Deployment March 27, 2024
FIXED Risk Management - Azure SQL Server Network Exposure - 11:30 UTC
Description: Treating the build it firewall rule that allows traffic from Azure services as partially public.
Case ID: CNAPP-7702
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS
Deployment March 26, 2024
FEATURE CIEM label can be added to CSPM rules - 11:00 UTC
Description: Adding support for adding CIEM label to custom CPSM rule, findings with that label will show up under CIEM\Findings.
Case ID: DFR-3257
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE CIEM
FEATURE Multi entities selection on CSPM exclusions - 10:00 UTC
Description: Added support for multi entities selection on CSPM exclusion, entities can be selected from a list or by using a wildcard
Case ID: DFR-3422, DFR-2327
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Deployment March 25, 2024
IMPROVEMENT AWS Region - 11:00 UTC
Description: Added support for Organization Access Analyzers Type under the “accessAnalyzers” field.
Case ID: DFR-3185
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE
FEATURE AWS Organization Unit - 10:00 UTC
Description: Added support for AWS Organization Unit in compliance engine and protected assets.
Case ID: DFR-2914
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment March 24, 2024
FIXED Risk Management - Azure SQL Server Network Exposure - 13:25 UTC
Description: Ignoring firewall rule that allows traffic from Azure services when calculating external public exposure.
Case ID: CNAPP-7702
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS
IMPROVEMENT Azure Load Balancer 11:00
Description: Added outbound rules support for the ‘LoadBalancer’ entity as a new property: ‘outboundRules’.
Case ID: DFR-2352
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE
Deployment March 19, 2024
IMPROVEMENT AWS CloudWatch Events - 11:10 UTC
Description: Added support for ECS parameters as new property 'targets[].ecsParameters' for the ‘CloudWatchEventsRule’ entity.
Case ID: DFR-3372
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE
IMPROVEMENT AWS Security Group - 11:10 UTC
Description: Added support in the ‘SecurityGroup’ entity for ‘EcsSchduledTask’ under the ‘networkAssetsStats’ property.
Case ID: DFR-3372
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE
IMPROVEMENT Compliance Rulesets Update - 10:30 UTC
Description: New Ruleset CIS Amazon EKS Benchmark v1.4.0, New Ruleset CIS GKE Benchmark v1.5.0, New Ruleset CIS Microsoft Kubernetes Engine (AKS) Benchmark v1.4.0; New AWS,OCI, Alibaba ,GCP and Kubernetes rules. A complete list can be found here.
Case ID: CNAPP-7660, DFT-3455
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Deployment March 19, 2024
IMPROVEMENT AWS S3 Bucket - 12:00 UTC
Description: Avoid deleting previous data of AWS S3 Bucket when not receiving new data (due to missing permissions or other reasons).
Case ID: DFR-2952
Known limitations: N/A
Affected Components: FETCHERS
IMPROVEMENT AWS Account - 10:30 UTC
Description: Added support for ‘Contact Information’ property in AWS Account in Compliance engine & Protected Assets.
Case ID: DFR-2383
Known limitations: N/A
Affected Components: FETCHERS
IMPROVEMENT OCI VNIC - 9:30 UTC
Description: Expose public & private IP in OCI VNIC in Protected Assets page
Case ID: DFT-3217
Known limitations: N/A
Affected Components: FETCHERS PROTECTED ASSETS
Deployment March 18, 2024
IMPROVEMENT Sydney - GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now containing more fields (fields that are not configured will contain null). Relevant to Sydney DC only.
Case ID: CNAPP-7553
Known limitations: N/A
Affected Components: FETCHERS
FIXED AWS Credential Report API - 9:00 UTC
Description: Fixed an issue that caused the presentation of old data in the 'CloudIamCredentialReport' API.
Case ID: DFT-3454
Known limitations: N/A
Affected Components: FETCHERS
Deployment March 17, 2024
FIXED GSL Builder Export | OU Path set to N/A while running a GSL rule - 15:00 UTC
Description: Fixed missing OU path when exporting from GSL builder
Case ID: DFT-3339
Known limitations: N/A
Affected Components: UI
FIXED UI | Unable to associate Ali baba cloud to another OU - 11:00 UTC
Description: Fixed failure to associate Ali baba cloud to OU
Case ID: DFT-3496
Known limitations: N/A
Affected Components: UI
FIXED Azure PostgreSQL - 10:50 UTC
Description: Fixed an issue that caused partial fetching for ‘PostgreSQL’ entities.
Case ID: DFT-3466
Known limitations: N/A
Affected Components: FETCHERS
Deployment March 14, 2024
FEATURE GCP Identity Platform - 13:00 UTC
Description: Added support for GCP Identity Platform Entities: IdentityPlatformTenant and IdentityPlatformUser.
Case ID: CNAPP-1463
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Azure Network Security Groups Management - 11:30 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7585
Known limitations: N/A
Affected Components: FETCHERS API
FEATURE Risk Management - Network Exposure - 11:30 UTC
Description: Network Exposure support for Azure SQL Server. Available in Protected Assets and as part of the risk score calculation.
Case ID: CNAPP-7064
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS
FIXED AWS VPC\KMS\Route table shown incorrectly in Protected Assets - 10:00 UTC
Description: Fixed a bug where AWS VPC\KMS was shown as Alibaba VPC\KMS in the protected assets table, and AWS route table was shown as Azure route table in the protected assets table.
Case ID: DFT-3458, DFT-3510, DFT-3452, DFT-3508
Known limitations: N/A
Affected Components: UI
Deployment March 13, 2024
IMPROVEMENT Compliance Rulesets Update - 10:00 UTC
Description: New AWS, OCI, Alibaba, and GCP rules; DFTs fixes. A complete list can be found here.
Case ID: CNAPP-7557, DFT-3484, DFT-3447
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FIXED UI | Missing permissions | Key vault seems to be duplicated on the amount of entities that have an issue- 10:00 UTC
Description: Remove duplication of key vault
Case ID: DFT-3408
Known limitations: N/A
Affected Components: UI
Deployment March 12, 2024
FIXED UI | Reporting | when we download the report from CIEM somehow don't get the label column on the export file- 14:00 UTC
Description: Lable was added to CIEM findings
Case ID: DFT-2551
Known limitations: N/A
Affected Components: UI
Deployment March 10, 2024
FEATURE GCP Cloud Source Repository 13:00 UTC
Description: Added support for GCP Cloud Source Repository entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1467
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment March 07, 2024
IMPROVEMENT Azure Network Security Groups Management - 13:25 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7491
Known limitations: N/A
Affected Components: FETCHERS API
IMPROVEMENT Azure User - 12:30 UTC
Description: Added support for ‘assignmentRoles’ property in Azure User in Compliance Engine and Protected Assets.
Case ID: DFT-3348
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Azure Cosmos DB Account - 11:15 UTC
Description: Added support for ‘minimalTlsVersion’ property in Azure Cosmos DB Account in Compliance Engine and Protected Assets.
Case ID: DFR-2932
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment March 06, 2024
FIXED UI | MSP | Cannot switch roles on FireFox - 14:00 UTC
Description: Fixed issue of switching logs in MSP in Firefox
Case ID: DFT-3430
Known limitations: N/A
Affected Components: UI
IMPROVEMENT Compliance Rulesets Update - 11:00 UTC
Description: DFTs fixes. A complete list can be found here.
Case ID: CNAPP-7453, DFT-3455, DFT-3381
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
IMPROVEMENT GCP GKE Cluster - 10:00 UTC
Description: Added support for ‘networkConfig’ property in GCP GkeCluster.
Case ID: DFR-2663
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS
FIXED AWS Kinesis Firehose - 06:00 UTC
Description: Fixed rate limit issue in AWS Kinesis Firehose.
Case ID: DFT-3432
Known limitations: N/A
Affected Components: FETCHERS
Deployment March 05, 2024
FEATURE GCP Cloud Armor Security Policy entity - 13:00 UTC
Description: Added support for GCP Cloud Armor Security Policy entity in Compliance Engine and Protected Assets.
Case ID: DFR-2968
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment March 04, 2024
FIXED UI | Typo in Role Creation Screen - 18:00 UTC
Description: Fix typo in role creation screen
Case ID: DFT-3483
Known limitations: N/A
Affected Components: UI
Deployment March 04, 2024
FIXED Slack and Teams Notification - 18:00 UTC
Description: Bug fix in Slack and Teams Notifications.
Case ID: CNAPP-8613
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Deployment March 02, 2024
IMPROVEMENT AWS S3 Bucket - 17:30 UTC
Description: Added support for ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.isCrossAccountKey’ and ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.kmsKey' properties in AWS S3 Bucket in Compliance engine & Protected Assets.
Case ID: DFR-2482
Known limitations: Keys which are cross account will be seen in the 'kmsKey’ property - only if belongs to a cloud account which was on boarded to the same CloudGuard account as the S3Bucket’s cloud account, and only if the client has approved account data sharing.
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS
Deployment March 01, 2024
FIXED Slack and Teams Notification - 23:00 UTC
Description: Bug fix in Slack and Teams Notifications.
Case ID: CNAPP-8613
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Deployment February 29, 2024
FEATURE 2.28.0: GitHub Registry, reduce URLs for Image Assurance - 10:00 UTC
Description: Image Assurance 2.29.0:
Release Github Container Registry Scanning support
Reduced the number of URLs that need to be accessed by the agents (relevant for Scan Engine Version 2.0.0 only). CloudGuard agents must have connectivity to these region-specific URLs.
Security enhancements - all agents:
Image Assurance 2.29.0
Admission Control: Enforcer 2.11.0 & Policy 1.8.0
Inventory 1.14.0
Flow-logs 0.14.0
Runtime Policy 1.8.0
Case ID: CON-8312
Known limitations: N/A
Affected Components: CONTAINERS
Deployment February 28, 2024
IMPROVEMENT Compliance Rulesets Update - 10:00 UTC
Description: New Ruleset SOX for AWS, Azure and GCP; New Ruleset CITSG-33 for GCP; New AWS, Azure, and GCP rules. A complete list can be found here.
Case ID: CNAPP-7373, DFT-3436, DFT-3427
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FEATURE GCP Firebase App Distribution Tester - 12:30 UTC
Description: Added support for GCP Firebase App Distribution Tester entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1464
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Azure Service Bus - 07:35 UTC
Description: Added support for ‘MinimumTlsVersion’ property in Azure Service Bus.
Case ID: DFR-2869
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
FIXED Exclusion with expired date will not allow to create new one - 14:00 UTC
Description: Bug fix in case a new exclusion is created while the same one exists but it is expired
Case ID: DFT-3047
Known limitations: N/A
Affected Components: COMPLIANCE ENGINEUI
Deployment February 25, 2024
FIXED UI | duplicate add policy in ruleset - 12:45 UTC
Description: UI duplicate add policy in ruleset, removed the additional option button from the Ruleset Card.
Case ID: DFT-3354
Known limitations: N/A
Affected Components: UI
FEATURE GCP Firestore Dataset - 09:40 UTC
Description: Added support for GCP Firestore Dataset entity in Compliance Engine and Protected Assets.
Case ID: DFR-2967
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment February 21, 2024
FIXED UI | Assessment history page stuck after clicking on rule details - 12:45 UTC
Description: Fix the issue that sub menu in “Posture Management” were stuck after clicking on rule details
Case ID: DFT-3355
Known limitations: N/A
Affected Components: UI
FIXED GCP IAM Group - 12:30 UTC
Description: Fix GCP IAM Group to enable updates in data.
Case ID: IN-8603
Known limitations: N/A
Affected Components: FETCHERS
IMPROVEMENT Compliance Rulesets Update - 9:00 UTC
Description: New Ruleset CIS Foundations Benchmark v2.1 for Azure; New Ruleset CIS Foundations Benchmark v3 for AWS; New Rulesets ACSC (ISM) for AWS, Azure & GCP; New Rulesets FFIEC for AWS, Azure & GCP;New Rulesets ISO27002 for AWS, Azure & GCP; New Rulesets PIPEDA for AWS, Azure & GCP; New Rulesets NIST 800-172 for AWS, Azure & GCP; New Rulesets SCF for AWS, Azure & GCP; New Rulesets SWIFT for AWS, Azure & GCP; New Rulesets ISO27017 for AWS, Azure & GCP; New Ruleset NIST 800-171 for GCP; New Ruleset HITRUST Latest for GCP; New Rulesets New Zealand ISMv3.6 for Azure & GCP; New Ruleset ASD Essential Eight for GCP; New Ruleset CMMC2.0 for GCP; New Ruleset CRI Profile for GCP; New Ruleset NY DFS Part 500 23 CRR for GCP, New AWS rule. A complete list can be found here.
Case ID: CNAPP-7240, DFT-3330, DFT-3398, DFT-3409, DFT-3410, DFT-3349
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FIXED Azure MySQLDBFlexibleServer - 08:10 UTC
Description: Fixed an issue in Azure MySQLDBFlexibleServer fetching mechanism.
Case ID: DFT-3437
Known limitations: N/A
Affected Components: FETCHERS
Deployment February 19, 2024
FEATURE GCP Vertex AI Notebook - 15:30 UTC
Description: Added support in Compliance Engine and Protected Assets for the following entities:
GcpVertexAINotebookRuntimeEntity
GcpVertexAINotebookInstanceEntity
GcpVertexAINotebookEnvironment
Case ID: CNAPP-1462
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment February 18, 2024
FIXED AWS SQS CryptoKey in AWS China region - 15:00 UTC
Description: Fixed a bug in which KMS keys in AWS China region were not shown in the SQS entity in CloudGuard.
Case ID: DFT-3413
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS
Deployment February 14, 2024
FEATURE AWS Shield Subscription - 15:30 UTC
Description: Added support for the AWS MSK Connect Connector entity in Compliance Engine and Protected Assets.
Case ID: DFR-3270
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FIXED AWS IAM User - 13:30 UTC
Description: Fixed an issue where the ‘sslPolicy.minProtocolVersion’ property was not set for Application Gateways that are using predefined policies.
Case ID: DFT-3328
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS
FIXED GCP Disk Region - 12:00 UTC
Description: Fixed a bug in which some regions were specified as global, which affected the dome9 id as well.
The fix included a deletion and recreation for the affected entities.
Case ID: DFT-3243
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS
FIXED Agents | Windows download link is broken - 08:30 UTC
Description: Fixed an issue for downloading windows and linux agents scripts
Case ID: DFT-3327
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
IMPROVEMENT Compliance Rulesets Update - 9:00 UTC
Description: New Ruleset CIS Controls v8 for Azure; New Ruleset FedRAMP (moderate) for AWS, Azure, and GCP; New AWS, and Azure. A complete list can be found here.
Case ID: CNAPP-7156, DFT-3165, DFT-3357, DFT-3392
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
IMPROVEMENT AWS API Gateway V2 - 09:00 UTC
Description: Added support for ‘Stages’ property in AWS API Gateway V2 in Compliance engine & Protected Assets.
Case ID: DFR-2678
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
IMPROVEMENT GCP Disk - 07:40 UTC
Description: Added new API for GCP Disk entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components: API
IMPROVEMENT GCP Image - 07:40 UTC
Description: Added new API for GCP Image entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components: API
Deployment February 13, 2024
FEATURE CDR (Intelligence) - Azure Centralized storage onboarding - 9:35 UTC
Description: Azure onboarding enhancements and options for Account Activity and Network Traffic including Azure centralized storage support & auto-onboarding.
Case ID: CNAPP-105, DFR-2562, DFR-2304, DFR-3414
Known limitations: N/A
Affected Components: CDR INTELLIGENCE ONBOARDING
FIXED AWS IAM User - 7:35 UTC
Description: Fixed an issue in the AWS’ ‘IamUser’ entity that caused the ‘secondAccessKey’ property sometimes to appear as the ‘firstAccessKey’ property.
Case ID: DFT-3405
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
FIXED UI | Protected assets - Asset page - Findings getting disappear - 7:35 UTC
Description: Fixed an issue in protected assets where findings were disappearing or appearing and then being refreshed with the correct data
Case ID: DFT-3272
Known limitations: N/A
Affected Components: UI
Deployment February 08, 2024
FIX OCI Compliance Engine - 9:45 UTC
Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Deployment February 07, 2024
IMPROVEMENT Compliance Rulesets Update - 15:00 UTC
Description: New Ruleset CIS Foundations Benchmark for AWS v3; New AWS, Azure, GCP, and OCI rules. A complete list can be found here.
Case ID: CNAPP-7018
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FIX OCI Compliance Engine - 13:15 UTC
Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
IMPROVEMENT GCP Virtual Machine Instance - 15:00 UTC
Description: The “sourceMachineImage” was exposed in Protected Assets API under “additionalFields” for GCP’s “VMInstance” entity.
Case ID: DFR-3134
Known limitations: N/A
Affected Components: API
IMPROVEMENT Azure Virtual Machine Image - 13:05 UTC
Description: A new API was added for Azure’s “VirtualMachineImage” entity: https://api.dome9.com/v2/AzureVirtualMachineImage.
Case ID: DFR-3156
Known limitations: N/A
Affected Components: API
Deployment February 05, 2024
FIX GCP IAM User - 13:15 UTC
Description: Fix GCP IAM User to enable updates in data.
Case ID: DFT-3290, DFT-3266
Known limitations: N/A
Affected Components: FETCHERS
FIX UI | Dashboard | Cannot filter for security groups, missing entity types - 09:30 UTC
Description: Added support for filterering by AWS SecurityGroups Entity Type
Case ID: DFT-3125
Known limitations: N/A
Affected Components: UI
IMPROVEMENT AWS Workspace - 9:15 UTC
Description: Exposed the “ipAddress” property for the AWS Workspace entity in the Protected Assets report, under the “PrivateIPs” field.
Case ID: DFT-3254
Known limitations: N/A
Affected Components: PROTECTED ASSETS FETCHERS
FIX Terraform provider | Need to add regions support - missing Israel - 09:00 UTC
Description: Added Tel Aviv region to terraform provider
Case ID: DFT-3323
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Deployment February 05, 2024
FEATURE AWS Shield Subscription - 10:40 UTC
Description: Added support for the AWS Shield Subscription in Compliance Engine and Protected Assets.
Case ID: CNAPP-5587
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment February 04, 2024
FEATURE Send security event notification per occurrence - 11:00 UTC
Description: Added the option to send notification each time occurrence is logged for “Threat & Security events” supported sources.
Case ID: CNAPP-499
Known limitations: N/A
Affected Components: NOTIFICATIONS
IMPROVEMENT Azure Virtual Machine - 7:30 UTC
Description: Added new property for the “VirtualMachine” entity: disks[].sseType. This enrichment reflects disk’s encryption-at-rest type.
Case ID: DFT-3319, DFT-3334, DFT-3330
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE
Deployment February 01, 2024
FEATURE Risk Management - AWP integration for Azure FunctionApp - 12:00 UTC
Description: Risk Management support for Azure FunctionApp CVEs and Secrets information generated by AWP.
Case ID: CNAPP-1336
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS
Deployment January 31, 2024
IMPROVEMENT Compliance Rulesets Update - 10:30 UTC
Description: New AZURE and AWS rules. A complete list can be found here.
Case ID: CNAPP-6880, DFT-3234
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FEATURE Azure VMware Solution - 10:00 UTC
Description: Added support for the Azure VMware Solution entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5626
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE AWS Internet Gateway - 10:00 UTC
Description: Added support for AWS Internet Gateway in compliance engine and protected assets.
Case ID: IN-8428
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment January 30, 2024
FIX Azure fetching for China - 14:30 UTC
Description: Fix support for Azure China in Azure entities - Front Door (fixed), Policy Set Definition (fixed) & Postgre SQL Flexible Server (not supported).
Case ID: CNAPP-5775
Known limitations: N/A
Affected Components: FETCHERS
FEATURE 2.27.0: Runtime Protection: K8s events on terminating container
Description: Runtime Protection daemon 1.14.0
Added creating Kubernetes events when a container is terminated by CloudGuard Runtime Protection
Changed ClusterRole permissions to enable Kubernetes events publishing
Case ID: CON-8315
Known limitations: N/A
Affected Components: CONTAINERS
Deployment January 29, 2024
FIXED AWS Application Load Balancer - UTC 11:30
Description: Fixed “listeners.certificates” property, to work in AWS China accounts as well, for AWS Application Load Balancer in Compliance Engine and Protected Assets.
Case ID: DFT-3249
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS
FIXED Azure Storage Account - UTC 08:40
Description: Fixed data mismatch issue for “publicNetworkAccessAsDisplayedInPortal” property in Azure Storage Account.
Case ID: DFT-3340, DFT-3308
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS
Deployment January 28, 2024
FEATURE Azure Private Link Service - UTC 13:00
Description: Added support for the Azure Private Link Service entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5635
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment January 25, 2024
IMPROVEMENT Changes in the Risk Management Dashboard.
Description: Updated the look and feel of the “Riskiest entities” section with new widgets and changed the pie chart widgets to a list.
Case ID: CNAPP-6681
Known limitations: N/A
Affected Components: UIERM
IMPROVEMENT Data Classification in protected assets.
Description: Added the ability to see the data classification of protected assets that have been scanned for data sensitivity.
Case ID: CNAPP-5370
Known limitations: N/A
Affected Components: UIERM
IMPROVEMENT Monitored environments widget
Description: Added a capability to filter the monitored environments widget by OU's
Case ID: DFR-2938
Known limitations: N/A
Affected Components: UI
FIXED Important: Update Kubernetes Agents to Resolve Image Assurance Failures - 9:00 UTC
Description: Due to recent changes introduced in containerd runtime and its adoption in EKS, AKS, and GKE, Image Assurance agents may fail to scan images (with 'Image export failure' errors).
Please upgrade your Kubernetes agents to a recent Helm chart version (2.26.0 or above).
Case ID:
Known limitations: N/A
Affected Components: CONTAINERS
Deployment January 24, 2024
IMPROVEMENT AWS Workspace - 13:00 UTC
Description: Exposed the “ipAddress” property for the AWS Workspace entity in the Protected Assets report, under the “Public IPs” field.
Case ID: DFT-3254
Known limitations: N/A
Affected Components: PROTECTED ASSETS FETCHERS
FEATURE AWS Bedrock - UTC 11:30
Description: Added support for the AWS Bedrock entities: AWS Bedrock Custom Model and AWS Bedrock Custom Model Job in Compliance Engine and Protected Assets.
Case ID: DFR-2948, CNAPP-5237
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Compliance Rulesets Update - 11:30 UTC
Description: New Ruleset NIST SP 800-171 rev2 for AWS; New Ruleset RMiT for AWS, Azure, and GCP; New Ruleset New Zealand ISM v3.6 for AWS; New Ruleset Workload Vulnerability Default 2.0 for K8s; New AZURE and GCP rules. A complete list can be found here.
Case ID: CNAPP-6718, DFR-2646, DFT-3244
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FEATURE Azure Confidential Ledger - UTC 09:00
Description: Added support for the Azure Confidential Ledger entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5637
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment January 21, 2024
IMPROVEMENT Strengthened outbound rules for AWP scanner - UTC 08:20
Description:
AWS: Allowing outbound rules for AWP S3 buckets only, using associated S3 endpoint.
Azure: Allowing outbound rules for associated Azure services only, using Azure service tags.Including Storage account service for AWP results and relevant services that required for Function app scanning.
Case ID: AL-1664, AL-1260
Known limitations:
Affected Components: AWP
FEATURE Azure onboarding - UTC 08:20
Description: Support custom names on Azure onboarding
Case ID: AL-2026
Known limitations:
Affected Components: AWP
FEATURE Azure Centralized account - UTC 08:20
Description: Allowing also centralized account to be associated to management group level and not only for all Azure tenant
Case ID: AL-2049
Known limitations:
Affected Components: AWP
FEATURE AWP rescan - UTC 08:20
Description: On Demand Rescan
Case ID: AL-12
Known limitations:
Affected Components: AWP
Deployment January 21, 2024
FEATURE Azure WAN - UTC 08:20
Description: Added support for the Azure WAN entities: VirtualWANVPNServer and VirtualWANP2sVPNGateway in Compliance Engine and Protected Assets.
Case ID: CNAPP-5636
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure DevTests Labs - UTC 08:20
Description: Added support for the Azure DevTestLab entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5631
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FIXED CloudGuard Deny policy breaks Intelligence from unified-onboarding Release 5.07 - 10:00 UTC
Description: Fixed Intelligence unified-onboarding
Case ID: DFT-3317
Known limitations: N/A
Affected Components: ONBOARD
Deployment January 19, 2024
FIXED Azure Storage Account - 07:00 UTC
Description: Fixed compliance for Azure Storage Account to get publicNetworkAccessAsDisplayedInPortal property with default (“Enabled to all networks”) value when publicNetworkAccess is null.
Case ID: DFT-3308
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Deployment January 18, 2024
IMPROVEMENT Risk Management - Security Issues List - 14:00 UTC
Description: A new page that shows the Security Issues list was added to the Risk Management section. You can drill down into a particular issue by selecting it in the table.
Case ID: CNAPP-6597
Known limitations:
Affected Components: UI ERM
IMPROVEMENT Risk Management Dashboard as default - 14:00 UTC
Description: The Risk Management Dashboard will be the default dashboard if no other default is selected.
Case ID: CNAPP-1234
Known limitations:
Affected Components: UI ERM
FIXED UI | Protected assets - Asset page - Findings getting disappear - 09:00 UTC
Description: fixed the issue of disappearing findings
Case ID: DFT-3272
Known limitations: N/A
Affected Components: PROTECTED ASSETS UI
Deployment January 17, 2024
IMPROVEMENT AWS Network Interface - 11:50 UTC
Description: Exposed the “InterfaceType” property for AWS’ NetworkInterface entity in Protected Assets API, under “additionalFields”.
Case ID: DFR-1560
Known limitations:
Affected Components: PROTECTED ASSETS
IMPROVEMENT GCP Image & Machine Image - 11:50 UTC
Description: Exposed the “creationTimestamp” property for GCP’s Image & MachineImage entities in Protected Assets API, under “additionalFields”.
Case ID: DFR-2900
Known limitations:
Affected Components: PROTECTED ASSETS
IMPROVEMENT Compliance Rulesets Update - 10:00 UTC
Description: New Ruleset CIS v2.0 for OCI; New AZURE rules. A complete list can be found here.
Case ID: CNAPP-6587, DFT-3275
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FEATURE Azure Video Indexer - 09:30 UTC
Description: Added support for Azure Video Indexer entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-4906
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure DDoS Protection Plan - 09:30 UTC
Description: Added support for Azure DDoS Protection Plan entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5632
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment January 16, 2024
FEATURE Risk Management - Network Exposure - 11:00 UTC
Description: When calculating network exposure for Azure WebApp and FunctionApp, checking the existence of private endpoints to determine the Public Network Access status.
Case ID: CNAPP-5872
Known limitations: N/A
Affected Components: RISK MANAGEMENT COMPLIANCE ENGINE PROTECTED ASSETS
Deployment January 15, 2024
FEATURE Workload Protection - UI changes - 13:40 UTC
Description: Menu changes, GSL builder and notifications. A complete list can be found here.
Case ID: CON-7141
Known limitations:
Affected Components: CONTAINERS UI
Deployment January 14, 2024
FEATURE Azure Virtual Desktop - 13:40 UTC
Description: Added support for Azure Virtual Desktop Application Group entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5592
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Email Communication - 13:40 UTC
Description: Added support for Azure Email Communication entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5627
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Managed Instance for Apache Cassandra - 12:00 UTC
Description: Added support for Azure Cassandra Cluster (Managed instance for Apache Cassandra) entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5630
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment January 12, 2024
IMPROVEMENT Exclusions Bulk Delete - 17:50 UTC
Description: Update API Documentation.
Case ID: CNAPP-3905
Known limitations:
Affected Components: UI
IMPROVEMENT AWS WAFRegionalV2 - 7:00 UTC
Description: Added support for ‘cognitoUserPools’, ‘appRunnerServices’, ‘appSyncs’ and ‘verifiedAccessInstances’ properties of AWS WAFRegionalV2 entity in compliance engine and protected assets.
Case ID: DFR-2869
Known limitations:
Affected Components: PROTECTED ASSETS COMPLIANCE ENGINE
Deployment January 10, 2024
FEATURE New Region Support in AWS - Tel Aviv (il-central-1) - 11:00 UTC
Description: Added support for new region in AWS - Tel Aviv (il-central-1) in compliance engine and protected assets
Case ID: DFT-3158, CNAPP-4908, CNAPP-5525
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure VM Image Template - 09:30 UTC
Description: Added support for Azure VM Image Template entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5625
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure DNS Zone- 09:30 UTC
Description: Added support for Azure DNSZone entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5633
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Compliance Rulesets Update - 09:30 UTC
Description: New Ruleset SOC2 for GCP; New Ruleset SOC2 for Azure; New Ruleset ENS 2022 for GCP; New AZURE rules. A complete list can be found here.
Case ID: CNAPP-6338, DFT-3218, DFT-3207
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Deployment January 09, 2024
FIXED AWS Onboarding | Unified onboarding broke for customer because files were removed from CFT - 09:00 UTC
Description: Added link to CFT
Case ID: DFT-3282
Known limitations: N/A
Affected Components: ONBOARDING
Deployment January 07, 2024
IMPROVEMENT AWS Auto Scaling Group - 3:30 UTC
Description: Added the AWS Auto scaling group entity to the protected assets table.
Case ID: DFR-3362
Known limitations:
Affected Components: PROTECTED ASSETS
FIXED UI | Wrong policy named and linked in under "Update Permissions" - 12:00 UTC
Description: Fix policy name that was presented after unified onboarding
Case ID: DFT-3027
Known limitations: N/A
Affected Components: UI ONBOARDING
FIXED UI | Assets and Environment recently opened are shown cross-tenant - 12:00 UTC
Description: Fix handling of cache in order to show correct information
Case ID: DFT-3199
Known limitations: N/A
Affected Components: UI
FIXED AWS onboarding issue with AWS China accounts - 15:00 UTC
Description: Fix update of already onboarded account with user credentials in AWS China region
Case ID: DFT-3221
Known limitations: N/A
Affected Components: ONBOARDING
FIXED Online documentation description of Organizational Units includes important but factually incorrect statement, needs to be fixed (or OUs need to be fixed) - 11:00 UTC
Description: Documentation was updated
Case ID: DFT-2797
Known limitations: N/A
Affected Components: UI
Deployment January 03, 2024
FIXED Invalid permissions removal - AWS onboarding - 08:00 UTC
Description: Some invalid permissions that was included in the AWS Onboarding CFT was removed.
Case ID: DFT-3209
Known limitations: N/A
Affected Components: ONBOARDING
IMPROVEMENT Compliance Rulesets Update - 10:00 UTC
Description: Rulesets enrichments; New AZURE rules. A complete list can be found here.
Case ID: CNAPP-6214, DFT-3235, DFT-3249, DFT-3259
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FEATURE Azure Storage Mover - 09:00 UTC
Description: Added support for Azure StorageMover entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-4904
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure HPC Cache - 09:00 UTC
Description: Added support for Azure HPCCache entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-4235
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Elastic SAN - 09:00 UTC
Description: Added support for Azure ElasticSAN entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-4234
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Elastic Monitor - 09:00 UTC
Description: Added support for Azure ElasticMonitor entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5628
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment January 01, 2024
FEATURE Exclusion Bulk Delete - 00:30 UTC
Description: Add support for bulk delete of multiple exclusions by exclusion ids. POST : v2/compliance/Exclusion/BulkDelete.
Case ID: DFR-3095, CNAPP-3905
Known limitations: N/A
Affected Components: EXCLUSION COMPLIANCE ENGINE
Deployment December 28, 2023
FEATURE DSPM Data Classifications - 11:00 UTC
Description:
Added support for Data Classifications in the Compliance Engine for entities: S3Bucket, StorageAccount, CosmosDbAccount, PostgreSQL and MySQLDBSingleServer.
The possible values are: PII, PCI, PHI, Credentials, Other.
Values are set according to the findings and classifications generated by AWS Macie and Azure Purview services.
Case ID: CNAPP-5975
Known limitations: N/A
Affected Components: DSPM COMPLIANCE ENGINE
Deployment December 27, 2023
IMPROVEMENT AWS CloudFront - 16:05 UTC
Description: Added new property to the AWS CloudFront entity: ‘WAFGlobalV2 ’.
Case ID: DFR-3079
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE AWS WAF Global V2 - 16:05 UTC
Description: Added support for “AWS WAF Global V2” entity in compliance engine and protected assets.
Case ID: DFR-3079
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE AWS Verified Access Instance - 16:05 UTC
Description: Added support for “AWS Verified Access Instance” entity in compliance engine and protected assets.
Case ID: CNAPP-5858
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Hide unsupported Azure services in China - 14:30 UTC
Description: Remove from the UI all the Azure services which are not support in China.
Case ID: CNAPP-5258
Known limitations: N/A
Affected Components: UI
IMPROVEMENT Compliance Rulesets Update - 12:00 UTC
Description: New Rulesets Australia Essential 8 for AWS and Azure; New Rulesets CMMC 2.0 for AWS and Azure; New Rulesets CRI Profile for AWS and Azure; New Rulesets NY DFS 23 CRR 500 for AWS and Azure; New AWS and AZURE rules. A complete list can be found here.
Case ID: CNAPP-5921, DFT-3042
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FEATURE GCP Entities labels are now available in the finding Search API - 09:30 UTC
Description: added GCP entities lables to the finding search API
Case ID: CNAPP-3787, DFR-2052
Known limitations: N/A
Affected Components: API
FEATURE Posture Finding - Added Support for Exclusion By Region - 09:30 UTC
Description: We have added an option to exclude by region, in posture finding exclusion.
Case ID: CNAPP-3487, DFR-3152
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
FEATURE Risk Management - Network Exposure - 09:30 UTC
Description: Azure FunctionApp support for Network Exposure in Protected Assets and Compliance Engine.
Case ID: CNAPP-4803
Known limitations: N/A
Affected Components: RISK MANAGEMENT COMPLIANCE ENGINE PROTECTED ASSETS
FEATURE Azure Machine Image Details - 8:05 UTC
Description: Added machine image details to the Azure Virtual Machine protected assets API, under “Additional Fields”.
Added a new property to the “VirtualMachine“ entity: 'machineImage.id'
Added a new property to the “VMSSInstance“ entity: ‘machineImage.id’.
Case ID: CNAPP-3135
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Cognitive Search - 8:05 UTC
Description: Added support for Azure Cognitive Search Service in Compliance Engine and Protected Assets.
Case ID: CNAPP-4903
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Virtual Machine Image - 8:05 UTC
Description: Added support for Azure VirtualMachineImage entity in Compliance Engine and Protected Assets
Case ID: CNAPP-4905
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment December 26, 2023
FIXED Invalid permissions removal - AWS onboarding - 08:00 UTC
Description: Some invalid permissions that was included in the AWS Onboarding CFT was removed.
Case ID: DFT-3209
Known limitations: N/A
Affected Components: ONBOARDING
Deployment December 25, 2023
FEATURE Fix IamRole Entity Type in Findings - 21:30 UTC
Description: Fix an issue with assigning IamRole entity type in findings as Default.
Case ID: DFT-3009, CNAPP-4270
Known limitations:
Affected Components: COMPLIANCE ENGINE
Deployment December 24, 2023
FEATURE Azure Virtual WAN - 8:40 UTC
Description: Added support for Azure Virtual WAN entity in Compliance Engine and Protected Assets, as a new entity: VirtualWAN.
Case ID: CNAPP-4233
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Static Web App site - 8:40 UTC
Description: Added support for Azure Static Web App site entity in Compliance Engine and Protected Assets, as a new entity: StaticWebAppSite.
Case ID: CNAPP-5629
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Load Testing - 8:40 UTC
Description: Added support for Azure Load Testing in Compliance Engine and Protected Assets, as a new entity: LoadTest.
Case ID: CNAPP-4230
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment December 21, 2023
FEATURE 2.26.0: RP file reputation, Fedora Core OS - 09:30 UTC
Description: Runtime Protection: daemon 1.11.5, probe 0.30.2-cp-6.
Improved File Reputation Blade for Reduced False Positives
Support Fedora Core OS.
Affected Components: CloudGuard Workload Protection agents.
Case ID: CON-7773
Known limitations: N/A
Affected Components: CONTAINERS
Deployment December 21, 2023
FIXED Risk Management - Risk Levels - 09:30 UTC
Description: Adjusted risk levels and colors for environments and assets risk score.
Case ID: CNAPP-5514, CNAPP-5502
Known limitations: N/A
Affected Components: API UI RISK MANAGEMENT
FIXED Protected Assets API - 08:10 UTC
Description: Fixed a filtering issue when combining ‘Organizational Units’ and ‘CVEs’ filters.
Case ID: CNAPP-5846
Known limitations: N/A
Affected Components: API
Deployment December 20, 2023
IMPROVEMENT Intelligence findings notification output fields - 14:40 UTC
Description: Extend Intelligence findings notification output with additional fields from Intelligence logs.
Case ID: DFR-2363 , CNAPP-299
Known limitations: N/A
Affected Components: INTELLIGENCE NOTIFICATION
FIXED OCI Compute Instance - 14:40 UTC
Description: Fixed a bug in OCI Compute Instance entity where “timeCreated” property was in a wrong format, this issue was fixed and now this field is treated as date.
Case ID: DFT-3203
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
FEATURE OCI MySql Service - 14:00 UTC
Description: Added support for Oracle cloud MySql service in Compliance Engine and Protected Assets. The following entities were added:
MySqlBackup
MySqlDbSystem
MySqlConfiguration
MySqlChannel.
Case ID: DFR-2915
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FIXED UI | Dashboard | Cannot export to PDF - 14:40 UTC
Description: Fix the issue that export to PDF got stuck if section was empty
Case ID: DFT-3196
Known limitations: N/A
Affected Components: UI
FIXED UI | Findings | CIEM Findings - cannot 'close' CIEM source findings - button should be grayed out - 14:40 UTC
Description: ‘close’ button is grayed out for CIEM findings
Case ID: DFT-2657
Known limitations: N/A
Affected Components: UI
FIXED Fix Azure onboarding wizard description - 14:40 UTC
Description: update wizard description to match Azure UI
Case ID: DFT-2825
Known limitations: N/A
Affected Components: UI
FIXED GCP IAM Group - 12:00 UTC
Description: Fixed a bug where clicking on a GCP IAM group under protected assets page led to an error and redirection to the index page, now clicking the protected assets link open the GCP IAM Group entity page as expected.
Case ID: DFT-3109
Known limitations: N/A
Affected Components: PROTECTED ASSETS
FIXED AWS DMS Endpoints reduced API calls - 12:00 UTC
Description: Reduced the amount of API calls performed to get data.
Case ID: DFT-3215
Known limitations: N/A
Affected Components: PROTECTED ASSETS
FEATURE Azure Dedicated Host Group - 9:20 UTC
Description: Added support for Azure Dedicated Host Group entity in Compliance Engine and Protected Assets
Case ID: CNAPP-5533
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure NetApp Files - 9:20 UTC
Description: Added support for Azure NetAppAccount entity in Compliance Engine and Protected Assets
Case ID: CNAPP-4236
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Compliance Rulesets Update - 9:00 UTC
Description: New AWS and AZURE rules. A complete list can be found here.
Case ID: CNAPP-5784, DFT-3090, DFT-3143
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Deployment December 17, 2023
FIXED Compliance Trend Change History widget – display in 1x1 widget tile size is not well presented with trend stats not cleanly displayed - 13:40 UTC
Description: Present Compliance Trend Change History widget in the dashboard in a better way
Case ID: DFT-2998
Known limitations: N/A
Affected Components: UI
FIXED New dashboards - Filter panel - missing filters - 13:40 UTC
Description: Add additionalFields and Is Public filters to protected assets widget
Case ID: CNAPP-5310
Known limitations: N/A
Affected Components: UI
FEATURE Azure Orbital Spacecraft - 9:40 UTC
Description: Added support for Azure Orbital Spacecraft in Compliance Engine and Protected Assets.
Case ID: CNAPP-4232
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FIXED Azure BatchAccount - 09:40 UTC
Description: Fixed the “BatchAccount” entity’s schema for GSL Builder and Compliance Engine.
Case ID: IN-8470
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
FEATURE Azure Data Migration Service - 9:40 UTC
Description: Added support for 2 Azure Data Migration Service entities in Compliance Engine and Protected Assets:
Data Migration.
Data Migration Classic.
Case ID: CNAPP-4229
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Log Analytics - 9:40 UTC
Description: Added support for Azure Log Analytics as a new entity: LogAnalyticsCluster.
Case ID: CNAPP-5524
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE GCP Organization Policy - 9:40 UTC
Description: Added support for the GCP Organization Policy service.
A new entity: AvailableOrgPolicyConstraint
A new property to the “Project” entity: orgPolicies[].
A new property to the “Folder” entity: orgPolicies[].
A new property to the “GcpOrganization” entity: orgPolicies[].
Case ID: DFR-2863
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment December 13, 2023
IMPROVEMENT AWS ECS Task - 14:30 UTC
Description: Added new property to the AWS ECS Task entity: ‘SecurityGroups’ - an array of the security groups that are attached to the ENI of the current Task.
Case ID: DFT-3028, IN-8494
Known limitations:
Affected Components: COMPLIANCE ENGINE
IMPROVEMENT AWS Security Group - 14:30 UTC
Description: Aws Security Group now includes network assets statistics on ECS Task. Can be found under ‘networkAssetsStats' where type = “EcsTask”.
Case ID: DFT-3028
Known limitations:
Affected Components: COMPLIANCE ENGINE
FEATURE Azure Policy Set Definition - 12:40 UTC
Description: Added support for Azure Policy Set Definition (initiatives definition).
Case ID: DFR-2913
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT AWS Config Rule - 12:40 UTC
Description: Added a new property ‘compliance’ to AWS “ConfigRule“ entity.
Case ID: DFR-2895
Known limitations:
Affected Components: COMPLIANCE ENGINE
IMPROVEMENT Compliance Rulesets Update - 11:00 UTC
Description: New Ruleset CSA CCM v4.0 for GCP; New Ruleset MLPS 2.0 for AWS; New AWS and AZURE rules. A complete list can be found here.
Case ID: CNAPP-5586, DFT-3097, DFT-3118
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
FEATURE Azure Data Share - 8:40 UTC
Description: Added support for Azure Data Share as a new entity: DataShareAccount.
Case ID: CNAPP-5458, DFR-2978
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT GCP KMS - 8:40 UTC
Description: Added property to the GCP KmsKeyRing entity: ‘cryptoKeys[].protectionLevel’.
Case ID: DFR-2521
Known limitations:
Affected Components: COMPLIANCE ENGINE API
FEATURE GCP Organization - 8:40 UTC
Description: Added support for GCP Organization as a new entity: GcpOrganization.
Case ID: DFR-2964
Known limitations: Only organizations that are visible to the service account will appear. Requires to set a policy binding on the organizational level with a view permission for the service account.
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment December 12, 2023
FIX Azure fetching for China - 15:00 UTC
Description: Fix support for Azure China in all Azure entities.
Case ID: CNAPP-5254
Known limitations: Phase 1 of the fix, not all of the entities supported for China yet.
Affected Components: FETCHERS
Deployment December 11, 2023
IMPROVEMENT Aws DaxCluster - 15:30 UTC
Description: Added support for SecurityGroup property in AWS Dax Cluster in Compliance Engine.
Case ID: DFR-2722
Known limitations: This property can be used to query the securityGroup property and to pass/fail the rule according to it, but currently not visible in the Entity Viewer in the UI.
Affected Components: COMPLIANCE ENGINE
IMPROVEMENT Azure VirtualMachine - 06:00 UTC
Description: Added support for the following NIC properties: ‘dnsSettings’, ‘nicType’, ‘workloadType’, and ‘privateLinkService’ in Azure VirtualMachine entity.
Case ID: DFR-2840
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS
Deployment December 7, 2023
FEATURE Risk Management - Data Sensitivity - 11:00 UTC
Description: Risk Management supports Data Sensitivity indication for Azure PostgreSQL and MySQLDBSingleServer using Azure Purview data.
Case ID: CNAPP-4977
Known limitations: N/A
Affected Components: DSPM RISK MANAGEMENT PROTECTED ASSETS COMPLIANCE ENGINE
FEATURE Risk Management - Network Exposure - 09:00 UTC
Description: Azure FunctionApp Support for Network Exposure in Protected Assets and Compliance Engine.
Case ID: CNAPP-4804
Known limitations: N/A
Affected Components: RISK MANAGEMENT COMPLIANCE ENGINE PROTECTED ASSETS
FIXED Permissions for AWS onboarding page - 07:30 UTC
Description: Fixed missing permissions from AWS Organization onboarding, added missing permissions to regular onboarding instructions and fixed needed permissions for Sage Maker Notebook.
Case ID: CNAPP-4277
Known limitations: N/A
Affected Components: ONBOARDING
Deployment December 6, 2023
FEATURE AWS Timestream Query - 10:45 UTC
Description: Added support for AWS Timestream Query entity in Compliance Engine and Protected Assets.
Case ID: DFR-2414
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Batch - 10:45 UTC
Description: Added support for Azure BatchAccount entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-4227
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Event Grid - 10:45 UTC
Description: Added support for Azure EventGridNamespace entity in Compliance Engine and Protected Assets.
Case ID: DFR-2837
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE Azure Compute Gallery - 10:45 UTC
Description: Added support for Azure Compute Gallery in Compliance Engine and Protected Assets.
Case ID: CNAPP-4228
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FEATURE GCP Folder - 10:45 UTC
Description: Added support for GCP Folder in Compliance Engine and Protected Assets.
Case ID: DFR-2963
Known limitations: Only folders that are visible to the service account will appear. Requires to set a policy binding on the folder's level with a view permission for the service account.
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT GCP AppEngine - 10:45 UTC
Description: Added support for GCP Identity-Aware Proxy as new properties in AppEngine: “iapSettings”.
Case ID: DFR-2971
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT GCP BackendService - 10:45 UTC
Description: Added support for GCP Identity-Aware Proxy as new properties in BackendService: “iapAccessSettings” and “iapApplicationSettings“.
Case ID: DFR-2971
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Compliance Rulesets Update - 11:00 UTC
Description: CSA CCM v4.0 for Azure enrichment; New AWS and AZURE rules. A complete list can be found here.
Case ID: CNAPP-5348, DFT-2970, DFT-2993, DFT-3045, DFT-3075, DFT-3100
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Deployment December 3, 2023
FEATURE Workload Protection for Kubernetes: helm 2.25.0 - 11:00 UTC
Description: Image Assurance 2.27.0:
Fix “Internal error” image scan errors: on nodes with containerd Container runtime configured to discard compressed image layers once they were unpacked. Affects GKE 1.27+ and all EKS with AMIs released after July 28 2023
Admission Control Enforcer 2.10.0
Fix escaping in GSL if regular expression defined.
Case ID: CON-7715
Known limitations: N/A
Affected Components: CONTAINERS
FEATURE AWS Firewall Manager - 11:00 UTC
Description: Added support for AWS FirewallManagerAdminAccount and FirewallManagerPolicy entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-3511
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS