OS, and initialize appropriate (per OS) libosfsp.so
FSP has been changed. the new version: 1.5.52
Known limitations: N/A 
Affected Components:   SERVERLESS  SERVERLESS RUNTIME PROTECTION

Serverless - FSP node14.x support aws - 15:00 UTC

Type: Improvement
Description: AWS is obsoleting node10.x runtime. We have removed Cloudguard FSP support for node10.x runtime and added support for node14.x. It is recommended to use latest nodejs runtime to continue protecting your functions with FSP.
FSP has been changed. the new version: 1.5.57
Known limitations: N/A 
Affected Components:   SERVERLESS  SERVERLESS RUNTIME PROTECTION

AWS IAM Credentials Report - 14:00 UTC

Type: Bug Fix
Description: Fixed an internal issue that caused a failure to generate the credentials report in some cases.
Known limitations: N/A 
Affected Components:   DATA FETCHERS AWS  


Deployment August 10,2021

Tenable.io Open Findings - 13:00 UTC

Type: Bug Fix
Description: Fixed a bug which caused Tenable.io external finding to remain open after EC2 instance deletion.
Known limitations: N\A
Affected Components:  COMPLIANCE ENGINE


Deployment August 9,2021

Azure Insights - 12:00 UTC

Type: Improvement
Description: Infra Improvement for Azure Insights data fetcher.
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE

Shiftleft - Ignoring un relevant file types- 9:30 UTC
Type: Improvement
Description: Internal change in order to ignore not relevant files.
Known limitations: N/A 
Affected ComponentsSHIFTLEFT     


Deployment August 4,2021



Azure Virtual Machine - 13:30 UTC
Type: Improvement
Case ID: DFR-1938
Description: Added 'vmId' property to Azure Virtual Machine API
Known limitations: N/A 
Affected ComponentsAPI     



Data Fetchers Improvement - 11:30 UTC
Type: Improvement
Description: Internal change in several data fetchers of Azure, GCP and Alibaba.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS ALI DATA FETCHERS GCP DATA FETCHERS AZURE COMPLIANCE ENGINE  



Deployment August 3,2021



Kubernetes - Clean up old Images  - 10:00 UTC

Type: Improvement
Description: Remove kubernetes Image objects that no longer exist in the cluster.
Known limitations: N/A
Affected Components: Kubernetes Images



Kubernetes - Update Admission Control APIs - 10:00 UTC

Type: Improvement
Description:
Adding a targetType for requests and responses to Admission Control policies APIs.
The relevant APIs are:

  • {Get, Put, Post} at /v2/kubernetes/admissionControl/policy

  • {Get, Delete} at /v2/kubernetes/admissionControl/policy/{id}.

The available target types for these APIs are "Environment", indicating an environment policy, and "OrganizationalUnit", indicating an Organizational Unit Policy.
Known limitations: N/A
Affected Components: Kubernetes API



Deployment July 29 ,2021



Azure Insights - 12:00 UTC

Type: Improvement
Description:  Removed redundant fields from Azure Insights entity.
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE



AWS SES - 12:00 UTC

Type: New Entity
Case ID: DFR-771
Description: Added support for AWS SES in protected assets and compliance engine.
Known limitations: Limited up to 1000 ses items per cloud account .
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS AWS PROTECTED ASSETS



AWS Elastic Beanstalk - 12:00 UTC

Type: Improvement
Case ID: DFR-1337
Description:  Added 'Resources' and 'Settings' properties in protected assets and compliance engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS



Azure Log Profile & AWS Iam User - 12:00 UTC

Type: Improvement 
Description: Improve error handling in the compliance engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE 



AWS Group History - 12:00 UTC

Type: Improvement
Case ID: DFR-1343
Description: Internal improvement for non US regions.

Known limitations: N/A 

Affected Components:  API



Deployment July 28 ,2021



Serverless - Handle old accounts ProtegoAgentBucketPolicy - 18:00 UTC

Type: Improvement
Description: Update Cross account CFT in order to support account update.
cloud formation template has been changed. the new version: 20

Known limitations: N/A 
Affected ComponentsSERVERLESS SERVERLESS CLOUD FORMATION



Serverless - Serverless get function errors  - 18:00 UTC

Type: New Feature
Description: Serverless lambda errors (fsp injector, log subscription, inside vpc)
Serverless azure function app errors

Known limitations: N/A 
Affected ComponentsSERVERLESS 



Serverless - FSP subprocess context support - 18:00 UTC

Type: Improvement
Description: Added support for sub-process in Azure.
FSP has been changed. the new version: 1.5.56

Known limitations: N/A 
Affected ComponentsSERVERLESS SERVERLESS RUNTIME PROTECTION



Kubernetes - New APIs - 15:00 UTC

Type: Improvement

Description

New APIs for Containers Image Assurance.

A new API that queries a specific image for the image details, including the results of the scan.
A new API that queries a specific image for the Pods and Pod Groups that are deployed from this image.

Known limitations: N/A 
Affected ComponentsKUBERNETES API



Kubernetes - Cluster status improvement - 15:00 UTC

Type: Bug Fix
Description: Fixed a bug where the Kubernetes cluster status could go from Initializing back to Pending status, during the onboarding process.

Known limitations: N/A 
Affected ComponentsKUBERNETES API



Kubernetes - Scan status improvements - 15:00 UTC

Type: Improvement
Description: Added detailed error messages for image scan status when the image exceeds max size limits (as defined in the Helm chart) or exceeds max IP or URL limitation.
When the image hasn’t been scanned yet, the status text was changed from ‘Pending’ to "Pending Scan"
When there is an unrecoverable error during the scan, the status text was changed from ‘Error’ to "Internal Error"

Known limitations: N/A 
Affected ComponentsKUBERNETES IMAGES



Deployment July 26 ,2021



Compliance Engine- 07:30 UTC

Type: Improvement
Description: Internal improvement.

Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API



Deployment July 25 ,2021



Serverless - Remove Python2.7 from CLI Tool- 15:00 UTC

Type: Improvement
Description

From the deprecation date of July 15, 2021, AWS Lambda will no longer apply security patches and other updates to the Python 2.7 runtime used by Lambda functions. In addition, functions using Python 2.7 will no longer be eligible for technical support. You will no longer be able to create new Lambda functions using the Python 2.7 runtime from this date.

Python 2.7 has been removed from Proact Tool supported runtime, if you run the tool on Python 2.7 functions,
you will get below error
`UnsupportedRuntimeError - Runtime Python2.7 will no longer be supported. To continue receiving security updates and support, please upgrade to Python3.x`

Please migrate your Python 2.7 functions to Python 3.x
proact tool has been changed. the new version: 1.5.50

Known limitations: N/A 
Affected Components:  SERVERLESS  SERVERLESS PROACT



Serverless - Obsolete node 10x- 15:00 UTC

Type: Improvement
Description: Since AWS will be soon obsoleting node 10.x support, the nodejs scanner is upgraded to node14.x

Known limitations: N/A 
Affected Components:  SERVERLESS  



Deployment July 22 ,2021



Alibaba - Organizational Units - 14:00 UTC

Type: Improvement
Case ID: DFR-1903
Description: Added APIs to support Organizational Units management for Alibaba cloud accounts.
Known limitations: Not supported in UI.
Affected ComponentsCOMPLIANCE ENGINE API



Deployment July 21 ,2021



Alibaba RAM Password Policy - 17:00 UTC

Type: Bug Fix
Description: Rename property from 'ramPolicyPasswordId' to 'policyPasswordId' in compliance engine
Known limitations: N/A 
Affected ComponentsDATA FETCHERS ALI COMPLIANCE ENGINE  



Alibaba KMS - 17:00 UTC

Type: Bug Fix
Description: Change 'automaticRotation' property from date time to string type in compliance engine
Known limitations: N/A 
Affected ComponentsDATA FETCHERS ALI COMPLIANCE ENGINE  



Support AWS Osaka Japan Region - 17:00 UTC

Type: Improvement
Description: Added support for Osaka region.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS COMPLIANCE ENGINE API SECURITY GROUP MANAGEMENT



Deployment July 20 ,2021



Kubernetes - Helm chart 2.4.0 released - 20:00 UTC

Type: New Release
Description: A new Helm chart, version 2.4.0 was released.
The main changes include:

  • Image Assurance: Image Assurance Engine memory limit modified to be to [MAX_IMAGE_SIZE]+500MB (the default value remains 2GB+500MB).

  • Runtime Protection: Added Containerd support. Reduce required agent privileges.

  • Container runtime auto-detection. There is no longer a need to manually set the runtime environment (Docker/Containerd).

  • Telemetry enhancements

  • Miscellaneous bug fixes (fix references to Check Point in helm chart docs fields, fix various typos/formatting, etc)

Known limitations : N/A 

Affected Components :     KUBERNETES  HELM 



Deployment July 19 ,2021



Serverless - FSP support for java8.al2 runtime - 12:00 UTC

Type: Improvement
Description: Add FSP add/remove support for java8.al2 runtime.

FSP has been changed. the new version: 1.5.55
Cloud Formation template has been changed. the new version: 18

Known limitations : N/A 

Affected Components :     SERVERLESS  SERVERLESS RUNTIME PROTECTION SERVERLESS PLUGIN



Deployment July 15 ,2021




AWS Backup Vault - 12:00 UTC

Type: New Entity
Case ID: DFR-1789
Description: Added support for AWS Backup Vault in protected assets and compliance engine.
Known limitations: Requires a new permission to cloud guard role - "backup:ListBackupVaults".
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS AWS PROTECTED ASSETS




Azure Function App - 12:00 UTC

Type: Improvement
Case ID: DFR-1935
Description:  Added 'externalPrivateEndpoints' property in the compliance engine.
Known limitations: Requires a new permission to cloud guard role - "Microsoft.Web/sites/config/list/action".
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS




AWS VPC, Subnet & VPC Peering connection - 12:00 UTC

Type: Improvement
Case ID: DFR-1848
Description:  Added 'ownerId' property in the compliance engine and API.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API



Deployment July 13,2021




Serverless - Obsolete Python2.7 - 18:00 UTC

Type: Improvement
Description: Obsolete Python2.7 runtime as AWS is going to end Python 2 support for the AWS CLI and SDK.
Known limitations: N\A
Affected ComponentsSERVERLESS




AWS Security Groups- 13:00 UTC

Type: Improvement
Description: Infrastructure changes for data fetchers responsible for AWS security groups handling.
Known limitations: N\A
Affected ComponentsDATA FETCHERS AWS




Data Fetchers - Permissions Handling - 13:00 UTC

Type: Improvement
Description: Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected ComponentsDATA FETCHERS GCP DATA FETCHERS ALI DATA FETCHERS AZURE COMPLIANCE ENGINE API




Azure Insights - 13:00 UTC

Type: New Entity
Case ID: DFR-891
Description:  

  • Added support for Azure Insights entity. The entity contains Azure resource's Diagnostic Settings.

  • Currently the following entity types are supported: Virtual Machines, Function Apps, Web Apps, SQL DBs, Network Security Groups.

Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE




Compliance Rulesets Update - 11:45 UTC

Type: Improvement

Case ID: DFR-1661
Description:  The first release of Hi-Trust and ITSG-33 rulesets for AWS.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment July 12,2021




Infrastructure Improvement - 14:00 UTC

Type: Improvement
Case ID: DFT-1353
Description:  Improved Posture Findings filters sorting.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API




Compliance Rulesets Update - 11:25 UTC

Type: Improvement
Description:  GCP CloudGuard Network Alerts ruleset depreciation.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment July 11,2021




Infrastructure Improvement - 09:00 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected ComponentsAPI 



Deployment July 8,2021




AWS EKS Cluster - 13:00 UTC

Type: Improvement
Case ID: DFR-1640
Description:  Added 'fargateProfiles' property in the compliance engine
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS




AWS IAM Role - 13:00 UTC

Type: Improvement
Case ID: DFR-1790
Description:  Added 'roleLastUsed' and 'maxSessionDuration' properties in the compliance engine and API.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API



Deployment July 7,2021




Serverless - Azure learning - 16:00 UTC

Type: New Feature
Description:  Add behavior for Azure Function App
Known limitations: N/A 
Affected ComponentsSERVERLESS




Serverless - Azure - support context in threads - 16:00 UTC

Type: Improvement
Description:   A support to identify function name in a thread created by Azure function

FSP has been changed. the new version: 1.5.52
Known limitations: N/A 
Affected ComponentsSERVERLESS  SERVERLESS RUNTIME PROTECTION




Serverless - Java FSP remove bug - 16:00 UTC

Type: Bug Fix
Description:  Java bug fix FSP add/remove using cli tool.

FSP has been changed. the new version: 1.5.53
The plugin version has been changed.
Known limitations: N/A 
Affected ComponentsSERVERLESS  SERVERLESS RUNTIME PROTECTION SERVERLESS PLUGIN




Serverless - CLI Python3 Transition - 16:00 UTC

Type: Improvement
Description:  Transition of CLI tool to Python3 as AWS is going to end Python 2 support for the AWS CLI and SDK.

FSP has been changed. the new version: 1.5.49
Known limitations: N/A 
Affected ComponentsSERVERLESS  SERVERLESS RUNTIME PROTECTION




Serverless - Add severity to security events - 16:00 UTC

Type: Improvement
Description:  Add severity to k8s signature security events

Known limitations: N/A 
Affected ComponentsSERVERLESS 




AWS SSM Instance Information - 15:00 UTC

Type: Improvement
Description: Improving throttling errors handling
Known limitations: N\A
Affected Components:    DATA FETCHERS AZURE  




AWS Shield - 15:00 UTC

Type: Improvement
Description: Improving throttling errors handling
Known limitations: N\A
Affected Components:    DATA FETCHERS AWS  




Alibaba RDS - 15:00 UTC

Type: Improvement
Description: Added 'dbInstanceIpHostnames' property in the compliance engine
Known limitations: N\A
Affected Components:    DATA FETCHERS ALI  COMPLIANCE ENGINE




Serverless - Remove logs poller - 15:00 UTC

Type: Improvement
Description:  Remove Logs Poller.

Known limitations: N/A 
Affected ComponentsSERVERLESS  




Serverless - Generate FSP UUID from plugin - 15:00 UTC

Type: Improvement
Description:  Read UUID from cloudguard-fsp-config.json

FSP has been changed. the new version: 1.5.51
Known limitations: N/A 
Affected ComponentsSERVERLESS  SERVERLESS RUNTIME PROTECTION




Serverless - Bug fix for azure dot-net function on IO block - 15:00 UTC

Type:  Bug Fix
Description:  For any IO block event in azure dot-net functions, it should not allow access and return 500 internal server error

FSP has been changed. the new version: 1.5.50
Known limitations: N/A 
Affected ComponentsSERVERLESS  SERVERLESS RUNTIME PROTECTION




Serverless - Support network and improve signature alert - 15:00 UTC

Type: New Feature
Description:  Add Network profiling and enforcement support for Kubernetes workloads.
Change the Signature security events aggregation logic to include the event action - detect/block.
Known limitations: N/A 
Affected ComponentsSERVERLESS 




Serverless - Retry FSP policy download - 15:00 UTC

Type:  Improvement
Description:  Implemented policy download retry mechanism for Azure FSP.

FSP has been changed. the new version: 1.5.50
Known limitations: N/A 
Affected ComponentsSERVERLESS  SERVERLESS RUNTIME PROTECTION




Serverless - Bug fix for azure dot-net function on IO block - 15:00 UTC

Type:  Improvement
Description:  Generate timestamp UUID azure

FSP has been changed. the new version: 1.5.49
Known limitations: N/A 
Affected ComponentsSERVERLESS  SERVERLESS RUNTIME PROTECTION



Deployment July 1,2021




Compliance Improvement- 17:45 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE




Infrastructure Improvement - 15:30 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected ComponentsAPI 



Deployment June 24,2021




AWS Application and Network Load Balancer - 16:00 UTC

Type: Improvement
Description:  Internal performance improvement
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS




Alibaba RDS - 13:00 UTC

Type: Improvement
Description: Adjust db type and version enrichment fetching for Alibaba RDS.
Known limitations: N\A
Affected Components:  DATA FETCHERS ALI 




AWS Application Auto Scaling Policy - 13:00 UTC

Type: New Entity
Case ID: DFR-1653
Description: Added support for AWS Application Auto Scaling Policy in protected assets and compliance engine.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS AWS PROTECTED ASSETS




EntityFetchStatus API - 13:00 UTC

Type: Improvement
Description: Internal performance enhancement for the GET request in EntityFetchStatus API.
Known limitations: N\A
Affected ComponentsAPI




Service Account - 13:00 UTC

Type: Improvement
Case ID: DFT-1321
Description: Allow to manage service accounts via SSO JIT users.
Known limitations: N\A
Affected ComponentsAPI



Deployment June 23,2021




Compliance Rulesets Update - 15:00 UTC

Type: Improvement
Description:  Updating best practices rulesets, changing the name of Alibaba ruleset. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment June 22,2021




AWS Instance - 11:40 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE




Compliance Improvement- 11:40 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE



Deployment June 20, 2021




Authentication Improvements - 12:30 UTC

Type: Improvement
Description: Authentication flows improvements.
Known limitations:  N/A
Affected Components:  API MSP AUTHENTICATION 



Deployment June 17,2021




AWS Instance - 15:15 UTC

Type: Improvement 
Case ID: DFR-1429
Description: Added 'ssmAgentInstanceInformation' property in the compliance engine
Known limitations:  N\A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE API



Deployment June 16,2021




Azure Storage Account - Blob Containers - 12:00 UTC

Type: Internal Change
Description: Limited the amount of fetched Blob Containers for each Storage Account.
Known limitations:  N\A
Affected Components:  DATA FETCHERS AZURE




Compliance Improvement- 10:30 UTC

Type: Improvement
Description:  Internal improvement
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE



Deployment June 13,2021




Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  Fix for D9.AWS.CRY.05. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment June 10,2021




Compliance Improvement - 15:30 UTC

Type: Improvement core
Description: Internal improvement upgrading core version.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment June 9,2021




Azure Key Vault - 12:00 UTC

Type: Improvement
Case ID: DFT-1128
Description:  Added 'ipRulesObjects' property in the compliance engine
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE



Deployment June 7,2021



AWS Lambda Function - 17:00 UTC

Type: Bug Fix
Case ID: DFT-1133
Description:  Fetch lambda functions where package type is image
Known limitations: N\A
Affected Components:  DATA FETCHERS AWS 



Serverless billable asset change - 17:00 UTC

Type: Improvement
Description:  Billable assets Serverless ratio was updated to 1:60
Known limitations: N\A
Affected Components:  ACCOUNT PAGE 



Azure Security Center - 10:00 UTC

Type: New Entities
Case ID: DFR-1226
Description:  Added support for Azure AutoProvisioningSettings and SecurityContact in the compliance engine.
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE



Deployment June 3,2021

Alibaba RDS - 13:15 UTC

Type: Improvement
Description

  • Added 'dbInstanceBackupPolicy' property in the compliance engine

  • Added 'dbInstanceEndpoints' property in the compliance engine

  • Added 'dbInstanceEncryptionKey' property in the compliance engine

Known limitations: N\A
Affected Components:    DATA FETCHERS ALI  COMPLIANCE ENGINE


Azure Data Fetchers - 13:15 UTC

Type: Improvement
Description: Improving permission errors handling
Known limitations: N\A
Affected Components:    DATA FETCHERS AZURE  



Deployment June 2,2021




Kubernetes Agent Status Enchantments - 16:30 UTC

Type: Improvement
Description: The Kubernetes agent status have been refactored with faster and more detailed Agent deployment status information.
Known limitations: N/A 
Affected ComponentsKUBERNETES




Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  The first release of the Azure New Zealand Information Security Manual (NZISM) v.3.4 rulesets and fix duplicated rules. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS




Azure Storage Account - 11:15 UTC

Type: Improvement 
Case ID: DFR-1465
Description:

  • Added 'performance' property in the compliance engine

  • Added 'replication' property in the compliance engine

Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE

Azure Virtual Machine - 11:15 UTC

Type: Improvement 
Case ID: DFR-1465, DFR-1680
Description:

  • Added 'extensions' property in the compliance engine

  • Added 'availabilityZones' property in the compliance engine

Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE

AWS Cloud Front - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS Cloud Front entity.
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE 




AWS Network Load Balancer - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS NLB entity.
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE 




AWS Application Load Balancer - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS ALB entity.
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE 




AWS ELB - 11:15 UTC

Type: Improvement 
Description: Added property 'protectedByShield' to AWS ELB entity.
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE 




Alibaba SLB - 11:15 UTC

Type: New Entity
Case ID: DFR-1506
Description: Added support for Alibaba Server Load Balancer in protected assets and compliance engine.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS ALI PROTECTED ASSETS




Alibaba Auto Scaling Group- 11:15 UTC

Type: New Entity
Case ID: DFR-1512
Description: Added support for Alibaba Auto Scaling Group in protected assets and compliance engine.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE  DATA FETCHERS ALI PROTECTED ASSETS



Deployment June 1,2021




Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Statistics counter improvement.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       




Compliance Improvement - 15:00 UTC

Type: Improvement
Description: Internal improvement Image Scan model update.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment May 31,2021




Intercom - 16:45 UTC

Type: Bug Fix
Description: Added default value for 'registered by' property.
Known limitations: N/A 
Affected ComponentsINTERCOM 




Support Alibaba Region - China Guangzhou - 15:30 UTC

Type: Improvement
Description: Added support for China Guangzhou region.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS ALI COMPLIANCE ENGINE




Update Image Risk Score - 12:30 UTC

Type: Improvement
Description: ImageScan result will now feature an Image Risk Score value in the CVSS format of 0-10.0.
Image Risk Score will denote an image’s overall risk potential.
Known limitations: N/A 
Affected ComponentsKUBERNETES 



Deployment May 30,2021




Kubernetes new APIs - 16:45 UTC

Type: Improvement
Description: Some Kubernetes API have been changed for better usability.
Kubernetes onboarding and Admission Control APIs have been refactored.

note: Even though the documentation has been updated to reflect the new format, the old format of the APIs will continue to be supported.
Known limitations: N/A 
Affected ComponentsKUBERNETES 



Deployment May 26,2021




Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  Adding new rules to new vendor preview ruleset. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment May 20,2021




Serverless - FSP Version List  - 14:00 UTC

Type: New Feature
Description: Adding the ability to set the FSP version manually for AWS Lambda. The plugin and proact tool have been changed.
Known limitations: N\A
Affected ComponentsSERVERLESS  




Serverless - SNS Topic per Account - 14:00 UTC

Type: Improvement
Description: Use SNS topic per account for cross account interaction cloud_formation template has been changed. the new version: 16
Known limitations: N\A
Affected ComponentsSERVERLESS  




Serverless - Ignore IO Values - 14:00 UTC

Type: Bug Fix
Description: This fixes the false positive security events due to change in chrome headers in latest update. FSP has been changed. the new version: 1.5.48
Known limitations: N\A
Affected ComponentsSERVERLESS  




Azure Data Fetchers - Permissions Handling - 10:00 UTC

Type: Improvement
Description: Azure Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected ComponentsDATA FETCHERS AZURE COMPLIANCE ENGINE API




Azure Policy Definition - 10:00 UTC

Type: Bug Fix
Description: Fixed an issue with Azure Policy Definition data fetcher which caused sync failures in some cases.
Known limitations: N\A
Affected ComponentsDATA FETCHERS AZURE 



Deployment May 19,2021




New Cloud Vendor Support - 17:00 UTC

Type: New Entity
Description:  Added support for new entities in the compliance engine
Known limitations: N/A 
Affected Components:  PROTECTED ASSETS DATA FETCHERS  COMPLIANCE




AWS IAM Data Fetchers - 17:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:    DATA FETCHERS AWS       




Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description:  Adding new rules to new vendor preview ruleset. Removing D9.AWS.NET.69. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment May 12,2021




AWS IAM Data Fetchers - 18:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:    DATA FETCHERS AWS       




Compliance Rulesets Update - 09:37 UTC

Type: Improvement
Description:  Adding new rules to Azure Best Practice ruleset. Fixing D9.AZU.IAM.06 rule.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment May 10,2021




AWS Onboarding - Role Trust Policy - 16:00 UTC

Type: Bug Fix
Description: Changes in AWS Roles External ID generation logic.
Known limitations: N/A 
Affected ComponentsAPI AWS ONBOARDING




Compliance Rulesets Update - 11:10 UTC

Type: Improvement
Description:  Azure CloudGuard Network Alerts ruleset depreciation. Replacing old network rules in new network rules. 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment May 9,2021




GCP Data Fetchers - Permissions Handling - 12:00 UTC

Type: Improvement
Description: GCP Cloud Accounts permissions handling infrastructure changes.
Known limitations: N\A
Affected ComponentsDATA FETCHERS GCP COMPLIANCE ENGINE API



Deployment May 3,2021




Roles Page - Adding Service account indicator - 16:15 UTC

Type: Improvement
Case ID: DFR-1146
Description: Adding Service Accounts indicator.
Known limitations: N\A
Affected ComponentsUI ROLES PAGE




Dashboards - Public option fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1146
Description: Fixing an issue while creating a public custom dashboard.
Known limitations: N\A
Affected ComponentsUI DASHBOARDS




Environments page - typo fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1153
Description: Fixing a typo on EU West region.
Known limitations: N\A
Affected ComponentsUI ENVIRONMENTS PAGE




CSV Export - Download fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1166
Description: Fixing an issue that prevented download on windows system.
Known limitations: N\A
Affected ComponentsUI CSV EXPORT




Compliance Report  - Print fix - 16:15 UTC

Type: Bug fix
Case ID: DFT-1169, DFT-1174
Description: Fixing an issue that affected printing reports.
Known limitations: N\A
Affected ComponentsUI COMPLIANCE REPORTS




Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Statistics counter improvment.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       




Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement ElasticSearch
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment Apr 29,2021




Compliance Improvement - 7:00 UTC

Type: Improvement
Description: Internal improvement Runners.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       




Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Data Migration.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment Apr 28,2021




Compliance Rulesets Update - 13:40 UTC

Type: Improvement
Description:  Rules added to AWS and GCP best practices rulesets. Rule D9.AWS.IAM.1020 was fixed.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Apr 28,2021




Kubernetes Assets - New columns - 11:00 UTC

Type: Improvement
Description: Kubernetes asset list now support additional columns such as namespace, number of workloads, image tags, etc.
Known limitations: This change only affects new and/or changed objects.
Affected Components:  KUBERNETES PROTECTED ASSETS PAGE



Deployment Apr 27,2021




Azure Storage Account - 14:00 UTC

Type: Improvement
Case ID: DFR-1535
Description: Added 'blobContainers' property for Azure Storage Account in the compliance engine.
Known limitations:  N\A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE




Azure Container Registry - 14:00 UTC

Type: Improvement
Case ID: DFR-1621
Description: Added networking properties for Azure Container Registry in the compliance engine.
Known limitations:  N\A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE




AWS Athena - 14:00 UTC

Type: Entity Removal
Case ID: DFT-1114
Description: AWS Athena Query Execution (Athena in GSL) was removed in order to prevent rate limit and costs impact.
Known limitations:  N\A
Affected Components:  DATA FETCHERS AWS COMPLIANCE ENGINE




AWS RDS DB Instance - 13:00 UTC

Type: Bug Fix
Case ID: DFT-1096
Description: Fetch tags for AWS RDS DB Instance in china and gov regions.
Known limitations:  N\A
Affected Components:  DATA FETCHERS AWS



Deployment Apr 26,2021




Compliance CSV export - 18:30 UTC

Type: Improvement
Case ID: DFR-1743
Description:  Added IsExcluded field to the CSV report.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE REPORT




Compliance Rulesets Update - 15:00 UTC

Type: Improvement
Description:  Rules added to AWS and GCP best practices rulesets.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS




AWS Dynamo DB Table - 13:30 UTC

Type: Bug Fix
Case ID: DFT-1096
Description: Fetch tags for AWS Dynamo DB Table in china and gov regions.
Known limitations:  N\A
Affected Components:  DATA FETCHERS AWS



Deployment Apr 22,2021




UI - Infrastructure improvements  - 12:30 UTC

Type: Improvement
Description: Internal improvement and new login page.
Known limitations: N\A
Affected Components:    UI       




Compliance Improvement - 8:00 UTC

Type: Improvement
Description: Internal improvement Teams integrations
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment Apr 21,2021




Protected assets - Kubernetes fixes - 22:00 UTC

Type: Bug fix
Case ID: DFT-1142, DFT-1141
Description: Fixing minor UI issues.
Known limitations: N\A
Affected ComponentsUI PREOTECTED ASSETS




Protected assets page - VPC fix - 22:00 UTC

Type: Bug fix
Case ID: DFT-1147
Description: Fixing an issue that showed AWS VPC as new vendor cloud VPC.
Known limitations: N\A
Affected ComponentsUI PREOTECTED ASSETS



Deployment Apr 20,2021




Serverless - optimise se q flow - 14:00 UTC

Type: Improvement 
Description: Optimize security events handling flow, to prevent delay of processing and display.
Known limitations:  N\A
Affected ComponentsSERVERLESS 




Serverless - Azure python post deploy instrumentation - 14:00 UTC

Type: New Feature
Description: FSP can now be added to an already deployed Azure function app. This support is currently enabled for Python runtime (Linux containers).
Known limitations:  N\A
Affected ComponentsSERVERLESS 




Serverless - Azure post deploy premium - 14:00 UTC

Type: Improvement 
Description: Added support for Azure post deploy functionality for premium and app service plans.
Known limitations:  N\A
Affected ComponentsSERVERLESS 




Serverless - Add dynamic signatures fetch - 14:00 UTC

Type: New Feature
Description: Dynamic update of k8s signatures from Check Point Research team.
Known limitations:  N\A
Affected ComponentsSERVERLESS 




AWS S3 Bucket - 14:00 UTC

Type: Improvement 
Description: Added property 'arn' to AWS S3Bucket entity.
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE 




GCP IAM Group - 12:30 UTC

Type: Bug Fix
Description: Fixed an issue that caused GcpIamGroup.groupData property to be empty.
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




GCP IAM User - 10:30 UTC

Type: Improvement 
Description:  

  • Added 'roles' property in the compliance engine. 
    This property holds all the roles assigned to the user directly on the onboarded project.

  • Added 'userData.groups' property in the compliance engine.
    This property includes holds all groups the user is member in and in the same domain.

Known limitations:  Roles are not include organization inheritance
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




GCP IAM Role - 10:30 UTC

Type: New Entity 
Description:  Added support for GCP Project IAM Role (custom and predefined) including the role permissions in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




GCP VM Instance- 10:30 UTC

Type: Improvement 
Description:  Added 'sourceImage' and 'sourceImageId' properties for each GCP VM Instance Disk in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




GCP Disk - 10:30 UTC

Type: New Entity
Description:  Added support for GCP Disk in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




GCP Image - 10:30 UTC

Type: Improvement
Description:  Added 'creationTimestamp' property for GCP Image in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




GCP Project - 10:30 UTC

Type: Improvement
Case ID: DFR-1698
Description:  Added 'enabledServices' property for GCP Project in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




Azure Function App and Web App - 10:30 UTC

Type: Improvement
Case ID: DFR-1572
Description:  Added 'appServicePlan' property for Azure Function App and Web App in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE



Deployment Apr 19,2021




Azure Function App - 18:00 UTC

Type: Improvement
Case ID: DFR-1635, DFR-1636, DFR-1642
Description: 

  • Added 'privateEndpoints' property in the compliance engine

  • Added 'unauthenticatedClientAction' property in the compliance engine

  • Populate SCM IP Security Restrictions as part of 'config.accessRestrications' property in the compliance engine

Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE




Compliance Rulesets Update - 15:00 UTC

Type: Improvement
Description:  Rules added to Azure best practices ruleset. Logic fix of D9.GCP.CRY.07.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS




New Cloud Vendor Support - New Infrastructure - 14:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:  PROTECTED ASSETS DATA FETCHERS  COMPLIANCE




AWS Shield - 14:00 UTC

Type: New Entity
Case ID: DFR-1715
Description: Added support for AWS Shield in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS



Deployment Apr 13,2021




New Cloud Vendor Support - New Infrastructure - 19:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:  PROTECTED ASSETS DATA FETCHERS  COMPLIANCE



Deployment Apr 12,2021




Compliance Rulesets Update - 13:00 UTC

Type: Improvement
Description:  The first release of GCP GDPR ruleset. Rules added to GCP best practices ruleset.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Apr 08,2021




Azure Storage Account - 10:30 UTC

Type: Bug Fix
Case ID: DFT-1149
Description: Populate 'resourceGroup' property for Azure Storage Account in compliance engine.
Known limitations: N\A
Affected Components:  COMPLIANCE ENGINE




New Cloud Vendor Support - New Infrastructure - 10:30 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected Components:  PROTECTED ASSETS DATA FETCHERS  COMPLIANCE



Deployment Apr 07,2021




AWS Data Fetchers - 13:30 UTC

Type: Bug Fix
Description: Fixed an issue with missing permissions handling for AWS entities: Sqs, Organization.
Known limitations:  N\A
Affected ComponentsDATA FETCHERS AWS




Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  Fixing an issue affected internally.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Apr 06, 2021




Rulesets page - Run assessment permission fix - 13:30 UTC

Type: Bug fix
Case ID: DFT-1124
Description: Fixing an issue that disabled the run button.
Known limitations: N\A
Affected ComponentsUI RULESETS PAGE




Exclusions page - Free search text fix - 13:30 UTC

Type: Bug fix
Case ID: DFT-1123
Description: Fixing an issue that affected searching for rule names.
Known limitations: N\A
Affected ComponentsUI EXCLUSIONS PAGE




Type: Bug fix
Case ID: DFT-1116
Description: Adding alert missing links.
Known limitations: N\A
Affected ComponentsUI EVENT PAGE




AWS Onboarding - Fix for full protection - 13:30 UTC

Type: Bug fix
Case ID: DFT-1070
Description: Fixing an issue to restrict converting security groups to full protection.
Known limitations: N\A
Affected ComponentsUI AWS UNSAFE-ONBOARDING




Log.ic - Fixing time ticker - 13:30 UTC

Type: Bug fix
Case ID: DFT-1095
Description: Fixing an issue affected the time ticker.
Known limitations: N\A
Affected ComponentsUI LOGIC




New cloud vendor support - Infrastructure change - 13:30 UTC

Type: New feature
Case ID: DFR-1598
Description: Adding new vendor support framework.
Known limitations: N\A
Affected ComponentsUI 




Continuous posture - Showing only associated policies  - 13:30 UTC

Type: Improvement
Case ID: DFR-1381
Description: Showing only associated elements.
Known limitations: N\A
Affected ComponentsUI CONTINUOUS POSTURE




Protected assets - Added DaemonSet asset page - 13:30 UTC

Type: Improvement
Case ID: DFR-1266
Description: Adding DaemonSet asset page.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS



Deployment Apr 05,2021




New Cloud Vendor Support - New Infrastructure - 17:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsAPI PROTECTED ASSETS DATA FETCHERS  COMPLIANCE




GCP Filestore Instance - 16:30 UTC

Type: New Entity
Case ID: DFR-1558
Description: Added support for GCP Filestore Instance in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS GCP




AWS Data Fetchers - 14:00 UTC

Type: Bug Fix
Description: Fixed an issue with missing permissions handling for AWS entities: NatGateway, RDSDBSnapshot.
Known limitations:  N\A
Affected ComponentsDATA FETCHERS AWS




Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description:  Rules added to Azure and GCP best practices rulesets. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Mar 31, 2021




Azure SQL Server - 11:00 UTC

Type: Improvement
Case ID: DFR-1102
Description: Added 'minimalTlsVersion' property for Azure SQL Server entity in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE




New Cloud Vendor Support - New Infrastructure - 11:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsAPI PROTECTED ASSETS DATA FETCHERS  COMPLIANCE



Deployment Mar 30, 2021




New Cloud Vendor Support - New Infrastructure - 08:30 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsAPI PROTECTED ASSETS DATA FETCHERS



Deployment Mar 25, 2021




AWS Route53 Hosted Zone - 14:00 UTC

Type: Improvement
Case ID: DFR-1442
Description: Added 'queryLoggingConfigs' property for AWS Route53 Hosted Zone entity in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS




New Cloud Vendor Support - New Infrastructure - 14:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API PROTECTED ASSETS DATA FETCHERS



Deployment Mar 22, 2021




Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       




New cloud vendor support - Infrastructure change - 10:00 UTC

Type: New feature
Case ID: DFR-1528, DFR-1530, DFR-1531
Description: Adding new vendor support framework.
Known limitations: N\A
Affected ComponentsUI 




Dashboards - Fixing account ID filter - 10:00 UTC

Type: Bug fix
Case ID: DFT-1078
Description: Fixing an issue for specific widgets with account Id.
Known limitations: N\A
Affected ComponentsUI DASHBOARD




UI changes - Titles removal and filter change  - 10:00 UTC

Type: Improvement
Case ID: DFR-1576, DFR-1577
Description: Removing page titles from all system pages, combine the filter and search to a single line.
Known limitations: N\A
Affected ComponentsUI 




Compliance Reports - Adding representation for passed entities  - 10:00 UTC

Type: Improvement
Case ID: DFR-377
Description: The assessment results now will show the failed and passed entities.
Known limitations: N\A
Affected ComponentsUI REPORTS




Notifications page - Improving Error Messages  - 10:00 UTC

Type: Improvement
Case ID: DFR-1437
Description: When a Webhook integration fails the page will return the complete error message.
Known limitations: N\A
Affected ComponentsUI NOTIFICATIONS




Dashboards - Adding Assignee = me - 10:00 UTC

Type: Improvement
Case ID: DFR-1548
Description: Adding filter to represent which alerts assigned to the current user.
Known limitations: N\A
Affected ComponentsUI DASHBOARD



Deployment Mar 21, 2021




GCP Data Fetchers - New Infrastructure - 13:00 UTC

Type: Improvement
Description: Added a new Infrastructure for GCP Data Fetchers
Known limitations: N/A.
Affected Components:   DATA FETCHERS GCP  



Deployment Mar 18, 2021




New Cloud Vendor Support - New Infrastructure - 15:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API PROTECTED ASSETS DATA FETCHERS




New Welcome Pages - 14:00 UTC

Type: Improvement
Description:  Added new default welcome pages to menu sections :

  • Posture

  • Network

  • Identity

  • Workload Protection

  • Intelligence

Known limitations: N/A 
Affected Components:    MENU ITEMS




Deployment Mar 17,2021




New Cloud Vendor Support - New Infrastructure - 14:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API PROTECTED ASSETS DATA FETCHERS




Compliance Rulesets Update - 12:30 UTC

Type: Improvement
Description:  Rules added to GCP Best Practice ruleset. D9.AWS.DR.04 was removed. 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Mar 15,2021




Compliance Backend Functionality enhancement - 14:00 UTC

Type: Improvement
Description:  Adding Backend functionality in order to support a new cloud vendor.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API



Deployment Mar 14,2021




FSP version visibility - 08:00 UTC

Type:  New Feature
Case ID:  PROT-713
Description:  Adding a new visibility for each AWS lambda that’s use FSP, to get the FSP version.
The purpose of this feature is that in the next step we will have the ability to set the FSP version manually.
Known limitations:  N/A
Affected ComponentsSERVERLESS



Deployment Mar 10,2021




New Cloud Vendor Support - New Infrastructure - 12:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE API




Compliance Rulesets Update - 12:40 UTC

Type: Improvement
Description:  Rules added to Azure CIS v1.1,v1.2, and v1.3 rulesets. and Azure CIS v1.2 enrichment. New and fix rules for GCP rulesets. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Mar 09,2021




Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment Mar 08,2021




GSL Builder - Run rule on all Accounts  - 14:00 UTC

Type: Improvement
Case ID: DFR-434
Description: Added ability to run a rule on multiple accounts. 
Known limitations: N\A
Affected Components:    UI  GSL BUILDER




Environment page - Log.ic improvements  - 14:00 UTC

Type: Improvement
Case ID: DFR-1451, DFR-1452, DFR-1454
Description: Minor UI Improvements 
Known limitations: N\A
Affected Components:    UI  ENVIRONMENTS PAGE




Configuration explorer - Group by fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1034
Description: Fix for group by option
Known limitations: N\A
Affected Components:    UI  CONFIGURATION EXPLORER




Exclusions page - Export to CSV fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1086
Description: Fix for the excluded rule name
Known limitations: N\A
Affected Components:    UI  EXCLUSIONS




Exclusions page - Rule name fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1052
Description: Fix for the excluded rule name
Known limitations: N\A
Affected Components:    UI  EXCLUSIONS




Log.ic - Explorer graph fix  - 14:00 UTC

Type: Bug fix
Case ID: DFT-1100 
Description: Fix an issue that cause the page to break
Known limitations: N\A
Affected Components:    UI  LOGIC




Ruleset page - Bug fix on create exclusion - 14:00 UTC

Type: Bug fix
Case ID: DFT-1102 
Description: Fix an exception that cause the page to freeze
Known limitations: N\A
Affected Components:    UI  RULESET PAGE




Compliance Improvement - 13:40 UTC

Type: Improvement
Description: Internal Migration
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE  API




ShiftLeft CLI - 12:00 UTC

Type: Improvement
Description: Improving error messages output
Known limitations: N\A
Affected Components:    SHIFTLEFT  API




Compliance Improvement - 10:40 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment Mar 07,2021




Azure Storage Account - 11:30 UTC

Type: Improvement
Case ID: DFR-1485
Description: Added 'privateEndpointConnections' property for Azure StorageAccount entity in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE




Compliance Rulesets Update - 10:30 UTC

Type: Improvement
Description:  The first release of Azure CIS v1.3 ruleset and Azure CIS v1.2 enrichment. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Mar 04,2021




Cloud IAM Role - 09:55 UTC

Type: Improvement
Description:  Added 'AssumeRolePolicy’ property to Cloud IAM Role API
Known limitations: N/A 
Affected ComponentsAPI 




New Cloud Vendor Support - New Infrastructure - 09:55 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsPROTECTED ASSETS DATA FETCHERS



Deployment Mar 02,2021




Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       




Compliance Improvement - 12:00 UTC

Type: Improvement
Description: Internal Finding Validation improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment Mar 01,2021




AWS EKS Cluster - 16:00 UTC

Type: Bug Fix
Case ID: DFT-1048
Description: Support node group label/tag key containing dots.
Known limitations: N/A
Affected Components:  DATA FETCHERS AWS




Azure Function App and Web App - 16:00 UTC

Type: Improvement
Case ID: DFR-1461
Description: Access Restrictions with source of type 'Service Tag'  are supported.
Known limitations: N/A
Affected Components:  DATA FETCHERS AZURE




New Cloud Vendor Support - New Infrastructure - 13:00 UTC

Type: Improvement
Description:  Adding new infrastructure in order to support new cloud vendor.
Known limitations: N/A 
Affected ComponentsAPI 



Deployment Feb 28,2021




Azure Event Hub Namespace - 15:30 UTC

Type: Improvement
Case ID: DFR-1053
Description: Added 'virtualNetworkRules' property for Azure Event Hub Namespace in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE




Azure Data Fetchers - 13:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Bastion and Maria DB.
Known limitations: N\A
Affected Components:    DATA FETCHERS AZURE




AWS API Gateway V2 - 13:00 UTC

Type: New Entity
Case ID: DFR-1470
Description: Added support for AWS HTTP API Gateway in the compliance engine
Known limitations:  N\A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS



Deployment Feb 25,2021

Azure Function App and Web App - 16:00 UTC

Type: Improvement
Case ID: DFR-1461
Description:

  • Added the 'accessRestrictions' property to Azure Function App and Web App config in compliance engine

  • 'isAuthenticateOn' property will be null when we fail to retrieve this information

Known limitations: Access Restrictions with at least one source of type 'Service Tag'  are not supported. Will be supported on later phase. 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE


Deployment Feb 24,2021

Compliance Rulesets Update - 10:00 UTC

Type: Improvement
Description:  Adding AWS Best practices rule. 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS


Deployment Feb 23,2021

AWS SQS and SNS - 15:00 UTC

Type: Improvement
Description: Add 'cryptoKeyId' property for AWS SQS and SNS in compliance engine.
Known limitations: N\A
Affected Components:  COMPLIANCE ENGINE

Environment API - fixing a minor issue 11:00 UTC

Type: Bug Fix
Description: Fixing an issue that affected removing cloud account.
Known limitations: N\A
Affected Components:    API       


Deployment Feb 22, 2021

Remediation - Fixing UI issue - 8:30 UTC

Type: Bug Fix
Case ID: DFT-1084
Description: Fixed an issue that caused the UI to freeze.
Known limitations: N\A
Affected ComponentsUI REMEDIATION

Compliance dashboard - Export fix - 8:30 UTC

Type: Bug Fix
Case ID: DFT-1059
Description: fixing missing Account Id on export.
Known limitations: N\A
Affected ComponentsUI DASHBOARD

Exclusions page - New look and feel - 8:30 UTC

Type: Improvement
Case ID: DFR-1212
Description: Adjusted to the general system style.
Known limitations: N\A
Affected ComponentsUI EXCLUSIONS

Compliance Report - Redirect to referrer page - 8:30 UTC

Type: Improvement
Case ID: DFR-412
Description: After closing the report redirect to the referrer page.
Known limitations: N\A
Affected ComponentsUI REPORTS


Deployment Feb 18,2021

Internal configuration improvement - 14:00 UTC

Type: Improvement
Description:  Internal configuration improvement
Known limitations: N\A
Affected Components:     DATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP  API  

Azure Service Fabric Cluster- 14:00 UTC

Type: New Entity
Case ID: DFR-330
Description:  Added support for Azure Service Fabric Cluster in the compliance engine
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE   COMPLIANCE ENGINE

Azure Bastion - 14:00 UTC

Type: New Entity
Case ID: DFR-1498
Description:  Added support for Azure Bastion in the compliance engine
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE   COMPLIANCE ENGINE

GCP Security Group - 14:00 UTC

Type: Improvement

Case ID: DFR-458
Description:

  • Added the 'enabled' property to Security Groups Inbound and Outbound rules.

  • The property reflects the enforcement status of the corresponding firewall rules.

  • The change effects GcpSecurityGroup and VMInstance entities.

Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE DATA FETCHERS GCP

AWS Credentials Editing - New infra structure - 14:00 UTC

Type: Improvement
Description:  Adding new infra structure in order to support new future features. 
Known limitations: N/A 
Affected ComponentsAPI 

Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  D9.AWS.VLN.02 fix. 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS


Deployment Feb 17,2021

Compliance Improvement - 13:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       

Compliance Improvement - 11:30 UTC

Type: Improvement
Description: Api Infrastructure improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       

Compliance Improvement - 08:30 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       


Deployment Feb 16,2021

AWS SQS and SNS - 11:00 UTC

Type: Bug Fix
Case ID: DFT-1079
Description: Populate 'cryptoKey' property for keys without alias name in compliance engine.
Known limitations: N\A
Affected Components:  COMPLIANCE ENGINE

Compliance Rulesets Update - 9:20 UTC

Type: Improvement
Description:  A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS


Deployment Feb 11,2021


Compliance Improvement - 10:00 UTC

Type: Improvement
Description: Infrastructure improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       



Deployment Feb 10,2021


Azure Subnet - 12:00 UTC

Type: Improvement
Case ID: DFR-1450
Description:  Added 'delegationsList' property for Azure Subnet in the compliance engine
Known limitations: N\A
Affected Components:  COMPLIANCE ENGINE DATA FETCHERS AZURE

AWS CloudTrail - Organization Trails - 10:30 UTC

Type: Improvement
Case ID: DFT-1042
Description:

  • Added support for Organization level trails for member accounts.

  • Added 'isOrganizationTrail' property to CloudTrail entity.

Known limitations: Tags are not supported for organization level trails on member accounts.
Affected ComponentsPROTECTED ASSETS DATA FETCHERS AWS COMPLIANCE ENGINE

Compliance Rulesets Update - 10:20 UTC

Type: Improvement
Description:  Fix two AWS IAM rules. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS


Deployment Feb 9, 2021

Kubernetes Onboarding - Saving entered values - 12:00 UTC

Type: Improvement
Case ID: DFR-1449
Description: Saving values entered on onboarding even if the user clicked back.
Known limitations: N\A
Affected ComponentsUI KUBERNETES

Type: Bug Fix
Case ID: DFT-1028
Description: Adding missing flow logs link.
Known limitations: N\A
Affected ComponentsUI CLARITY

Protected Assets - GCP VM UI fix - 12:00 UTC

Type: Bug Fix
Case ID: DFT-1064
Description: Fixing an issue that prevented viewing GCP VM's detailed view.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

AWS NACL - Added ICMP codes - 12:00 UTC

Type: Improvement
Case ID: DFR-1361
Description: Added ICMP types to the UI.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Notifications - Security Hub Integration - 12:00 UTC

Type: Improvement
Case ID: DFR-1460
Description: Added regions to our integration.
Known limitations: N\A
Affected ComponentsUI NOTIFICATIONS


Deployment Feb 8,2021


Compliance Improvement - 14:00 UTC

Type: Improvement
Description: Add new UI functions to API.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE  API

Compliance Improvement - 11:00 UTC

Type: Improvement
Description: Improved load time of ruleset page.
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE       


Deployment Feb 7,2021




Azure Network Security Group - 14:00 UTC

Type: Improvement
Description:  Added 'subnetId' property for Azure Network Security Group in the compliance engine
Known limitations: N\A
Affected Components:  COMPLIANCE ENGINE

AWS Elastic Beanstalk - 14:00 UTC

Type: New Entity
Case ID: DFR-1379
Description:  Added support for AWS Elastic Beanstalk in the compliance engine
Known limitations: N\A
Affected Components:  DATA FETCHERS AWS   COMPLIANCE ENGINE

Azure Maria DB - 14:00 UTC

Type: New Entity
Case ID: DFR-501
Description:  Added support for Azure Maria DB in the compliance engine
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE   COMPLIANCE ENGINE

Azure Virtual Machine Scale Set - 11:00 UTC

Type: Improvement
Description:  Infrastructure improvement
Known limitations: N\A
Affected Components:  DATA FETCHERS AZURE     


Deployment Feb 3,2021

New Service Now Application - 20:30 UTC

Type: Improvement
Description: New application with new features and certified for Paris Version, find it here
Known limitations: N\A
Affected Components:    SERVICENOW APPLICATION       

Internal configuration improvement - 19:30 UTC

Type: Improvement
Description:  Internal configuration improvement
Known limitations: N\A
Affected Components:    COMPLIANCE ENGINE DATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP DATA FETCHERS K8S API  

Compliance Rulesets Update - 11:00 UTC

Type: Improvement
Description:  The first release of Azure CIS Foundations v. 1.2.0. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS


Deployment Jan 28,2021

Azure Data Fetchers - 17:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Virtual Machine, Virtual Machine Scale Set and Redis.
Known limitations: N\A
Affected Components:    DATA FETCHERS AZURE

Compliance Improvement- 14:00 UTC

Type: Internal Improvement
Description:  Internal improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE


Deployment Jan 27,2021

Exclusions page - New Dialog - 12:30 UTC

Type: Improvement
Case ID: DFR-1212
Description: Adding new improved dialog.
Known limitations: N\A
Affected ComponentsUI EXCLUSIONS

Dashboard - Export fix - 12:30 UTC

Type: Bug Fix
Case ID: DFT-1043
Description: Fixing the Dashboard export.
Known limitations: N\A
Affected ComponentsUI DASHBOARDS

Environments page - Remove instance column - 12:30 UTC

Type: Improvement
Case ID: DFR-1453
Description: Removing the instance column.
Known limitations: N\A
Affected ComponentsUI ENVIRONMENTS

Kubernetes Onboarding - Blades rename - 12:30 UTC

Type: Improvement
Case ID: DFR-1239
Description: Renamed blades.
Known limitations: N\A
Affected ComponentsUI KUBERNETES

Compliance  Improvement - 12:00 UTC

Type: Internal Improvement
Description:  External finding improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE




Compliance Rulesets Update - 11:00 UTC

Type: Improvement
Description:  A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Jan 26,2021




Protected Assets - Index Azure VM private IP - 11:00 UTC

Type: Improvement
Description: Index Azure VM private IP
Known limitations: N/A
Affected Components:   DATA FETCHERS AZURE  PROTECTED ASSETS 




Compliance Improvement- 11:00 UTC

Type: Internal Improvement
Description:  Internal improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE



Deployment Jan 21,2021




Azure Event Hub Namespace - 13:30 UTC

Type: New Entity
Case Id: DFR-1401
Description: Added support for Azure Event Hub Namespace in the compliance engine
GSL Examples:

  • Ensure that Azure EventHubNamespace is encrypted:

    EventHubNamespace should not have encryption.keyVaultProperties isEmpty()

Known limitations:  N/A
Affected Components:   COMPLIANCE ENGINE DATA FETCHERS AZURE




AWS Update Credentials API - 13:30 UTC

Type: Bug Fix
Case Id: DFT-1057
Description: Fixed an issue for handling empty cloud account in user based credentials.
Known limitations: N/A.
Affected Components:  API



Deployment Jan 20,2021




Compliance Rulesets Update - 13:45 UTC

Type: Improvement
Description:  A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS




AWS Onboarding - New infra structure - 13:00 UTC

Type: Improvement
Description:  Adding new infra structure in order to support new future features. 
Known limitations: N/A 
Affected ComponentsAPI AWS ONBOARDING




Add "Sync Now" support for Azure Load Balancer - 13:00 UTC

Type: Improvement
Description: Azure load balancer fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components:   DATA FETCHERS AZURE   



Deployment Jan 18, 2021




Compliance  Improvement - 16:30 UTC

Type: Internal Improvement
Description:  Revert due to an issue discovered.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE




Compliance  Improvement- 14:00 UTC

Type: Internal Improvement
Description:  Internal improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE




Compliance  Improvement - 12:00 UTC

Type: Internal Improvement
Description:  External finding improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE




Compliance  Improvement- 10:00 UTC

Type: Internal Improvement
Description:  Internal API improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE



Deployment Jan 17, 2021




Authentication Improvements - 14:00 UTC

Type: Improvement
Description: Authentication flows improvements.
Known limitations:  N/A
Affected Components:  SSO INFINITY PORTAL AUTHENTICATION 



Deployment Jan 14, 2021




PREVIEW

Log.ic - Azure Activity Logs - 15:30 UTC

Type: New Feature
Description: Added Log.ic support on Azure Storage, Audit, Signin, Activity Logs.
Known limitations: Currently in Early Availability 
Affected ComponentsLOGIC




GCP App Engine - 11:00 UTC

Type: New Entity
Case ID: DFR-608
Description: Added support for GCP App Engine in the compliance engine
GSL Examples:

  • Ensure that GCP AppEngine utilizes Identity-Aware Proxy:       
       AppEngine should have iap.enabled=true


Known limitations:  N/A
Affected Components:   COMPLIANCE ENGINE DATA FETCHERS GCP




Azure HDInsight - 11:00 UTC

Type: Improvement
Case ID: DFR-1436
Description: Region and location properties were converted into lower case strings
Known limitations:  N/A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE 



Deployment Jan 13, 2021




Compliance  Improvement- 10:00 UTC

Type: Internal Improvement
Description:  Internal importer improvement.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS




Compliance  Improvement- 06:45 UTC

Type: Internal Improvement
Description:  Managed generic list backend capability only.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS



Deployment Jan 11, 2021




Protected assets - Detailed export fix - 20:30 UTC

Type: Bug Fix
Case ID: DFT-1017
Description: minor UI fix.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS




Notifications - Jira integration - 20:30 UTC

Type: Improvement
Case ID: DFT-1024, DFR-1391
Description: Jira default JSON payload changed, Test button enabled on payload change.
Known limitations: N\A
Affected ComponentsUI NOTIFICATIONS




Account page - Adding more Logic usage data - 20:30 UTC

Type: Bug Fix
Case ID: DFT-1003
Description: Adding more details to improve usability.
Known limitations: N\A
Affected ComponentsUI ACCOUNT PAGE




Main Menu - Log.ic menu item - 20:30 UTC

Type: Bug Fix
Case ID: DFT-1001
Description: Log.ic will always be present even if not onboarded.
Known limitations: N\A
Affected ComponentsUI MENU




Kubernetes Onboarding - Region support - 20:30 UTC

Type: Improvement
Case ID: DFR-1400
Description: Added region support to the HELM command.
Known limitations: N\A
Affected ComponentsUI KUBERNETES




Compliance Rulesets Update - 14:45 UTC

Type: Improvement
Description:  AWS CloudGuard Network Alerts ruleset deprecation.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS




Azure Storage Account - 14:30 UTC

Type: Improvement
Case ID: DFR-1109
Description: Added multiple properties in compliance engine for Azure Storage Account.
Known limitations:  N/A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE 




AWS NACL - 14:30 UTC

Type: Improvement
Description: Added 'icmpProtocol' property in compliance engine for AWS NACL inbound and outbound entries.
Known limitations:  N/A
Affected Components:  API  COMPLIANCE ENGINE




AWS System Manager Document - 14:00 UTC

Type: Improvement
Description: Fetching only documents that are not owned by Amazon.
Known limitations:  N/A
Affected Components:  DATA FETCHERS AWS  



Deployment Jan 10,2021




AWS S3 Bucket Account Public Access Block - 14:30 UTC

Type: Bug Fix
Case ID: DFT-1037
Description: Fixed a syncing issue when deleting account level public access block settings.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS



Deployment Jan 7,2021




Shift Left - 7:30 UTC

Type: Improvement
Description: Added additional flags, improved the output to be more human readable and option to send the results to assessment history page.
Known limitations:  N/A
Affected Components:  SHIFTLEFT  



Deployment Jan 5,2021




Compliance Entities Changes  - 15:10 UTC

Type: Improvement
Case ID: DFR-1186
Description: Compliance entities model changes:

  • Tags - Removed from unsupported entities.

  • Region - Presented as 'Global' when location information is not available.

  • Source - Removed from all entities.

  • Vpc - Relevant for AWS entities only, removed from unsupported entities.

Known limitations:  N/A
Affected Components:  COMPLIANCE ENGINE 




Azure User  - 15:10 UTC

Type: Improvement
Case ID: DFR-1214
Description: Added 'assignedRoles' property in compliance engine for Azure User.
Known limitations:  N/A
Affected Components:  DATA FETCHERS AZURE COMPLIANCE ENGINE 

AWS API Gateway  - 15:10 UTC

Type: Improvement
Case ID: DFR-1234
Description: Added 'securityPolicy' property in compliance engine for AWS API Gateway
Known limitations:  N/A
Affected Components:  DATA FETCHERS AWS COMPLIANCE ENGINE 

MSP Portal - Log.ic Notifications  - 13:00 UTC

Type: New feature
Description: Add support to set Log.ic usage notifications from the MSP portal
Known limitations:  N/A
Affected Components:  MSP PORTAL LOG.IC NOTIFICATIONS 


Deployment Jan 4,2021


AWS Application Load Balancer and Network Load Balancer  - 12:30 UTC

Type: Improvement
Case ID: DFT-658
Description: Additional properties are supported in compliance engine for AWS Application Load Balancer and Network Load Balancer
Known limitations:  N/A
Affected Components:  DATA FETCHERS AWS COMPLIANCE ENGINE 

Compliance Rulesets Update - 10:30 UTC

Type: Improvement
Description:  The first release of the Azure Security Benchmark ruleset. New rules were added to Azure CloudGuard Best Practices reuleset and some GCP rules fixes. A complete list can be found here
Known limitations: N/A 
Affected Components

Deployment Jan 3,2021

Shift Left - New Infrastructure - 16:00 UTC

Type: Improvement
Description:  Added internal infrastructure to support future features for Shift Left.
Known limitations: N\A
Affected Components:     WEBAPP COMPLIANCE CORE

Data fetching services - 11:00 UTC

Type: Improvement
Description:  Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components:    ALL DATA FETCHING COMPONENTS 

Settings

  • No labels