AWS TransitGateway - 12:00 UTC
Description: Added support for ‘hasFlowLog ’ property in AWS TransitGateway in Compliance engine & Protected Assets.
Case ID: DFR-3405
Known limitations:
Affected Components:

AWS S3Bucket - 12:00 UTC
Description: Fixed missing tags issue in AWS S3Bucket.
Case ID: DFT-3631
Known limitations: N/A
Affected Components:

GCP Cloud Run - 10:30 UTC
Description: Fixed an issue that caused some GCP Cloud Run entities to be missing in the database.
Case ID: IN-8627
Known limitations: N/A
Affected Components:

Reports | Assessment history | Mismatch between results to CSV - 12:00 UTC
Description: UI was update in order to clarify the export details
Case ID: DFT-3462
Known limitations: N/A
Affected Components:

GCP Security Command Center - 11:00 UTC
Description: Added support for GCP Security Command Center entities in Compliance Engine and Protected Assets: SecurityCenterSource, SecurityCenterNotificatConfig, SecurityCenterMuteConfig.
Case ID: CNAPP-6371
Known limitations: N/A
Affected Components:

GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now fetched with a new mechanism and containing more fields (fields that are not configured will contain null). US DC only.

Case ID: CNAPP-7753
Known limitations: Relevant to US DC only
Affected Components:

Security Issue vulnerabilities - 12:30 UTC

Description: Fixed issue where some entity types would not display the correct CVEs in Security Issue vulnerabilities view.

Case ID: CNAPP-8498
Known limitations: N/A 
Affected Components:

Traffic Trends dashboard widget - 12:30 UTC

Description: Fixed widget that stopped working.

Case ID: CNAPP-8492, DFT-3558
Known limitations: N/A 
Affected Components:

Azure Function App - 11:00 UTC
Description: Added support for ‘BasicPublishingCredentials’ property in Azure Function App in Compliance engine & Protected Assets.
Case ID: DFR-3193
Known limitations:
Affected Components:

Compliance Rulesets Update - 08:30 UTC

Description: New rules for Azure. A complete list can be found here.

Case ID: CNAPP-8536, DFT-3503
Known limitations: N/A 
Affected Components:

Findings not removed - Policy deleted - Even if the Assessment History is 100% Compliant, there are High "Posture Findings" events for the same ruleset - 7:00 UTC
Description: Finding are deleted in case policy is deleted (applied also retroactively)
Case ID: DFT-2976
Known limitations: N/A
Affected Components:

AWS S3 bucket Macie - 10:30 UTC
Description: Added support for ‘lastAutomatedDiscoveryTime’ and ‘sensitivityScore’ fields in AWS S3 bucket in Compliance engine & Protected Assets.
Case ID: DFR-3439
Known limitations:
Affected Components:

AWS StorageGateway - 11:20 UTC
Description: Added support for ‘Volumes’ and ‘volumeEncryptionKeyList’ properties in AWS Storage Gateway in Compliance engine and Protected Assets.
Case ID: DFR-3178
Known limitations:
Affected Components:

Azure Application Gateway - 14:00 UTC
Description: Added support for ‘sslProfiles’ property in Azure Application Gateway in Compliance engine, Protected Assets & API. This is due to a structure change in Azure.
Case ID: DFT-3465
Known limitations: Replaces the ‘sslPolicy’ property.
Affected Components:

AWS Auto Scaling Groups - 11:00 UTC
Description: Data fetching for AWS auto scaling groups launch configurations and EC2 launch templates.
Case ID: CNAPP-8129
Known limitations: N/A
Affected Components:

Azure NatGateway - 10:00 UTC
Description: Added support for Azure NatGateway entity in Compliance Engine and Protected Assets.
Case ID: DFR-3315
Known limitations: N/A
Affected Components:

AWS EksCluster- 10:30 UTC
Description: Added support for ‘kmsKeys’ property in in AWS EKS clusters in Compliance engine.
Case ID: DFR-2911
Known limitations:
Affected Components:

Compliance Rulesets Update - 08:30 UTC

Description: New Ruleset AICPA SOC 2 for Alibaba; New Ruleset HIPAA for Alibaba; New Ruleset ISO 27001:2022 for Alibaba; New Ruleset NIST SP 800-53rev5 for Alibaba; New Ruleset PCI DSS v4 for Alibaba; New Ruleset AICPA SOC 2 for OCI; New Ruleset HIPAA for OCI; New Ruleset ISO 27001:2022 for OCI; New Ruleset NIST SP 800-53rev5 for OCI; New Ruleset PCI DSS v4 for OCI. A complete list can be found here.

Case ID: CNAPP-8460, DFT-3446, DFT-3471, DFT-3587, DFT-3590
Known limitations: N/A 
Affected Components:

GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now fetched with a new mechanism and containing more fields (fields that are not configured will contain null). Ireland DC only.

Case ID: CNAPP-7752
Known limitations: Relevant to Ireland DC only
Affected Components:

AWS EC2 Instance, AWS ELB, AWS RDS, AWS VPC, AWS Subnet, AWS Security Group and AWS NACL - 17:00 UTC
Description: Added support for ‘VendorIdentifier’ property in AWS EC2 Instance, AWS ELB, AWS RDS, AWS VPC, AWS Subnet, AWS Security Group and AWS NACL entities in Compliance Engine and Protected Assets.
Case ID: DFR-2987, CNAPP-8002
Known limitations: N/A
Affected Components:

Compliance Rulesets Update - 08:30 UTC

Description: New rules for GCP. A complete list can be found here.

Case ID: CNAPP-8326
Known limitations: N/A 
Affected Components:

Menu item for IAM Safety Policy Report - 7:00 UTC
Description: Added the missing report page to the menu.
Case ID: CNAPP-8423
Known limitations: N/A
Affected Components:

Erm Dashboard - Security Issues widgets - 8:00 UTC
Description: Fixed an issue where the widgets of the security issues would show closed issues.
Case ID: CNAPP-8404
Known limitations: N/A
Affected Components:

AWS Network Firewall, AWS Code Build Project, AWS Code Build Build, AWS Code Pipeline Webhook, AWS ElastiCache Parameter Group, AWS Kinesis Analyics Application, AWS RDS DB Cluster, AWS RDS DB Cluster Parameter Group, AWS RDS DB Cluster Snapshot and AWS RDS Event Subscription - 12:00 UTC
Description: Added support for ‘VendorIdentifier’ property in AWS Network Firewall, AWS Code Build Project, AWS Code Build Build, AWS Code Pipeline Webhook, AWS ElastiCache Parameter Group, AWS Kinesis Analytics Application, AWS RDS DB Cluster, AWS RDS DB Cluster Parameter Group, AWS RDS DB Cluster Snapshot and AWS RDS Event Subscription entities in Compliance Engine and Protected Assets.
Case ID: DFR-2987, CNAPP-8169, CNAPP-8177, CNAPP-8337
Known limitations: N/A
Affected Components:

Protected Assets - Security Groups - 15:00 UTC
Description: Fixed an issue that prevented cleanup of deleted Security Groups from Protected Assets.
Case ID: CNAPP-8309
Known limitations: N/A
Affected Components:

AWS Region - 10:50 UTC

Description: Fixed an issue in the fetching of ‘ConfigurationRecordingStatus' property in AWS Region.

Case ID: DFT-3471
Known limitations: N/A 
Affected Components:

Compliance Rulesets Update - 08:00 UTC

Description: General maintenance and content updates. A complete list can be found here.

Case ID: CNAPP-8162, DFT-3545, DFT-3552, DFT-3589
Known limitations: N/A 
Affected Components:

GCP Project - 9:00 UTC
Description: Added support for ‘ProjectTagBinding’ property in GCP Project in Compliance engine.
Case ID: DFR-3259
Known limitations: Relevant to Singapore, Mumbai, Canada and Sydney only
Affected Components:

Azure Virtual Network Gateway - 14:50 UTC

Description: Fixed an issue that caused partial fetching for ‘VirtualNetworkGateway’ entities.

Case ID: IN-8633
Known limitations: N/A 
Affected Components:

Helm 2.29.0: Runtime Protection daemon 1.16.2: enhancements- 13:00 UTC
Description: Runtime Protection daemon 1.16.2

• Improved File Reputation Blade for Reduced False Positives

• Improved memory management

Affected Components: CloudGuard Workload Protection agents
Case ID: CON-8396
Known limitations:
Affected Components:

GCP BigQueryTable & GCP DataprocCluster Permission update- 13:00 UTC
Description: BigQueryTable and DataprocCluster are fetched using GCP Cloud Asset Inventory export API call.
In order to use this API call Cloud Asset API should be enabled and also the Cloud Asset Viewer role should be granted to Cloud guard’s service account.
In case permissions are missing it will be displayed in the cloud account’s environment page --> missing permission table under the “GcpAssetInventory“ type.
Case ID: CNAPP-7919
Known limitations: Relevant to Singapore, Mumbai, Canada and Sydney only
Affected Components:

GCP AlloyDB for PostgreSQL - 11:00 UTC
Description: Added support for GCP AlloyDB for PostgreSQL entities in Compliance Engine and Protected Assets: AlloyDBCluster, AlloyDBInstance, AlloyDBBackup.
Case ID: CNAPP-1466
Known limitations: N/A
Affected Components:

AWS S3 bucket & Region - 13:50 UTC

Description: Fixed wrong value under the “Region” column in the protected assets table.

Case ID: CNAPP-4868, DFR-2822
Known limitations: N/A 
Affected Components:

AWS Cognito User Pool, AWS IAM Server Certificate, AWS SNS Platform Application, AWS Transfer and AWS WAF Regional - 12:00 UTC
Description: Added support for ‘VendorIdentifier’ property in AWS Cognito User Pool, AWS IAM Server Certificate, AWS SNS Platform Application, AWS Transfer and AWS WAF Regional entities in Compliance Engine and Protected Assets.
Case ID: DFR-2987, CNAPP-8001
Known limitations: N/A
Affected Components:

AWS SNS Platform Application - 12:00 UTC
Description: Enable fetching AWS SNS Platform Application in region “us-east-2”.
Case ID: CNAPP-8001
Known limitations: N/A
Affected Components:

Compliance Rulesets Update - 08:30 UTC

Description: New Ruleset CIS GCP Benchmark v3.0.0; New Ruleset CIS K8S Benchmark v1.9.0; New rules for AWS and GCP. A complete list can be found here.

Case ID: CNAPP-7979, DFT-3520, DFT-3521, DFT-3560
Known limitations: N/A 
Affected Components:

CSPM Managed Ruleset Versions - 6:00 UTC
Description: Added versions to CSPM managed rulests.
Case ID: CNAPP-3847
Known limitations: N/A
Affected Components:

Reports page improvements - 6:00 UTC
Description: Added filtering capabilities and actions to the reports table.
Case ID: CNAPP-5660
Known limitations: N/A
Affected Components:

CDR Rulesets Update - 09:30 UTC

Description: New Azure rules. A complete list can be found here.

Case ID: -
Known limitations: N/A 
Affected Components:

API Gateway and API Gateway V2 property - 11:30 UTC
Description: Added support for ‘mappedCustomDomainName’ property in “AWS API Gateway V2” and “AWS API Gateway” entities in compliance engine and protected assets.
Case ID: DFR-2876
Known limitations: N/A
Affected Components:

CG API Keys - Last used info - 2:00 UTC
Description: CG now displays API keys with the information about when were they last been used.
Case ID: DFR-2953
Known limitations: N/A
Affected Components:

AWS Code Build Project - 10:00 UTC
Description: Reduced fetching frequency for Aws Code Build Project to once a day to avoid throttling.
Case ID: DFT-3574
Known limitations: N/A
Affected Components:

GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now fetched with a new mechanism and containing more fields (fields that are not configured will contain null). Relevant to Singapore, Mumbai and Canada DCs only.

Case ID: CNAPP-7749, CNAPP-7750, CNAPP-7751
Known limitations: Relevant to Singapore, Mumbai, Canada DC only
Affected Components:

AWS Organization Account - 15:30 UTC
Description: Add SCP account policies that are inherited from OU.
Case ID: DFR-2256
Known limitations: N/A
Affected Components:

Risk Management - Azure SQL Server Network Exposure - 11:30 UTC

Description: Treating the build it firewall rule that allows traffic from Azure services as partially public.
Case ID: CNAPP-7702
Known limitations: N/A 
Affected Components:

Compliance Rulesets Update - 09:30 UTC

Description: General maintenance and content updates. A complete list can be found here.

Case ID: CNAPP-7825, DFT-3536
Known limitations: N/A 
Affected Components:

CIEM label can be added to CSPM rules - 11:00 UTC
Description: Adding support for adding CIEM label to custom CPSM rule, findings with that label will show up under CIEM\Findings.
Case ID: DFR-3257
Known limitations: N/A
Affected Components:

Multi entities selection on CSPM exclusions - 10:00 UTC
Description: Added support for multi entities selection on CSPM exclusion, entities can be selected from a list or by using a wildcard
Case ID: DFR-3422, DFR-2327
Known limitations: N/A
Affected Components:

AWS Region - 11:00 UTC
Description: Added support for Organization Access Analyzers Type under the “accessAnalyzers” field.
Case ID: DFR-3185
Known limitations: N/A
Affected Components:

AWS Organization Unit - 10:00 UTC
Description: Added support for AWS Organization Unit in compliance engine and protected assets.
Case ID: DFR-2914
Known limitations: N/A
Affected Components:

Risk Management - Azure SQL Server Network Exposure - 13:25 UTC

Description: Ignoring firewall rule that allows traffic from Azure services when calculating external public exposure.
Case ID: CNAPP-7702
Known limitations: N/A 
Affected Components:

Azure Load Balancer 11:00
Description: Added outbound rules support for the ‘LoadBalancer’ entity as a new property: ‘outboundRules’.
Case ID: DFR-2352
Known limitations: N/A
Affected Components:

AWS CloudWatch Events - 11:10 UTC
Description: Added support for ECS parameters as new property 'targets[].ecsParameters' for the ‘CloudWatchEventsRule’ entity.
Case ID: DFR-3372
Known limitations: N/A
Affected Components:

AWS Security Group - 11:10 UTC
Description: Added support in the ‘SecurityGroup’ entity for ‘EcsSchduledTask’ under the ‘networkAssetsStats’ property.
Case ID: DFR-3372
Known limitations: N/A
Affected Components:

Compliance Rulesets Update - 10:30 UTC

Description: New Ruleset CIS Amazon EKS Benchmark v1.4.0, New Ruleset CIS GKE Benchmark v1.5.0, New Ruleset CIS Microsoft Kubernetes Engine (AKS) Benchmark v1.4.0; New AWS,OCI, Alibaba ,GCP and Kubernetes rules. A complete list can be found here.

Case ID: CNAPP-7660, DFT-3455
Known limitations: N/A 
Affected Components:

AWS S3 Bucket - 12:00 UTC
Description: Avoid deleting previous data of AWS S3 Bucket when not receiving new data (due to missing permissions or other reasons).
Case ID: DFR-2952
Known limitations: N/A
Affected Components:

AWS Account - 10:30 UTC
Description: Added support for ‘Contact Information’ property in AWS Account in Compliance engine & Protected Assets.
Case ID: DFR-2383
Known limitations: N/A
Affected Components:

OCI VNIC - 9:30 UTC
Description: Expose public & private IP in OCI VNIC in Protected Assets page
Case ID: DFT-3217
Known limitations: N/A
Affected Components:

Sydney - GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now containing more fields (fields that are not configured will contain null). Relevant to Sydney DC only.
Case ID: CNAPP-7553
Known limitations: N/A
Affected Components:

AWS Credential Report API - 9:00 UTC

Description: Fixed an issue that caused the presentation of old data in the 'CloudIamCredentialReport' API.

Case ID: DFT-3454
Known limitations: N/A 
Affected Components:

GSL Builder Export | OU Path set to N/A while running a GSL rule - 15:00 UTC

Description: Fixed missing OU path when exporting from GSL builder

Case ID: DFT-3339
Known limitations: N/A 
Affected Components:

UI | Unable to associate Ali baba cloud to another OU - 11:00 UTC

Description: Fixed failure to associate Ali baba cloud to OU

Case ID: DFT-3496
Known limitations: N/A 
Affected Components:

Azure PostgreSQL - 10:50 UTC

Description: Fixed an issue that caused partial fetching for ‘PostgreSQL’ entities.

Case ID: DFT-3466
Known limitations: N/A 
Affected Components:

GCP Identity Platform - 13:00 UTC
Description: Added support for GCP Identity Platform Entities: IdentityPlatformTenant and IdentityPlatformUser.
Case ID: CNAPP-1463
Known limitations: N/A
Affected Components:

Azure Network Security Groups Management - 11:30 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7585
Known limitations: N/A
Affected Components:

Risk Management - Network Exposure - 11:30 UTC

Description: Network Exposure support for Azure SQL Server. Available in Protected Assets and as part of the risk score calculation.
Case ID: CNAPP-7064
Known limitations: N/A 
Affected Components:

AWS VPC\KMS\Route table shown incorrectly in Protected Assets - 10:00 UTC

Description: Fixed a bug where AWS VPC\KMS was shown as Alibaba VPC\KMS in the protected assets table, and AWS route table was shown as Azure route table in the protected assets table.

Case ID: DFT-3458, DFT-3510, DFT-3452, DFT-3508
Known limitations: N/A 
Affected Components:

Compliance Rulesets Update - 10:00 UTC

Description: New AWS, OCI, Alibaba, and GCP rules; DFTs fixes. A complete list can be found here.

Case ID: CNAPP-7557, DFT-3484, DFT-3447
Known limitations: N/A 
Affected Components:

UI | Missing permissions | Key vault seems to be duplicated on the amount of entities that have an issue- 10:00 UTC

Description: Remove duplication of key vault

Case ID: DFT-3408
Known limitations: N/A 
Affected Components:

UI | Reporting | when we download the report from CIEM somehow don't get the label column on the export file- 14:00 UTC

Description: Lable was added to CIEM findings

Case ID: DFT-2551
Known limitations: N/A 
Affected Components:

GCP Cloud Source Repository 13:00 UTC
Description: Added support for GCP Cloud Source Repository entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1467
Known limitations: N/A
Affected Components:

Azure Network Security Groups Management - 13:25 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7491
Known limitations: N/A
Affected Components:

Azure User - 12:30 UTC
Description: Added support for ‘assignmentRoles’ property in Azure User in Compliance Engine and Protected Assets.
Case ID: DFT-3348
Known limitations: N/A
Affected Components:

Azure Cosmos DB Account - 11:15 UTC
Description: Added support for ‘minimalTlsVersion’ property in Azure Cosmos DB Account in Compliance Engine and Protected Assets.
Case ID: DFR-2932
Known limitations: N/A
Affected Components:

UI | MSP | Cannot switch roles on FireFox - 14:00 UTC

Description: Fixed issue of switching logs in MSP in Firefox

Case ID: DFT-3430
Known limitations: N/A 
Affected Components:

Compliance Rulesets Update - 11:00 UTC

Description: DFTs fixes. A complete list can be found here.

Case ID: CNAPP-7453, DFT-3455, DFT-3381
Known limitations: N/A 
Affected Components:

GCP GKE Cluster - 10:00 UTC
Description: Added support for ‘networkConfig’ property in GCP GkeCluster.
Case ID: DFR-2663
Known limitations: N/A
Affected Components:

AWS Kinesis Firehose - 06:00 UTC

Description: Fixed rate limit issue in AWS Kinesis Firehose.

Case ID: DFT-3432
Known limitations: N/A 
Affected Components:

GCP Cloud Armor Security Policy entity - 13:00 UTC
Description: Added support for GCP Cloud Armor Security Policy entity in Compliance Engine and Protected Assets.
Case ID: DFR-2968
Known limitations: N/A
Affected Components:

UI | Typo in Role Creation Screen - 18:00 UTC

Description: Fix typo in role creation screen

Case ID: DFT-3483
Known limitations: N/A 
Affected Components:

Slack and Teams Notification - 18:00 UTC

Description: Bug fix in Slack and Teams Notifications.

Case ID: CNAPP-8613
Known limitations: N/A 
Affected Components:

AWS S3 Bucket - 17:30 UTC
Description: Added support for ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.isCrossAccountKey’ and ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.kmsKey' properties in AWS S3 Bucket in Compliance engine & Protected Assets.
Case ID: DFR-2482
Known limitations: Keys which are cross account will be seen in the 'kmsKey’ property - only if belongs to a cloud account which was on boarded to the same CloudGuard account as the S3Bucket’s cloud account, and only if the client has approved account data sharing.
Affected Components:

Slack and Teams Notification - 23:00 UTC

Description: Bug fix in Slack and Teams Notifications.

Case ID: CNAPP-8613
Known limitations: N/A 
Affected Components: