Release Notes

FIXED Risk Management - Azure SQL Server Network Exposure - 11:30 UTC

Description: Treating the build it firewall rule that allows traffic from Azure services as partially public.
Case ID: CNAPP-7702
Known limitations: N/A 
Affected Components: RISK MANAGEMENT PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: General maintenance and content updates. A complete list can be found here.

Case ID: CNAPP-7825, DFT-3536
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE CIEM label can be added to CSPM rules - 11:00 UTC
Description: Adding support for adding CIEM label to custom CPSM rule, findings with that label will show up under CIEM\Findings.
Case ID: DFR-3257
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE CIEM

FEATURE Multi entities selection on CSPM exclusions - 10:00 UTC
Description: Added support for multi entities selection on CSPM exclusion, entities can be selected from a list or by using a wildcard
Case ID: DFR-3422, DFR-2327
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS Region - 11:00 UTC
Description: Added support for Organization Access Analyzers Type under the “accessAnalyzers” field.
Case ID: DFR-3185
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

FEATURE AWS Organization Unit - 10:00 UTC
Description: Added support for AWS Organization Unit in compliance engine and protected assets.
Case ID: DFR-2914
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED Risk Management - Azure SQL Server Network Exposure - 13:25 UTC

Description: Ignoring firewall rule that allows traffic from Azure services when calculating external public exposure.
Case ID: CNAPP-7702
Known limitations: N/A 
Affected Components: RISK MANAGEMENT PROTECTED ASSETS

IMPROVEMENT Azure Load Balancer 11:00
Description: Added outbound rules support for the ‘LoadBalancer’ entity as a new property: ‘outboundRules’.
Case ID: DFR-2352
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

IMPROVEMENT AWS CloudWatch Events - 11:10 UTC
Description: Added support for ECS parameters as new property 'targets[].ecsParameters' for the ‘CloudWatchEventsRule’ entity.
Case ID: DFR-3372
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

IMPROVEMENT AWS Security Group - 11:10 UTC
Description: Added support in the ‘SecurityGroup’ entity for ‘EcsSchduledTask’ under the ‘networkAssetsStats’ property.
Case ID: DFR-3372
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New Ruleset CIS Amazon EKS Benchmark v1.4.0, New Ruleset CIS GKE Benchmark v1.5.0, New Ruleset CIS Microsoft Kubernetes Engine (AKS) Benchmark v1.4.0; New AWS,OCI, Alibaba ,GCP and Kubernetes rules. A complete list can be found here.

Case ID: CNAPP-7660, DFT-3455
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS S3 Bucket - 12:00 UTC
Description: Avoid deleting previous data of AWS S3 Bucket when not receiving new data (due to missing permissions or other reasons).
Case ID: DFR-2952
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT AWS Account - 10:30 UTC
Description: Added support for ‘Contact Information’ property in AWS Account in Compliance engine & Protected Assets.
Case ID: DFR-2383
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT OCI VNIC - 9:30 UTC
Description: Expose public & private IP in OCI VNIC in Protected Assets page
Case ID: DFT-3217
Known limitations: N/A
Affected Components: FETCHERS PROTECTED ASSETS

IMPROVEMENT Sydney - GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now containing more fields (fields that are not configured will contain null). Relevant to Sydney DC only.
Case ID: CNAPP-7553
Known limitations: N/A
Affected Components: FETCHERS

FIXED AWS Credential Report API - 9:00 UTC

Description: Fixed an issue that caused the presentation of old data in the 'CloudIamCredentialReport' API.

Case ID: DFT-3454
Known limitations: N/A 
Affected Components: FETCHERS

FIXED GSL Builder Export | OU Path set to N/A while running a GSL rule - 15:00 UTC

Description: Fixed missing OU path when exporting from GSL builder

Case ID: DFT-3339
Known limitations: N/A 
Affected Components: UI

FIXED UI | Unable to associate Ali baba cloud to another OU - 11:00 UTC

Description: Fixed failure to associate Ali baba cloud to OU

Case ID: DFT-3496
Known limitations: N/A 
Affected Components: UI

FIXED Azure PostgreSQL - 10:50 UTC

Description: Fixed an issue that caused partial fetching for ‘PostgreSQL’ entities.

Case ID: DFT-3466
Known limitations: N/A 
Affected Components: FETCHERS

FEATURE GCP Identity Platform - 13:00 UTC
Description: Added support for GCP Identity Platform Entities: IdentityPlatformTenant and IdentityPlatformUser.
Case ID: CNAPP-1463
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Network Security Groups Management - 11:30 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7585
Known limitations: N/A
Affected Components: FETCHERS API

FEATURE Risk Management - Network Exposure - 11:30 UTC

Description: Network Exposure support for Azure SQL Server. Available in Protected Assets and as part of the risk score calculation.
Case ID: CNAPP-7064
Known limitations: N/A 
Affected Components: RISK MANAGEMENT PROTECTED ASSETS

FIXED AWS VPC\KMS\Route table shown incorrectly in Protected Assets - 10:00 UTC

Description: Fixed a bug where AWS VPC\KMS was shown as Alibaba VPC\KMS in the protected assets table, and AWS route table was shown as Azure route table in the protected assets table.

Case ID: DFT-3458, DFT-3510, DFT-3452, DFT-3508
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New AWS, OCI, Alibaba, and GCP rules; DFTs fixes. A complete list can be found here.

Case ID: CNAPP-7557, DFT-3484, DFT-3447
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED UI | Missing permissions | Key vault seems to be duplicated on the amount of entities that have an issue- 10:00 UTC

Description: Remove duplication of key vault

Case ID: DFT-3408
Known limitations: N/A 
Affected Components: UI

FIXED UI | Reporting | when we download the report from CIEM somehow don't get the label column on the export file- 14:00 UTC

Description: Lable was added to CIEM findings

Case ID: DFT-2551
Known limitations: N/A 
Affected Components: UI

FEATURE GCP Cloud Source Repository 13:00 UTC
Description: Added support for GCP Cloud Source Repository entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1467
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Network Security Groups Management - 13:25 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7491
Known limitations: N/A
Affected Components: FETCHERS API

IMPROVEMENT Azure User - 12:30 UTC
Description: Added support for ‘assignmentRoles’ property in Azure User in Compliance Engine and Protected Assets.
Case ID: DFT-3348
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Cosmos DB Account - 11:15 UTC
Description: Added support for ‘minimalTlsVersion’ property in Azure Cosmos DB Account in Compliance Engine and Protected Assets.
Case ID: DFR-2932
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED UI | MSP | Cannot switch roles on FireFox - 14:00 UTC

Description: Fixed issue of switching logs in MSP in Firefox

Case ID: DFT-3430
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 11:00 UTC

Description: DFTs fixes. A complete list can be found here.

Case ID: CNAPP-7453, DFT-3455, DFT-3381
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT GCP GKE Cluster - 10:00 UTC
Description: Added support for ‘networkConfig’ property in GCP GkeCluster.
Case ID: DFR-2663
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS

FIXED AWS Kinesis Firehose - 06:00 UTC

Description: Fixed rate limit issue in AWS Kinesis Firehose.

Case ID: DFT-3432
Known limitations: N/A 
Affected Components: FETCHERS

FEATURE GCP Cloud Armor Security Policy entity - 13:00 UTC
Description: Added support for GCP Cloud Armor Security Policy entity in Compliance Engine and Protected Assets.
Case ID: DFR-2968
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED UI | Typo in Role Creation Screen - 18:00 UTC

Description: Fix typo in role creation screen

Case ID: DFT-3483
Known limitations: N/A 
Affected Components: UI

FIXED Slack and Teams Notification - 18:00 UTC

Description: Bug fix in Slack and Teams Notifications.

Case ID: CNAPP-8613
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS S3 Bucket - 17:30 UTC
Description: Added support for ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.isCrossAccountKey’ and ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.kmsKey' properties in AWS S3 Bucket in Compliance engine & Protected Assets.
Case ID: DFR-2482
Known limitations: Keys which are cross account will be seen in the 'kmsKey’ property - only if belongs to a cloud account which was on boarded to the same CloudGuard account as the S3Bucket’s cloud account, and only if the client has approved account data sharing.
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

FIXED Slack and Teams Notification - 23:00 UTC

Description: Bug fix in Slack and Teams Notifications.

Case ID: CNAPP-8613
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE 2.28.0: GitHub Registry, reduce URLs for Image Assurance - 10:00 UTC

Description: Image Assurance 2.29.0:

• Release Github Container Registry Scanning support

• Reduced the number of URLs that need to be accessed by the agents (relevant for Scan Engine Version 2.0.0 only). CloudGuard agents must have connectivity to these region-specific URLs.

Security enhancements - all agents:

• Image Assurance 2.29.0

  • Admission Control: Enforcer 2.11.0 & Policy 1.8.0

  • Inventory 1.14.0

  • Flow-logs 0.14.0

  • Runtime Policy 1.8.0

Case ID: CON-8312
Known limitations: N/A 
Affected Components: CONTAINERS

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New Ruleset SOX for AWS, Azure and GCP; New Ruleset CITSG-33 for GCP; New AWS, Azure, and GCP rules. A complete list can be found here.

Case ID: CNAPP-7373, DFT-3436, DFT-3427
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE GCP Firebase App Distribution Tester - 12:30 UTC
Description: Added support for GCP Firebase App Distribution Tester entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1464
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Service Bus - 07:35 UTC
Description: Added support for ‘MinimumTlsVersion’ property in Azure Service Bus.
Case ID: DFR-2869
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FIXED Exclusion with expired date will not allow to create new one - 14:00 UTC

Description: Bug fix in case a new exclusion is created while the same one exists but it is expired

Case ID: DFT-3047
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINEUI

FIXED UI | duplicate add policy in ruleset - 12:45 UTC
Description: UI duplicate add policy in ruleset, removed the additional option button from the Ruleset Card.
Case ID: DFT-3354
Known limitations: N/A
Affected Components: UI

FEATURE GCP Firestore Dataset - 09:40 UTC
Description: Added support for GCP Firestore Dataset entity in Compliance Engine and Protected Assets.
Case ID: DFR-2967
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED UI | Assessment history page stuck after clicking on rule details - 12:45 UTC
Description: Fix the issue that sub menu in “Posture Management” were stuck after clicking on rule details
Case ID: DFT-3355
Known limitations: N/A
Affected Components: UI

FIXED GCP IAM Group - 12:30 UTC
Description: Fix GCP IAM Group to enable updates in data.
Case ID: IN-8603
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT Compliance Rulesets Update - 9:00 UTC

Description: New Ruleset CIS Foundations Benchmark v2.1 for Azure; New Ruleset CIS Foundations Benchmark v3 for AWS; New Rulesets ACSC (ISM) for AWS, Azure & GCP; New Rulesets FFIEC for AWS, Azure & GCP;New Rulesets ISO27002 for AWS, Azure & GCP; New Rulesets  PIPEDA for AWS, Azure & GCP; New Rulesets  NIST 800-172 for AWS, Azure & GCP; New Rulesets  SCF for AWS, Azure & GCP; New Rulesets  SWIFT for AWS, Azure & GCP; New Rulesets  ISO27017 for AWS, Azure & GCP; New Ruleset  NIST 800-171 for GCP; New Ruleset  HITRUST Latest for GCP; New Rulesets  New Zealand ISMv3.6 for Azure & GCP; New Ruleset  ASD Essential Eight for GCP; New Ruleset  CMMC2.0 for GCP; New Ruleset  CRI Profile for GCP; New Ruleset  NY DFS Part 500 23 CRR for GCP, New AWS rule. A complete list can be found here.

Case ID: CNAPP-7240, DFT-3330, DFT-3398, DFT-3409, DFT-3410, DFT-3349
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED Azure MySQLDBFlexibleServer - 08:10 UTC
Description: Fixed an issue in Azure MySQLDBFlexibleServer fetching mechanism.
Case ID: DFT-3437
Known limitations: N/A
Affected Components: FETCHERS

FEATURE GCP Vertex AI Notebook - 15:30 UTC
Description: Added support in Compliance Engine and Protected Assets for the following entities:

• GcpVertexAINotebookRuntimeEntity

• GcpVertexAINotebookInstanceEntity

• GcpVertexAINotebookEnvironment

Case ID: CNAPP-1462
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED AWS SQS CryptoKey in AWS China region - 15:00 UTC
Description: Fixed a bug in which KMS keys in AWS China region were not shown in the SQS entity in CloudGuard.
Case ID: DFT-3413
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS

FEATURE AWS Shield Subscription - 15:30 UTC
Description: Added support for the AWS MSK Connect Connector entity in Compliance Engine and Protected Assets.
Case ID: DFR-3270
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED AWS IAM User - 13:30 UTC
Description: Fixed an issue where the ‘sslPolicy.minProtocolVersion’ property was not set for Application Gateways that are using predefined policies.
Case ID: DFT-3328
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS

FIXED GCP Disk Region - 12:00 UTC
Description: Fixed a bug in which some regions were specified as global, which affected the dome9 id as well.
The fix included a deletion and recreation for the affected entities.
Case ID: DFT-3243
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS

FIXED Agents | Windows download link is broken - 08:30 UTC
Description: Fixed an issue for downloading windows and linux agents scripts
Case ID: DFT-3327
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Compliance Rulesets Update - 9:00 UTC

Description: New Ruleset CIS Controls v8 for Azure; New Ruleset FedRAMP (moderate) for AWS, Azure, and GCP; New AWS, and Azure. A complete list can be found here.

Case ID: CNAPP-7156, DFT-3165, DFT-3357, DFT-3392
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS API Gateway V2 - 09:00 UTC
Description: Added support for ‘Stages’ property in AWS API Gateway V2 in Compliance engine & Protected Assets.
Case ID: DFR-2678
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT GCP Disk - 07:40 UTC
Description: Added new API for GCP Disk entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components: API

IMPROVEMENT GCP Image - 07:40 UTC
Description: Added new API for GCP Image entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components: API

FEATURE CDR (Intelligence) - Azure Centralized storage onboarding - 9:35 UTC
Description: Azure onboarding enhancements and options for Account Activity and Network Traffic including Azure centralized storage support & auto-onboarding.
Case ID: CNAPP-105, DFR-2562, DFR-2304, DFR-3414
Known limitations: N/A
Affected Components: CDR INTELLIGENCE ONBOARDING

FIXED AWS IAM User - 7:35 UTC
Description: Fixed an issue in the AWS’ ‘IamUser’ entity that caused the ‘secondAccessKey’ property sometimes to appear as the ‘firstAccessKey’ property.
Case ID: DFT-3405
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FIXED UI | Protected assets - Asset page - Findings getting disappear - 7:35 UTC
Description: Fixed an issue in protected assets where findings were disappearing or appearing and then being refreshed with the correct data
Case ID: DFT-3272
Known limitations: N/A
Affected Components: UI

FIX OCI Compliance Engine - 9:45 UTC

Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Compliance Rulesets Update - 15:00 UTC

Description: New Ruleset CIS Foundations Benchmark for AWS v3; New AWS, Azure, GCP, and OCI rules. A complete list can be found here.

Case ID: CNAPP-7018
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIX OCI Compliance Engine - 13:15 UTC

Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT GCP Virtual Machine Instance - 15:00 UTC
Description: The “sourceMachineImage” was exposed in Protected Assets API under “additionalFields” for GCP’s “VMInstance” entity.
Case ID: DFR-3134
Known limitations: N/A
Affected Components: API

IMPROVEMENT Azure Virtual Machine Image - 13:05 UTC
Description: A new API was added for Azure’s “VirtualMachineImage” entity: https://api.dome9.com/v2/AzureVirtualMachineImage.
Case ID: DFR-3156
Known limitations: N/A
Affected Components: API

FIX GCP IAM User - 13:15 UTC

Description: Fix GCP IAM User to enable updates in data.
Case ID: DFT-3290, DFT-3266
Known limitations: N/A
Affected Components: FETCHERS

FIX UI | Dashboard | Cannot filter for security groups, missing entity types - 09:30 UTC

Description: Added support for filterering by AWS SecurityGroups Entity Type
Case ID: DFT-3125
Known limitations: N/A
Affected Components: UI

IMPROVEMENT AWS Workspace - 9:15 UTC
Description: Exposed the “ipAddress” property for the AWS Workspace entity in the Protected Assets report, under the “PrivateIPs” field.
Case ID: DFT-3254
Known limitations: N/A
Affected Components: PROTECTED ASSETS FETCHERS

FIX Terraform provider | Need to add regions support - missing Israel - 09:00 UTC

Description: Added Tel Aviv region to terraform provider
Case ID: DFT-3323
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FEATURE AWS Shield Subscription - 10:40 UTC
Description: Added support for the AWS Shield Subscription in Compliance Engine and Protected Assets.
Case ID: CNAPP-5587
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Send security event notification per occurrence - 11:00 UTC
Description: Added the option to send notification each time occurrence is logged for “Threat & Security events” supported sources.
Case ID: CNAPP-499
Known limitations: N/A
Affected Components: NOTIFICATIONS

IMPROVEMENT Azure Virtual Machine - 7:30 UTC
Description: Added new property for the “VirtualMachine” entity: disks[].sseType. This enrichment reflects disk’s encryption-at-rest type.
Case ID: DFT-3319, DFT-3334, DFT-3330
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

FEATURE Risk Management - AWP integration for Azure FunctionApp - 12:00 UTC

Description: Risk Management support for Azure FunctionApp CVEs and Secrets information generated by AWP.
Case ID: CNAPP-1336
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New AZURE and AWS rules. A complete list can be found here.

Case ID: CNAPP-6880, DFT-3234
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Azure VMware Solution - 10:00 UTC
Description: Added support for the Azure VMware Solution entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5626
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Internet Gateway - 10:00 UTC
Description: Added support for AWS Internet Gateway in compliance engine and protected assets.
Case ID: IN-8428
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIX Azure fetching for China - 14:30 UTC

Description: Fix support for Azure China in Azure entities - Front Door (fixed), Policy Set Definition (fixed) & Postgre SQL Flexible Server (not supported).
Case ID: CNAPP-5775
Known limitations: N/A
Affected Components: FETCHERS

FEATURE 2.27.0: Runtime Protection: K8s events on terminating container
Description: Runtime Protection daemon 1.14.0

• Added creating Kubernetes events when a container is terminated by CloudGuard Runtime Protection

• Changed ClusterRole permissions to enable Kubernetes events publishing
  Case ID: CON-8315
  Known limitations: N/A
  Affected Components: CONTAINERS

FIXED AWS Application Load Balancer - UTC 11:30
Description: Fixed “listeners.certificates” property, to work in AWS China accounts as well, for AWS Application Load Balancer in Compliance Engine and Protected Assets.
Case ID: DFT-3249
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

FIXED Azure Storage Account - UTC 08:40
Description: Fixed data mismatch issue for “publicNetworkAccessAsDisplayedInPortal” property in Azure Storage Account.
Case ID: DFT-3340, DFT-3308
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE Azure Private Link Service - UTC 13:00
Description: Added support for the Azure Private Link Service entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5635
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Changes in the Risk Management Dashboard.
Description: Updated the look and feel of the “Riskiest entities” section with new widgets and changed the pie chart widgets to a list.
Case ID: CNAPP-6681
Known limitations: N/A
Affected Components: UIERM

IMPROVEMENT Data Classification in protected assets.
Description: Added the ability to see the data classification of protected assets that have been scanned for data sensitivity.
Case ID: CNAPP-5370
Known limitations: N/A
Affected Components: UIERM

IMPROVEMENT Monitored environments widget
Description: Added a capability to filter the monitored environments widget by OU's
Case ID: DFR-2938
Known limitations: N/A
Affected Components: UI

FIXED Important: Update Kubernetes Agents to Resolve Image Assurance Failures - 9:00 UTC
Description: Due to recent changes introduced in containerd runtime and its adoption in EKS, AKS, and GKE, Image Assurance agents may fail to scan images (with 'Image export failure' errors).
Please upgrade your Kubernetes agents to a recent Helm chart version (2.26.0 or above).
Case ID:
Known limitations: N/A
Affected Components: CONTAINERS

IMPROVEMENT AWS Workspace - 13:00 UTC
Description: Exposed the “ipAddress” property for the AWS Workspace entity in the Protected Assets report, under the “Public IPs” field.
Case ID: DFT-3254
Known limitations: N/A
Affected Components: PROTECTED ASSETS FETCHERS

FEATURE AWS Bedrock - UTC 11:30

Description: Added support for the AWS Bedrock entities: AWS Bedrock Custom Model and AWS Bedrock Custom Model Job in Compliance Engine and Protected Assets.

Case ID: DFR-2948, CNAPP-5237
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 11:30 UTC

Description: New Ruleset NIST SP 800-171 rev2 for AWS; New Ruleset RMiT for AWS, Azure, and GCP; New Ruleset New Zealand ISM v3.6 for AWS; New Ruleset Workload Vulnerability Default 2.0 for K8s; New AZURE and GCP rules. A complete list can be found here.

Case ID: CNAPP-6718, DFR-2646, DFT-3244
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Azure Confidential Ledger - UTC 09:00
Description: Added support for the Azure Confidential Ledger entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5637
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Strengthened outbound rules for AWP scanner - UTC 08:20

Description:

• AWS: Allowing outbound rules for AWP S3 buckets only, using associated S3 endpoint.

• Azure: Allowing outbound rules for associated Azure services only, using Azure service tags.Including Storage account service for AWP results and relevant services that required for Function app scanning. 

Case ID: AL-1664, AL-1260
Known limitations:
Affected Components: AWP

FEATURE Azure onboarding - UTC 08:20

Description: Support custom names on Azure onboarding

Case ID: AL-2026
Known limitations:
Affected Components: AWP

FEATURE Azure Centralized account - UTC 08:20

Description: Allowing also centralized account to be associated to management group level and not only for all Azure tenant

Case ID: AL-2049
Known limitations:
Affected Components: AWP

FEATURE AWP rescan - UTC 08:20

Description: On Demand Rescan

Case ID: AL-12
Known limitations:
Affected Components: AWP

FEATURE Azure WAN - UTC 08:20

Description: Added support for the Azure WAN entities: VirtualWANVPNServer and VirtualWANP2sVPNGateway in Compliance Engine and Protected Assets.

Case ID: CNAPP-5636
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure DevTests Labs - UTC 08:20

Description: Added support for the Azure DevTestLab entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5631
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED CloudGuard Deny policy breaks Intelligence from unified-onboarding Release 5.07 - 10:00 UTC

Description: Fixed Intelligence unified-onboarding
Case ID: DFT-3317
Known limitations: N/A
Affected Components: ONBOARD

FIXED Azure Storage Account - 07:00 UTC

Description: Fixed compliance for Azure Storage Account to get publicNetworkAccessAsDisplayedInPortal property with default (“Enabled to all networks”) value when publicNetworkAccess is null.
Case ID: DFT-3308
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Risk Management - Security Issues List - 14:00 UTC

Description: A new page that shows the Security Issues list was added to the Risk Management section. You can drill down into a particular issue by selecting it in the table.

Case ID: CNAPP-6597
Known limitations:
Affected Components: UI ERM

IMPROVEMENT Risk Management Dashboard as default - 14:00 UTC

Description: The Risk Management Dashboard will be the default dashboard if no other default is selected.

Case ID: CNAPP-1234
Known limitations:
Affected Components: UI ERM

FIXED UI | Protected assets - Asset page - Findings getting disappear - 09:00 UTC

Description: fixed the issue of disappearing findings
Case ID: DFT-3272
Known limitations: N/A
Affected Components: PROTECTED ASSETS UI

IMPROVEMENT AWS Network Interface - 11:50 UTC

Description: Exposed the “InterfaceType” property for AWS’ NetworkInterface entity in Protected Assets API, under “additionalFields”.

Case ID: DFR-1560
Known limitations:
Affected Components: PROTECTED ASSETS

IMPROVEMENT GCP Image & Machine Image - 11:50 UTC

Description: Exposed the “creationTimestamp” property for GCP’s Image & MachineImage entities in Protected Assets API, under “additionalFields”.

Case ID: DFR-2900
Known limitations:
Affected Components: PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New Ruleset CIS v2.0 for OCI; New AZURE rules. A complete list can be found here.

Case ID: CNAPP-6587, DFT-3275
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Azure Video Indexer - 09:30 UTC

Description: Added support for Azure Video Indexer entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4906
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure DDoS Protection Plan - 09:30 UTC

Description: Added support for Azure DDoS Protection Plan entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5632
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Risk Management - Network Exposure - 11:00 UTC

Description: When calculating network exposure for Azure WebApp and FunctionApp, checking the existence of private endpoints to determine the Public Network Access status.
Case ID: CNAPP-5872
Known limitations: N/A
Affected Components: RISK MANAGEMENT COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE Workload Protection - UI changes - 13:40 UTC

Description: Menu changes, GSL builder and notifications. A complete list can be found here.

Case ID: CON-7141
Known limitations:
Affected Components: CONTAINERS UI

FEATURE Azure Virtual Desktop - 13:40 UTC

Description: Added support for Azure Virtual Desktop Application Group entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5592
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Email Communication - 13:40 UTC

Description: Added support for Azure Email Communication entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5627
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Managed Instance for Apache Cassandra - 12:00 UTC

Description: Added support for Azure Cassandra Cluster (Managed instance for Apache Cassandra) entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5630
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Exclusions Bulk Delete - 17:50 UTC

Description: Update API Documentation.
Case ID: CNAPP-3905
Known limitations:
Affected Components: UI

IMPROVEMENT AWS WAFRegionalV2 - 7:00 UTC

Description: Added support for ‘cognitoUserPools’, ‘appRunnerServices’, ‘appSyncs’ and ‘verifiedAccessInstances’ properties of AWS WAFRegionalV2 entity in compliance engine and protected assets.

Case ID: DFR-2869
Known limitations:
Affected Components: PROTECTED ASSETS COMPLIANCE ENGINE

FEATURE New Region Support in AWS - Tel Aviv (il-central-1) - 11:00 UTC

Description: Added support for new region in AWS - Tel Aviv (il-central-1) in compliance engine and protected assets

Case ID: DFT-3158, CNAPP-4908, CNAPP-5525
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure VM Image Template - 09:30 UTC

Description: Added support for Azure VM Image Template entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5625
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure DNS Zone- 09:30 UTC

Description: Added support for Azure DNSZone entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5633
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: New Ruleset SOC2 for GCP; New Ruleset SOC2 for Azure; New Ruleset ENS 2022 for GCP; New AZURE rules. A complete list can be found here.

Case ID: CNAPP-6338, DFT-3218, DFT-3207
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED AWS Onboarding | Unified onboarding broke for customer because files were removed from CFT - 09:00 UTC

Description: Added link to CFT
Case ID: DFT-3282
Known limitations: N/A
Affected Components: ONBOARDING

IMPROVEMENT AWS Auto Scaling Group - 3:30 UTC

Description: Added the AWS Auto scaling group entity to the protected assets table.

Case ID: DFR-3362
Known limitations:
Affected Components: PROTECTED ASSETS

FIXED UI | Wrong policy named and linked in under "Update Permissions" - 12:00 UTC

Description: Fix policy name that was presented after unified onboarding
Case ID: DFT-3027
Known limitations: N/A
Affected Components: UI ONBOARDING

FIXED UI | Assets and Environment recently opened are shown cross-tenant - 12:00 UTC

Description: Fix handling of cache in order to show correct information
Case ID: DFT-3199
Known limitations: N/A
Affected Components: UI

FIXED AWS onboarding issue with AWS China accounts - 15:00 UTC

Description: Fix update of already onboarded account with user credentials in AWS China region
Case ID: DFT-3221
Known limitations: N/A
Affected Components: ONBOARDING

FIXED Online documentation description of Organizational Units includes important but factually incorrect statement, needs to be fixed (or OUs need to be fixed) - 11:00 UTC

Description: Documentation was updated
Case ID: DFT-2797
Known limitations: N/A
Affected Components: UI

FIXED Invalid permissions removal - AWS onboarding - 08:00 UTC

Description: Some invalid permissions that was included in the AWS Onboarding CFT was removed.
Case ID: DFT-3209
Known limitations: N/A
Affected Components: ONBOARDING

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: Rulesets enrichments; New AZURE rules. A complete list can be found here.

Case ID: CNAPP-6214, DFT-3235, DFT-3249, DFT-3259
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Azure Storage Mover - 09:00 UTC

Description: Added support for Azure StorageMover entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4904
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure HPC Cache - 09:00 UTC

Description: Added support for Azure HPCCache entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4235
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Elastic SAN - 09:00 UTC

Description: Added support for Azure ElasticSAN entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4234
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Elastic Monitor - 09:00 UTC

Description: Added support for Azure ElasticMonitor entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5628
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Exclusion Bulk Delete - 00:30 UTC

Description: Add support for bulk delete of multiple exclusions by exclusion ids. POST : v2/compliance/Exclusion/BulkDelete.
Case ID: DFR-3095, CNAPP-3905
Known limitations: N/A
Affected Components: EXCLUSION COMPLIANCE ENGINE

FEATURE DSPM Data Classifications - 11:00 UTC

Description:

• Added support for Data Classifications in the Compliance Engine for entities: S3Bucket, StorageAccount, CosmosDbAccount, PostgreSQL and MySQLDBSingleServer.

• The possible values are: PII, PCI, PHI, Credentials, Other.

• Values are set according to the findings and classifications generated by AWS Macie and Azure Purview services.

Case ID: CNAPP-5975
Known limitations: N/A
Affected Components: DSPM COMPLIANCE ENGINE

IMPROVEMENT AWS CloudFront - 16:05 UTC

Description: Added new property to the AWS CloudFront entity: ‘WAFGlobalV2 ’.

Case ID: DFR-3079
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS WAF Global V2 - 16:05 UTC

Description: Added support for “AWS WAF Global V2” entity in compliance engine and protected assets.

Case ID: DFR-3079
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Verified Access Instance - 16:05 UTC

Description: Added support for “AWS Verified Access Instance” entity in compliance engine and protected assets.

Case ID: CNAPP-5858
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Hide unsupported Azure services in China - 14:30 UTC

Description: Remove from the UI all the Azure services which are not support in China.
Case ID: CNAPP-5258
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 12:00 UTC

Description: New Rulesets Australia Essential 8 for AWS and Azure; New Rulesets CMMC 2.0 for AWS and Azure; New Rulesets CRI Profile for AWS and Azure; New Rulesets NY DFS 23 CRR 500 for AWS and Azure; New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5921, DFT-3042
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE GCP Entities labels are now available in the finding Search API - 09:30 UTC

Description: added GCP entities lables to the finding search API
Case ID: CNAPP-3787, DFR-2052
Known limitations: N/A 
Affected Components: API

FEATURE Posture Finding - Added Support for Exclusion By Region - 09:30 UTC

Description: We have added an option to exclude by region, in posture finding exclusion.
Case ID: CNAPP-3487, DFR-3152
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

FEATURE Risk Management - Network Exposure - 09:30 UTC

Description: Azure FunctionApp support for Network Exposure in Protected Assets and Compliance Engine.
Case ID: CNAPP-4803
Known limitations: N/A 
Affected Components: RISK MANAGEMENT COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE Azure Machine Image Details - 8:05 UTC

Description: Added machine image details to the Azure Virtual Machine protected assets API, under “Additional Fields”.

Added a new property to the “VirtualMachine“ entity: 'machineImage.id'

Added a new property to the “VMSSInstance“ entity: ‘machineImage.id’.

Case ID: CNAPP-3135
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Cognitive Search - 8:05 UTC

Description: Added support for Azure Cognitive Search Service in Compliance Engine and Protected Assets.

Case ID: CNAPP-4903
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Virtual Machine Image - 8:05 UTC

Description: Added support for Azure VirtualMachineImage entity in Compliance Engine and Protected Assets

Case ID: CNAPP-4905
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED Invalid permissions removal - AWS onboarding - 08:00 UTC

Description: Some invalid permissions that was included in the AWS Onboarding CFT was removed.
Case ID: DFT-3209
Known limitations: N/A
Affected Components: ONBOARDING

FEATURE Fix IamRole Entity Type in Findings - 21:30 UTC

Description: Fix an issue with assigning IamRole entity type in findings as Default.
Case ID: DFT-3009, CNAPP-4270
Known limitations:
Affected Components: COMPLIANCE ENGINE

FEATURE Azure Virtual WAN - 8:40 UTC

Description: Added support for Azure Virtual WAN entity in Compliance Engine and Protected Assets, as a new entity: VirtualWAN.

Case ID: CNAPP-4233
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Static Web App site - 8:40 UTC

Description: Added support for Azure Static Web App site entity in Compliance Engine and Protected Assets, as a new entity: StaticWebAppSite.

Case ID: CNAPP-5629
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Load Testing - 8:40 UTC

Description: Added support for Azure Load Testing in Compliance Engine and Protected Assets, as a new entity: LoadTest.

Case ID: CNAPP-4230
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE 2.26.0: RP file reputation, Fedora Core OS - 09:30 UTC

Description: Runtime Protection: daemon 1.11.5, probe 0.30.2-cp-6.

• Improved File Reputation Blade for Reduced False Positives

• Support Fedora Core OS.

Affected Components: CloudGuard Workload Protection agents.
Case ID: CON-7773
Known limitations: N/A
Affected Components: CONTAINERS

FIXED Risk Management - Risk Levels - 09:30 UTC

Description: Adjusted risk levels and colors for environments and assets risk score.
Case ID: CNAPP-5514, CNAPP-5502
Known limitations: N/A
Affected Components: API UI RISK MANAGEMENT

FIXED Protected Assets API - 08:10 UTC

Description: Fixed a filtering issue when combining ‘Organizational Units’ and ‘CVEs’ filters.
Case ID: CNAPP-5846
Known limitations: N/A
Affected Components: API

IMPROVEMENT Intelligence findings notification output fields - 14:40 UTC

Description: Extend Intelligence findings notification output with additional fields from Intelligence logs.
Case ID: DFR-2363 , CNAPP-299
Known limitations: N/A
Affected Components: INTELLIGENCE NOTIFICATION

FIXED OCI Compute Instance - 14:40 UTC

Description: Fixed a bug in OCI Compute Instance entity where “timeCreated” property was in a wrong format, this issue was fixed and now this field is treated as date.
Case ID: DFT-3203
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FEATURE OCI MySql Service - 14:00 UTC

Description: Added support for Oracle cloud MySql service in Compliance Engine and Protected Assets. The following entities were added:

• MySqlBackup

• MySqlDbSystem

• MySqlConfiguration

• MySqlChannel.

Case ID: DFR-2915
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED UI | Dashboard | Cannot export to PDF - 14:40 UTC

Description: Fix the issue that export to PDF got stuck if section was empty
Case ID: DFT-3196
Known limitations: N/A
Affected Components: UI

FIXED UI | Findings | CIEM Findings - cannot 'close' CIEM source findings - button should be grayed out - 14:40 UTC

Description: ‘close’ button is grayed out for CIEM findings
Case ID: DFT-2657
Known limitations: N/A
Affected Components: UI

FIXED Fix Azure onboarding wizard description - 14:40 UTC

Description: update wizard description to match Azure UI
Case ID: DFT-2825
Known limitations: N/A
Affected Components: UI

FIXED GCP IAM Group - 12:00 UTC

Description: Fixed a bug where clicking on a GCP IAM group under protected assets page led to an error and redirection to the index page, now clicking the protected assets link open the GCP IAM Group entity page as expected.
Case ID: DFT-3109
Known limitations: N/A
Affected Components: PROTECTED ASSETS

FIXED AWS DMS Endpoints reduced API calls - 12:00 UTC

Description: Reduced the amount of API calls performed to get data.
Case ID: DFT-3215
Known limitations: N/A
Affected Components: PROTECTED ASSETS

FEATURE Azure Dedicated Host Group - 9:20 UTC

Description: Added support for Azure Dedicated Host Group entity in Compliance Engine and Protected Assets

Case ID: CNAPP-5533
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure NetApp Files - 9:20 UTC

Description: Added support for Azure NetAppAccount entity in Compliance Engine and Protected Assets

Case ID: CNAPP-4236
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 9:00 UTC

Description: New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5784, DFT-3090, DFT-3143
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED Compliance Trend Change History widget – display in 1x1 widget tile size is not well presented with trend stats not cleanly displayed - 13:40 UTC

Description: Present Compliance Trend Change History widget in the dashboard in a better way
Case ID: DFT-2998
Known limitations: N/A
Affected Components: UI

FIXED New dashboards - Filter panel - missing filters - 13:40 UTC

Description: Add additionalFields and Is Public filters to protected assets widget
Case ID: CNAPP-5310
Known limitations: N/A
Affected Components: UI

FEATURE Azure Orbital Spacecraft - 9:40 UTC

Description: Added support for Azure Orbital Spacecraft in Compliance Engine and Protected Assets.

Case ID: CNAPP-4232
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED Azure BatchAccount - 09:40 UTC

Description: Fixed the “BatchAccount” entity’s schema for GSL Builder and Compliance Engine.
Case ID: IN-8470
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FEATURE Azure Data Migration Service - 9:40 UTC

Description: Added support for 2 Azure Data Migration Service entities in Compliance Engine and Protected Assets:

• Data Migration.

• Data Migration Classic.

Case ID: CNAPP-4229
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Log Analytics - 9:40 UTC

Description: Added support for Azure Log Analytics as a new entity: LogAnalyticsCluster.

Case ID: CNAPP-5524
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE GCP Organization Policy - 9:40 UTC

Description: Added support for the GCP Organization Policy service.

• A new entity: AvailableOrgPolicyConstraint

• A new property to the “Project” entity: orgPolicies[].

• A new property to the “Folder” entity: orgPolicies[].

• A new property to the “GcpOrganization” entity: orgPolicies[].

Case ID: DFR-2863
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS ECS Task - 14:30 UTC

Description: Added new property to the AWS ECS Task entity: ‘SecurityGroups’ - an array of the security groups that are attached to the ENI of the current Task.

Case ID: DFT-3028, IN-8494
Known limitations:
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS Security Group - 14:30 UTC

Description: Aws Security Group now includes network assets statistics on ECS Task. Can be found under ‘networkAssetsStats' where type = “EcsTask”.

Case ID: DFT-3028
Known limitations:
Affected Components: COMPLIANCE ENGINE

FEATURE Azure Policy Set Definition - 12:40 UTC

Description: Added support for Azure Policy Set Definition (initiatives definition).

Case ID: DFR-2913
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS Config Rule - 12:40 UTC

Description: Added a new property ‘compliance’ to AWS “ConfigRule“ entity.

Case ID: DFR-2895
Known limitations:
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Compliance Rulesets Update - 11:00 UTC

Description: New Ruleset CSA CCM v4.0 for GCP; New Ruleset MLPS 2.0 for AWS; New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5586, DFT-3097, DFT-3118
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Azure Data Share - 8:40 UTC

Description: Added support for Azure Data Share as a new entity: DataShareAccount.

Case ID: CNAPP-5458, DFR-2978
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT GCP KMS - 8:40 UTC

Description: Added property to the GCP KmsKeyRing entity: ‘cryptoKeys[].protectionLevel’.

Case ID: DFR-2521
Known limitations:
Affected Components: COMPLIANCE ENGINE API

FEATURE GCP Organization - 8:40 UTC

Description: Added support for GCP Organization as a new entity: GcpOrganization.

Case ID: DFR-2964
Known limitations: Only organizations that are visible to the service account will appear. Requires to set a policy binding on the organizational level with a view permission for the service account.
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIX Azure fetching for China - 15:00 UTC

Description: Fix support for Azure China in all Azure entities.
Case ID: CNAPP-5254
Known limitations: Phase 1 of the fix, not all of the entities supported for China yet.
Affected Components: FETCHERS

IMPROVEMENT Aws DaxCluster - 15:30 UTC

Description: Added support for SecurityGroup property in AWS Dax Cluster in Compliance Engine.

Case ID: DFR-2722
Known limitations: This property can be used to query the securityGroup property and to pass/fail the rule according to it, but currently not visible in the Entity Viewer in the UI.
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Azure VirtualMachine - 06:00 UTC

Description: Added support for the following NIC properties: ‘dnsSettings’, ‘nicType’, ‘workloadType’, and ‘privateLinkService’ in Azure VirtualMachine entity.

Case ID: DFR-2840
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE Risk Management - Data Sensitivity - 11:00 UTC

Description: Risk Management supports Data Sensitivity indication for Azure PostgreSQL and MySQLDBSingleServer using Azure Purview data.
Case ID: CNAPP-4977
Known limitations: N/A
Affected Components: DSPM RISK MANAGEMENT PROTECTED ASSETS COMPLIANCE ENGINE

FEATURE Risk Management - Network Exposure - 09:00 UTC

Description: Azure FunctionApp Support for Network Exposure in Protected Assets and Compliance Engine.
Case ID: CNAPP-4804
Known limitations: N/A 
Affected Components: RISK MANAGEMENT COMPLIANCE ENGINE PROTECTED ASSETS

FIXED Permissions for AWS onboarding page - 07:30 UTC

Description: Fixed missing permissions from AWS Organization onboarding, added missing permissions to regular onboarding instructions and fixed needed permissions for Sage Maker Notebook.
Case ID: CNAPP-4277
Known limitations: N/A
Affected Components: ONBOARDING

FEATURE AWS Timestream Query - 10:45 UTC

Description: Added support for AWS Timestream Query entity in Compliance Engine and Protected Assets.

Case ID: DFR-2414
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Batch - 10:45 UTC

Description: Added support for Azure BatchAccount entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4227
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Event Grid - 10:45 UTC

Description: Added support for Azure EventGridNamespace entity in Compliance Engine and Protected Assets.

Case ID: DFR-2837
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Azure Compute Gallery - 10:45 UTC

Description: Added support for Azure Compute Gallery in Compliance Engine and Protected Assets.

Case ID: CNAPP-4228
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE GCP Folder - 10:45 UTC

Description: Added support for GCP Folder in Compliance Engine and Protected Assets.

Case ID: DFR-2963
Known limitations: Only folders that are visible to the service account will appear. Requires to set a policy binding on the folder's level with a view permission for the service account.
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT GCP AppEngine - 10:45 UTC

Description: Added support for GCP Identity-Aware Proxy as new properties in AppEngine: “iapSettings”.

Case ID: DFR-2971
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT GCP BackendService - 10:45 UTC

Description: Added support for GCP Identity-Aware Proxy as new properties in BackendService: “iapAccessSettings” and “iapApplicationSettings“.

Case ID: DFR-2971
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 11:00 UTC

Description: CSA CCM v4.0 for Azure enrichment; New AWS and AZURE rules. A complete list can be found here.

Case ID: CNAPP-5348, DFT-2970, DFT-2993, DFT-3045, DFT-3075, DFT-3100
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Workload Protection for Kubernetes: helm 2.25.0 - 11:00 UTC

Description: Image Assurance 2.27.0:

• Fix “Internal error” image scan errors: on nodes with containerd Container runtime configured to discard compressed image layers once they were unpacked. Affects GKE 1.27+ and all EKS with AMIs released after July 28 2023 

Admission Control Enforcer 2.10.0

• Fix escaping in GSL if regular expression defined.

Case ID: CON-7715
Known limitations: N/A
Affected Components: CONTAINERS

FEATURE AWS Firewall Manager - 11:00 UTC

Description: Added support for AWS FirewallManagerAdminAccount and FirewallManagerPolicy entities in Compliance Engine and Protected Assets.

Case ID: CNAPP-3511
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS