2019 Releases

Owned by Guy Shteinberg
Jun 21, 2020
27 min read
Deployment December 31, 2019

Compliance Policy for Organizational Unit  - 09:49 UTC

Type: New Feature
Description: Compliance Policy now support Organizational Unit level - Notifications, Policies and Reports can be set by OU level. Added new unified reports for all cloud accounts under OU.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE POLICY  COMPLIANCE INTEGRATIONS COMPLIANCE REPORTS UI

Deployment December 30, 2019

Logic - New on-boarding wizard and process  - 12:18 UTC

Type: Improvements
Description: Improved Logic on-boarding experience.
Known limitations: N/A 
Affected ComponentsLOG.IC 

Deployment December 29, 2019

Logic - Improve alerts time frame  - 15:18 UTC

Type: Improvements
Description: Improve alerts time frame.
Known limitations: N/A 
Affected ComponentsLOG.IC 

GCP Onboarding Process - 14:12 UTC

Type: Improvements
Description: Update instructions and added some more screenshots.
Known limitations: N/A 
Affected ComponentsUI 

Compliance Engine Infrastructure Update 11:45 UTC

Type: Improvements
Description: Some changes in the infra for better monitoring and capabilities.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE 

Deployment December 26, 2019

Filter Panel 15:42 UTC

Type: New Feature
Description: New filter horizontal layout.
Known limitations: N/A 
Affected ComponentsFILTERS 

Deployment December 25, 2019

AWS ElastiCache 16:00 UTC

Type: Bug Fix
Description: Fixed an issue with AWS ElastiCache entities fetching.
Known limitations: N/A 
Affected Components  DATA FETCHING AWS  

AWS IAM Credentials Report 15:50 UTC

Type: Bug Fix
Description: Fixed an issue with throttling errors handling in AWS Credentials Report entity fetching.
Known limitations: N/A 
Affected Components  DATA FETCHING AWS  

Cloud Account Onboarding - Bug Fix 13:55 UTC

Type: Bug
Case ID: DOME-13068
Description: Internal fix for an issue when onboarding account without OU/Root level.
Known limitations: N/A 
Affected Components  UI  API

Deployment December 24, 2019

Missing scroll on My Account And AWS Onboarding Pages  13:07 UTC

Type: Bug
Description: Missing scroll on certain screen sizes in My Account page and AWS onboarding
Known limitations: N/A 
Affected Components  UI  

Log.ic - Warning message fix  13:07 UTC

Type: Bug
Description: Fixed popup message UI
Known limitations: N/A 
Affected Components  UI  

Deployment December 23, 2019

Compliance Notification - Add Integration Status  - 11:10 UTC

Type: 
Description: Adding status indicator which show the status of each enabled integration on the notification policy.
Known limitations: N/A 
Affected Components  UI  COMPLIANCE INTEGRATION

Deployment December 22, 2019

Protected Assets - Adding Support for Additional Assets - 17:10 UTC

Type: Improvement
Description: Adding support for the following assets:

AWS
ECS Cluster
VPNGateway
Route53 Hosted Zone
Route53 Domain
Sage Marker Notebook
Volume
ElastiCache

Azure
Postgre SQL
Container Registry
CosmosDbAccount
PolicyAssignment
LogProfile

GCP
Network

Known limitations: N/A 
Affected Components  PROTECTED ASSETS 

Azure China Support - 14:00 UTC

Type: Improvement
Description: We now support onboarding and management of Azure China cloud accounts.
Known limitations: N/A 
Affected Components  AZURE 

AWS Cloud Front Fetching Bug Fix - 13:50 UTC

Type: Bug Fix
Description: Fixed small issue when fetching Cloud Front Entities from AWS.
Known limitations: N/A 
Affected Components  DATA FETCHING 

Deployment December 18, 2019

Log.ic - Improve Flow Logs ingestion time - 20:00 UTC

Type: Improvement
Description: Improving ingestion and processing time, reducing in some cases up to 10 minutes.
Known limitations: N/A 
Affected Components  LOG.IC 

AWS Services Fetching Infrastructure Updates - 15:00 UTC

Type: Improvement
Description: Updates to AWS Services entities fetching mechanism, Improved throttling mechanism to handle rate exceeded calls.
Known limitations: N/A
Affected ComponentsDATA FETCHING

Compliance & Governance - Dashboard 13:38 UTC

Type: Bug Fix
Case ID: DOME-12984
Description: Organization Units display fix
Known limitations: N/A 
Affected Components  COMPLIANCE DASHBOARD 

Assign OU To Kubernetes fix 13:38 UTC

Type: Bug Fix
Case ID: DOME-12934
Description: Disable option to assign ou to Kubernetes
Known limitations: N/A 
Affected Components  ORGANIZATION UNITS 

Compliance Result Page Missing Permission 13:38 UTC

Type: Improvement 
Description: Showing missing permission
Known limitations: N/A 
Affected Components  PERMISSIONS 

Cross System Font Change 13:38 UTC

Type: Improvement
Description: New system font
Known limitations: N/A 
Affected Components  CROSS SYSTEM 

Deployment December 17, 2019

Compliance Integration HTTP Endpoint - Minor Improvement - 14:15 UTC

Type: Improvement
Description: A minor improvement with error handling.
Known limitations: N/A 
Affected Components  COMPLIANCE INTEGRATIONS COMPLIANCE WEBHOOK

AWS Onboarding - AWS China & Gov minor UI bug fixes - 09:10 UTC

Type: Bug fix
Description: Minor UI fixes.
Known limitations: N/A
Affected ComponentsUI

Deployment December 16, 2019

AWS Services Fetching Infrastructure Updates - 15:30 UTC

Type: Improvement
Description: Updates to AWS Services entities fetching mechanism, Improved throttling mechanism to handle rate exceeded calls.
Known limitations: N/A
Affected ComponentsDATA FETCHING

Deployment December 15, 2019

DOME9 Chrome extension - 09:00 UTC

Type: Improvement
DescriptionNew version for the Dome9 chrome extension, new look and feel and more features to make it easy acquire Dynamic access leases and IAM Safety elevations.(More info)
Known limitations: Requires re onboarding to the extension.
Affected ComponentsCHROME EXTENSION 

Deployment December 11, 2019

GCP Big Table - 16:00 UTC

Type: New Feature
DescriptionAdded GCP Big Table entity support
Known limitations: N/A 
Affected ComponentsDATA FETCHERS GCP 

Deployment December 10, 2019

Compliance Engine - Bug fix - 14:35 UTC

Type: Bug fix
Case ID: DFT-654
Description: AWS S3 Bucket object level logging marked as disabled when "Select all S3 buckets in your account" is selected in Cloud Trail.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE

Compliance Integrations - Add OU Metadata - 10:35 UTC

Type: Improvement
Description: Adding OU metadata to Compliance Findings.
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATIONS

Deployment December 9, 2019

Email Notification page enhancements - 09:55 UTC

Type: Improvement
Description: Improve Email notification settings page UI.
Known limitations: N/A
Affected ComponentsUI

AWS IAM Fetching Infrastructure Updates - 08:35 UTC

Type: Improvement
Description: Updates to AWS IAM entities fetching mechanism.
Known limitations: N/A
Affected ComponentsDATA FETCHING

Deployment December 8, 2019

Protected assets  - Alerts and findings fix - 16:35 UTC

Type: Bug fix
Case ID: DOME-12823
Description: Added missing pagination on Alerts and findings tab.
Known limitations: N/A
Affected ComponentsUI

Account settings - SNS integration renamed to Integrations - 16:35 UTC

Type: Improvement
Description: Unified place for every future integration.
Known limitations: N/A
Affected ComponentsUI

Protected assets page - Adding Entity Viewer for all entities - 16:35 UTC

Type: Improvement
Description: Added entity viewer tab for each entity.
Known limitations: N/A
Affected ComponentsUI

Azure Application Gateway Additions - 14:00 UTC

Type: Improvement
Description: Added Diagnostic Settings information to the Compliance Engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE

Deployment December 2, 2019

Improvement - New permission to onboard a new cloud account - 14:00 UTC

Type: Improvement
Case ID: DFR-575
Description: A new type of permission for Dome9 users that allows to onboard a new cloud account 
Known limitations: N/A 
Affected Components  ONBOARDING

Add links to assets - 09:30 UTC

Type: Improvement
Description: Add links from the information panel of Logic to protected assets 
Known limitations: Support IAM user, S3 bucket and KMS
Affected Components  LOG.IC

Deployment December 1, 2019

Compliance Infrastructure Improvements - 14:00 UTC

Type: Improvement
Description: Improvements to Compliance Infrastructure.
Known limitations: N/A 
Affected Components  COMPLIANCE

Compliance Webhook Integration - minor improvement - 13:30 UTC

Type: Improvement
Description: A minor improvement in the "Invalid endpoint mechanism" feature.
Known limitations: N/A 
Affected Components  COMPLIANCE WEBHOOK

Deployment November 29, 2019

Compliance Rulesets Update 

Type: Improvement
DescriptionFirst release of the Dome9 Kubernetes Rulesets, which include CIS Kubernetes Benchmarks Ruleset, Kubernetes NIST SP 800-190 Ruleset, Kubernetes Dome9 Best Practices Ruleset. In addition we have created AWS Dome9 Well Architected Framework Ruleset and GCP Dome9 Containers Security Ruleset.
We have made bug fixes to GSL logic. Click here for details.

Case ID : 

DFT-640 - Logic fix - D9.AWS.NET.06 - Ensure S3 buckets are not publicly accessible
DFT-639 - Name fix - D9.AWS.NET.46 - Ensure AWS NAT Gateways are not being utilized for the default route

Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment November 28, 2019

Bug fix - Protected Assets - Filters - 13:30 UTC

Type: Bug fix
Case ID: DOME-12900
Description: Fixed an issue with Cloud account filters on Protected assets page.
Known limitations: N/A 
Affected Components  UI

Bug fix - AWS SNS Subscription - 13:30 UTC

Type: Bug fix
Case ID: DFT-524
Description: Fixed an issue with AWS SNS subscriptions entities fetching.
Known limitations: N/A 
Affected Components  DATA FETCHERS AWS

Deployment November 27, 2019

Preview

Protected Assets - New Dashboard - 16:30 UTC

Type: New Feature
Description: Same dashboard framework as in the Alert page with inventory assets data source.
Known limitations: N/A 
Affected ComponentsUI 

Compliance Remediation and Exclusion UI Bug Fix - 16:30 UTC

Type: Bug Fix
Description: Fix an issue on Compliance Remediation and Exclusion in order to accept special characters (São Paulo as an example).
Known limitations: N/A 
Affected ComponentsUI 

Deployment November 24, 2019

AWS Entity Fetching Improvements - 15:30 UTC

Type: Improvement
DescriptionImprovement for fetching infrastructure for AWS Virtual MFA devices, AWS Configuration Recorder and Azure Storage.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS 

Deployment November 21, 2019

Azure Logic Apps - 16:00 UTC

Type: New Feature
DescriptionAdded Azure Logic Apps entity support
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AZURE 

Improvements for entity fetching infrastructure- 11:10 UTC

Type: Improvement
Description: Improved fetching infrastructure for AWS Volumes, GCP VMs, AWS EFS, Azure Locks and Azure Postgresql.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS

Deployment November 20, 2019

AWS AMI - Added Tags support - 14:10 UTC

Type: Improvement
Description: Minor fix in AWS AMI entity fetching to fetch Tags.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS

Compliance Scale Enhancements - 08:25 UTC

Type: Improvements
Description: Minor configuration changes and metrics additions in order to enhance the engine work on large assessments.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE 

Deployment November 19, 2019

GCP Cloud Function - 13:10 UTC

Type: New Feature
DescriptionAdded GCP Cloud Function entity support
Known limitations: N/A 
Affected ComponentsDATA FETCHERS GCP 

Deployment November 18, 2019

IAM Safety - user/role elevation in my settings page - 16:00 UTC

Type: Improvement
Description: Enable IAM user/role elevation in IAM Safety my settings page.
Known limitations: N/A 
Affected ComponentsIAM SAFETY 

AWS Lambda page UI Enhancement - 12:15 UTC

Type: Improvement
Description: AWS Lambda page UI Improvments.
Known limitations: N/A 
Affected ComponentsUI 

AWS VPC Endpoint - 11:10 UTC

Type: New Feature
Description: Added support for AWS VPC Endpoint entity.
Known limitations: N/A 
Affected ComponentsDATA FETCHER AWS 

Deployment November 15, 2019

Auto-complete for Cloudtrail GSL builder  - 17:21 UTC

Type: Improvement
Description: Added support for the auto-complete of Cloudtrail.
Known limitations: N/A 
Affected ComponentsLOG.IC  

Deployment November 14, 2019

Bug fix - OU level permissions issue - 12:30 UTC

Type: Bug fix
Case ID: DFT-645
Description: When OU is set as the only permission on a role some of the pages loaded empty.
Known limitations: N/A 
Affected Components  OU PERMISSIONS

Finding Integrations - Extend Logic entities support  - 12:20 UTC

Type: Improvement
Description: Added support with multiple logic entity type.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATIONS  LOGIC ALERTS

Deployment November 13, 2019

AWS Onboarding - ReadOnly policy update - 16:00 UTC

Type: update
Description: Updated the Read-Only policy to support for AWS Elasticsearch Domain entity properties.
Known limitations: N/A 
Affected ComponentsREAD ONLY POLICY 

AWS Elasticsearch Domain - 16:00 UTC

Type: New Feature
Description: Added support for AWS Elasticsearch Domain entity, requires to update the read only policy. (Added es:ListTags)
Known limitations: N/A 
Affected ComponentsDATA FETCHER AWS 

Deployment November 12, 2019

Compliance Engine - improve error handling  - 10:10 UTC

Type: Improvement
Description: Improve error handling within the engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE 

Deployment November 11, 2019

Compliance Integrations - HTTP Endpoint improvement  - 11:37 UTC

Type: Improvement
Description: Test button from the UI now triggered from the integration static IPs.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATIONS UI

Deployment November 10, 2019

Alerts Dashboard - minor UI improvements - 13:25 UTC

Type: Improvements
Description: Minor improvements.
Known limitations: N/A 
Affected ComponentsUI ALERTS

Azure cloud account bulk edit credentials - 13:25 UTC

Type: Improvements
Description: Adding bulk credentials edit for multiple identical on-boarded Application ID from the Cloud Account UI.
Known limitations: N/A 
Affected ComponentsUI

Finding Alert acknowledge bug - 11:25 UTC

Type: Bug fix
Case ID: DFT-641
Description: Fixing Finding alert exception when acknowledging the findings.
Known limitations: N/A 
Affected ComponentsALERTS

Logic Account Activity - new events timeline  - 10:00 UTC

Type: New Feature
Description: Events timeline for Logic account activity.
Known limitations: N/A 
Affected ComponentsLOG.IC

Deployment November 7, 2019

Azure Network Interfaces - Bug Fix - 14:40 UTC

Type: Bug Fix
Description: Handle a case in which Azure Network Interface location is empty.
Known limitations: N/A 
Affected ComponentsDATA FETCHER AZURE

Compliance Integration SNS Improvement - 08:35 UTC

Type: Improvement
Description: Modify the returned error to be supported in the invalid endpoints mechanism.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATION

Deployment November 6, 2019

Add tags for AWS CloudFront entity - 14:30 UTC

Type: Improvement
Description: Added tags for AWS CloudFront entity in the Compliance Engine.
Known limitations: N/A
Affected ComponentsCOMPLAINCE ENGINE

PREVIEW

Alerts Dashboard - Adding new customized dashboard  12:35 UTC

Type: New Feature
Description: The new dashboards are highly customable, users can create their own dashboards and add widgets, with various grouping options.
Known limitations: N/A
Affected ComponentsALERTS UI

IAM Safety - Minor Bug Fixes 12:35 UTC

Type: Bug Fix
Description: Minor UI fixes in IAM Safety management page.
Known limitations: N/A
Affected ComponentsIAM SAFETY UI

Deployment November 5, 2019

Azure Cloud Account API - Minor improvement 16:55 UTC

Type: Improvement
Description: adding new attributes to the cloud account model.
Known limitations: N/A
Affected ComponentsAZURE CLOUD ACCOUNT API

Compliance Engine - Azure Application Gateway bug fix 16:40 UTC

Type: Bug fix
Description: Fixed issue with Azure Application Gateway in Compliance Engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE

Azure Locks minor bug fix - 15:30 UTC

Type: Bug fix
Description: Fixed issue with Azure Locks fetching mechanism.
Known limitations: N/A
Affected ComponentsDATA FETCHER AZURE

IAM Safety API - Minor improvement - 15:15 UTC

Type: Improvement
Description: API Access for non-superuser.
Known limitations: Not Supported in UI. 
Affected ComponentsIAM SAFETY

Compliance Engine Improve Data Loading - 07:22 UTC

Type: Improvement
Description: Optimized the assessment runs by enhancing the data load process.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Deployment November 4, 2019

Adding S3 Object Level Logging to compliance engine  - 15:40 UTC

Type: New Feature
Description: Adding S3 Object level logging data to S3 buckets and Cloud Trail event selector data to compliance engine model.
Known limitations: N/A
Affected Components COMPLIANCE

Compliance Engine Improve Error Handling - 13:50 UTC

Type: Improvement
Description: Optimized assessment runs error handling.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

IAM Policy Reports minor bugs fix and performance improvements - 13:20 UTC

Type: Bug fix
Case ID: DFT-613
Description: Improving IAM Policy Reports loading time and fixing several UI bugs.
Known limitations: N/A 
Affected ComponentsUI IAM POLICY REPORTS

Deployment November 3, 2019

Rollback - Compliance Engine Improve Data Loading - 19:55 UTC

Type: Deployment Revert
Description: Revert of Optimized the assessment runs by enhancing the data load process after discovering some strange anomalies.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Compliance Engine Improve Data Loading - 13:05 UTC

Type: Improvement
Description: Optimized the assessment runs by enhancing the data load process.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Deployment October 31, 2019

Improvements to AWS CloudTrail Mechanism - 15:02 UTC

Type: Improvement
Description: Minor optimisation for CloudTrail error handling.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS

IP Addresses Page enhancements - 10:15 UTC

Type: Improvement
Description: Adding pagination and improved filters in IP Addresses page.
Known limitations: N/A 
Affected ComponentsUI

Compliance Integration SecurityHub Improvement - 08:40 UTC

Type: Improvement
Description: Modify the returned error to be supported in the invalid endpoints mechanism.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATION

Deployment October 30, 2019

Ruleset View JSON - 21:18 UTC

Type: Improvement
Description: Adding view JSON mode for customer managed ruleset.
Known limitations: N/A 
Affected ComponentsUI 

Remediation - Add modify_network_security_group Bot New Parameter - 21:18 UTC

Type: Improvement
Description: Now modify_network_security_group bot can discriminate Allow or Deny by set a new parameter.
Known limitations: N/A 
Affected ComponentsREMEDIATION 

Compliance Core Minor Improvements for Error Handling - 13:33 UTC

Type: Improvement
Description: Modify some errors in the compliance core assessment runs.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE CORE API

Deployment October 29, 2019

Azure Cosmos DB Account - 16:00 UTC

Type: Improvement
Description: Minor changes to entity permissions error handling.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AZURE

Azure account onboarding improvements - 13:15 UTC

Type: Improvement
Description: Minor adjustments to Azure onboarding process.
Known limitations: N/A 
Affected ComponentsAZURE

Logic - policy button in ruleset - 10:30 UTC

Type: Improvement
Description: Add policy button to the ruleset of Logic.
Known limitations: N/A 
Affected ComponentsLOGIC

Compliance Integration SNS Improvement - 08:35 UTC

Type: Improvement
Description: Modify the returned error to be supported in the invalid endpoints mechanism.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATION

Deployment October 28, 2019

Compliance AWS Security Groups Improvements - 12:00 UTC

Type: Improvement
Description: Improved visibility of AWS Security Groups in Compliance Engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE

IAM Policy Reports performance improvements - 10:55 UTC

Type: Bug fix
Case ID: DFT-487
Description: Improving IAM Policy Reports loading time.
Known limitations: N/A 
Affected ComponentsUI IAM POLICY REPORTS

Some UI Filter Improvements - 10:27 UTC

Type: Improvement
Description: Improve some of the UI filter logics to improve performance.
Known limitations: N/A 
Affected ComponentsUI 

Deployment October 27, 2019

Protected assets - CSV missing the private IP column - 16:37 UTC

Type: Bug fix
Case ID: DFT-635
Description: Added missing column in CSV report.
Known limitations: N/A 
Affected ComponentsUI PROTECTED ASSETS

Continuous Compliance HTTP Endpoint Integration Improvement - 11:50 UTC

Type: Improvement
Description: Added static IPs that the HTTP Endpoint integration request will be sent from: 3.232.156.115, 52.70.61.156, 3.231.193.67.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATION

Deployment October 24, 2019

Compliance Rulesets update

Type: Improvement

Description: New AWS Dome9 Network Alerts for default VPC components ruleset. In addition we have added new ports and as a result 150 rules were added to the AWS Dome9 Network Alerts and AWS Dome9 Best Practices rulesets. We have also made bug fixes in the GSL logic to resolve false positives. Click here for details.

Case ID: 

DFT-611- Rule Fix - D9.AZU.NET.25 - Ensure 'Trusted Microsoft Services' is enabled for Storage Account access and this should rectify the issue.

DFT-618 - Rule fix - D9.AZU.LOG.01 CIS - 5.1.2 Ensure that Activity Log Retention is set 365 days or greater - logic change

DFT- 619- Rule ID: D9.AZU.CRY.16- gsl logic change, Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key)” 

DFT- 626- D9.AWS.IAM.27 - Ensure IAM policies that allow full "*:*" administrative privileges are not created

DFT- 627- D9.AWS.CRY.17 - Use encrypted connection between CloudFront and origin server

DFT- 628- D9.AWS.MON.10 - Ensure a log metric filter and alarm exist for security group changes

Known limitations: N/A
Affected ComponentsCOMPLIANCE RULESETS


Deployment October 23, 2019

Reverting Compliance AWS Security Groups Improvements - 19:00 UTC

Type: Deployment revert
Description: Reverting the Improved visibility of AWS Security Groups in Compliance Engine deployment that performed on October 22.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE

AWS IAM Role Inline Policies Fetching performance improvements - 12:35 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS

Deployment October 22, 2019

Compliance AWS Security Groups Improvements - 15:00 UTC

Type: Improvement
Description: Improved visibility of AWS Security Groups in Compliance Engine.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE

Deployment October 10, 2019

Azure Application Gateway Additions - 14:30 UTC

Type: Improvement
Description: Added probes and back end address pools information to the Compliance Engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE

Removing Legacy Compliance Dashboard - 14:00 UTC

Type: Improvement
Description: Removing support for our legacy Compliance Dashboard.
Known limitations: N/A
Affected ComponentsCOMPLIANCE DASHBOARD

Preview

AWS Auto scaling groups - 11:00 UTC

Type: New Feature
DescriptionAdded AWS Auto scaling groups entity support
Known limitations: Not supported on Protected assets yet.
Affected ComponentsDATA FETCHERS AWS

ServiceNow App - 07:24 UTC

Type: Improvement
Description: First release of the Dome9 ServiceNow App in the ServiceNow store: https://store.servicenow.com/sn_appstore_store.do#!/store/application/659f0e251b3eb30071e463d07e4bcbd9/1.0.0
Known limitations: N/A 
Affected Components: N/A

Deployment October 7, 2019

Log.ic - Creates new Api, count protected assets - 07:24 UTC

Type: Improvement
Case ID: DOME-12497
Description: Add property SubscriptionFilter in AwsVpcFlowLog entity and an api that counts assets under protected vpcs.
Known limitations: N/A 
Affected ComponentsLOG.IC


Deployment October 4, 2019

Clarity home - Unmanaged VPC's bug fix - 07:24 UTC

Type: Bug fix
Case ID: DOME-12580
Description: Had an issue with un-managed VPC calculations that caused the Clarity homepage to freeze.
Known limitations: N/A 
Affected ComponentsCLARITY

Deployment October 3, 2019

System Configuration Updates - 06:49 UTC

Type: Improvement
Description: Updated Dome9 system configurations.
Known limitations: N/A 
Affected ComponentsAPI UI

Deployment October 2, 2019

Compliance Permissions - Adding additional granular permissions for the Compliance related features  - 08:55 UTC

Type: Improvement
Description: The Dome9 permissions model is evolving! We’re adding additional granular permissions for the Compliance related features, allowing our customers to better define their Dome9 users and roles (For more information click here)
Known limitations: N/A 
Affected Components API  UI

Deployment September 26, 2019

Continuous Compliance HTTP Endpoint Integration Improvement - 10:15 UTC

Type: Improvement
Description: A minor adjustment to improve scale.
Known limitations: N/A
Affected Components API CONTINUES COMPLIANCE CONTINUES NOTIFICATION

Deployment September 25, 2019

Compliance Result - Entity breakdown adding print option - 15:19 UTC

Type: Improvement
Description: Compliance Result page - entity breakdown now supports print option.
Known limitations: N/A
Affected Components UI

Compliance Remediation - Adding new Azure Bot - 15:19 UTC

Type: Improvement
Description: Adding support in predefined list of Azure 'delete_network_security_group_single_rule' bot.
Known limitations: N/A
Affected Components UI

AWS EFS Fetching performance improvements - 14:34 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AWS  

Deployment September 24, 2019

Compliance Rulesets Update - Bug fix 

Type: Bug Fix
Case ID: DFT-596, DFT-404, DFT-605, DFT-583, DFT-535
Description: Bug fixes on GSL logic to resolve false positives. Click here for details.
Known limitations: N/A
Affected ComponentsCOMPLIANCE RULESETS

Cloud Account Page Optimizations - 14:34 UTC

Type: Improvement
Description: Some optimizations for the Cloud Accounts page.

Known limitations: N/A
Affected Components UI

Deployment September 23, 2019

Dome9 User Role API Improvement - 11:20 UTC

Type: Improvement
Description: Adding a validation for unsupported characters in Dome9 Role API

Known limitations: N/A
Affected Components ROLE API

Log.ic - Improved clustering algorithm  - 08:28 UTC

Type: Improvement
Description: Implemented new algorithm for clustering, for better user experience on large scale accounts.

Known limitations: N/A
Affected Components LOG.IC

Deployment September 22, 2019

New Email Notification Template  - 11:15 UTC

Type: Improvement
Description: New improved email template for Dome9 notifications.

Known limitations: N/A
Affected Components 

AWS Direct Connect Fetching Infrastructure Changes - 11:15 UTC

Type: Bug
Description: Updated infrastructure for fetching AWS Direct Connect metadata to Dome9.

Known limitations: N/A
Affected Components 

Log.ic - fix for edit policy - 07:45 UTC

Type: Bug
Description: Support the option to remove a notification from a policy.

Known limitations: N/A
Affected Components LOG.IC

Log.ic - Improve API graph calls performance - 07:45 UTC

Type: Improvement
Description: Reduce the counter calls.
Known limitations: N/A
Affected Components LOG.IC

Fix the tooltip of clone and delete Security Group buttons - 07:45 UTC

Type: Bug
Description: Tooltip fix.
Known limitations: N/A
Affected Components LOG.IC

Deployment September 19, 2019

Data Retrieval Infrastructure Changes for AWS Cloud Front Distribution - 14:46 UTC

Type: Improvement
Description: Change in the way data is retrieved for Cloud Front Distribution from AWS.
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATION

Updated Fetch Status API - 13:02 UTC

Type: Improvement
Description: Added optional vendor field to fetch status API
Known limitations: N/A
Affected Components API COMPLIANCE

Deployment September 18, 2019

Rollback Data Retrieval Infrastructure Changes for AWS Cloud Front Distribution - 15:15 UTC

Type: Improvement
Description: Revert Change in the way data is retrieved for Cloud Front Distribution from AWS.
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATION

Data Retrieval Infrastructure Changes for AWS Cloud Front Distribution - 14:50 UTC

Type: Improvement
Description: Change in the way data is retrieved for Cloud Front Distribution from AWS.
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATION

Compliance Integrations Improvements - 10:40 UTC

Type: Improvement
Description: Some minor modifications to improve large scale support.
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATION

Deployment September 16, 2019

Compliance Integrations Improvements - 12:28 UTC

Type: Improvement
Description: Some minor modifications to improve large scale support.
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATION

AWS Security Group Page UI Bug Fix - 10:30 UTC

Type: Bug Fix
Description: Disable edit buttons for users without manage permissions.
Affected Components NETWORK SECURITY UI

Azure NSG Management stale data bug fix - 09:00 UTC

Type: Bug Fix
Description: Fixing issue with Azure NSG management when handling empty accounts.
Affected Components AZURE MANAGEMENT

Deployment September 12, 2019

Reverting S3 Object Level Logging - 14:35 UTC

Type: Revert to previous version.
Description: Reverting to latest version after discovering an issue from earlier deployment (Status page).
Known limitations: N/A
Affected Components COMPLIANCE

Adding S3 Object Level Logging to compliance engine  - 14:20 UTC

Type: New Feature
Description: Adding S3 Object level logging data to S3 buckets and Cloud Trail event selector data to compliance engine model.
Known limitations: N/A
Affected Components COMPLIANCE

Deployment September 11, 2019

Disable Security Groups legacy network Alerts  - 11:35 UTC

Type: Deprecated Feature
Description: Deprecating old Security Group alerts, New network system alerts will not be triggered,The new concept is to use the Compliance network alerts ruleset.
Known limitations: N/A
Affected Components ALERTS PAGE

Deployment September 10, 2019

Compliance Security Group Model Updates - 15:32 UTC

Type: Model Fix
Description: Fixed a small issue with AWS Security Group models in Compliance engine.
Affected Components COMPLIANCE ENGINE

Continuous Compliance SecurityHub Integration - Limit description field - 11:30 UTC

Type: Bug fix
Description: Enforce SecurityHub limitation for description field to contain up to 1024 characters.
Known limitations: Dome9's findings description will present the first 1024 characters in SecurityHub console.
Affected Components COMPLIANCE NOTIFICATION

Deployment September 9, 2019

Logic auto filter improvement - 15:28 UTC

Type: Bug fix
Description: Log.ic Auto filter bug fix.
Known limitations: N/A
Affected Components UI

Home Compliance Dashboard - Add trend for compliance result in the last 3 months - 15:05 UTC

Type: New Feature
Description: Now each compliance result can show the compliance trend of the last 3 months.
Known limitations: N/A
Affected Components UI

Continuous Compliance HTTP Endpoint Integration - Adding Splunk support - 09:15 UTC

Type: New Feature
Description: Adding new integration support for Splunk under HTTP endpoint.
Known limitations: N/A
Affected Components COMPLIANCE NOTIFICATION

Users and Roles - Adding OU Permissions capabilities - 09:15 UTC

Type: New Feature
Description: Implementing OU permissions model within the system, this feature will allow configure permissions on specific OU and not just on cloud account level.
Known limitations: N/A
Affected Components UI API

Deployment September 8, 2019

Type: Bug fix
Case ID: DFR-439
Description: Fixing login link in Email Notification for users with SSO integration.
Known limitations: N/A
Affected Components EMAIL NOTIFICATIONS

Deployment September 5, 2019

Compliance Result Page - Add entity view type - 09:20 UTC

Type: Improvement
Description: Adding to the compliance result page an ability to view the result in entity breakdown.  
Known limitations: N/A
Affected ComponentsUI

Deployment September 4, 2019

Compliance Content - Adding VMID to Azure Virtual Machine - 13:40 UTC

Type: Improvement
Description: Adding a new 'VMID' field to the Azure virtual machine asset.  
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE

Deployment September 3, 2019

Compliance Ruleset - JSON editor - 12:50 UTC

Type: Improvement
Description: Some UI and UX improvements.
Known limitations: N/A
Affected ComponentsUI

Email notifications - accounts filter hidden - 12:50 UTC

Type: Bug fix
Case ID: DFT-589
Description: Fix accounts filter that was hidden in email notifications configuration.
Known limitations: N/A
Affected ComponentsUI

Deployment September 2, 2019

Compliance Integration - Stockholm region at Security Hub - 15:15 UTC

Type: Improvement
Description: Added support in Stockholm region at SecurityHub integration.
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATIONS UI

Compliance Integration - SNS large finding omission - 15:15 UTC

Type: Improvement
Description: Omit finding model in order to support AWS 256kb limitation. The omit will take an action by the 3rd level of the finding model.
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATIONS

Minor bug fix for usage metering - 12:20 UTC

Type: Bug fix
Description: Fixing an issue that caused delays in usage metering statistics.
Known limitations: N/A
Affected ComponentsLOG.IC

Compliance Assessment Run - 08:25 UTC

Type: Improvement
Description: improved system logic for handling large cloud accounts assessment runs.
Known limitations: N/A
Affected ComponentsCOMPLIANCE CORE API

Deployment August 29, 2019

Log.ic improvement - 15:00 UTC

Type: Improvement
Description: On any change to parameters, the start button begins to "shine" to indicate that it needs to be clicked to apply the changes. This animation persists until user clicks the start button.
Known limitations: N/A
Affected ComponentsLOG.IC

Log.ic Bugfixes - 15:00 UTC

Type: Bug Fix
Description: Timestamps in account activity logs are now displayed in local time, to match the filter time. Also fixed a bug where account activity statistics where not affected by the quick filter in some cases.
Known limitations: N/A
Affected ComponentsLOG.IC

Deployment August 28, 2019

Compliance Rulesets Update - Bug fix - 15:55 UTC

Type: Bug Fix
Case ID: DFT-570, DFT-574
Description: Bug fixes on GSL logic to resolve false positives. Click here for details.
Known limitations: N/A
Affected ComponentsCOMPLIANCE RULESETS

Compliance Content - Bug fix - 15:55 UTC

Type: Bug fix
Case ID: DFT-580
Description: We fixed a bug on Policy assignment - deleted resource groups that were attached to the policy assignment caused to have null value that caused to assessments to fail.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE

Compliance Content - Bug fix - 15:55 UTC

Type: Bug fix
Case ID: DFT-582
Description: Credentials report fix password last used we’re showing incorrect values on the IAM reports.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE IAM REPORT

Compliance Core - Add metrics - 13:00 UTC

Type: Improvement
Description: Add metrics to measure system behavior. 
Known limitations: N/A
Affected ComponentsCOMPLIANCE CORE

Log.ic Alerts Page - Inspect in Log.ic fix - 12:00 UTC

Type: Bug Fix
Description: Button redirect to Flow Logs instead of Cloudtrail fix. 
Known limitations: N/A
Affected ComponentsLOG.IC ALERTS

Log.ic Onboarding - performance improvements - 12:00 UTC

Type: Improvement 
DescriptionMinor changes to improve Onboarding process performance.
Known limitations: N/A
Affected ComponentsLOG.IC ONBOARDING

Clarity-D3 Performance improvement and supporting Shared Vpc - 08:00 UTC

Type: Improvement 
Description: Supports Shared Vpc and reduce the requests to DB
Known limitations: N/A
Affected ComponentsCLARITY-D3  

Deployment August 27, 2019

Compliance assessments request handling improvement - 09:00 UTC

Type: Improvement
Description: Architectural change in Compliance engine in order to support large scale.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE CONTINUOUS COMPLIANCE MANUAL ASSESSMENTS

Deployment August 26, 2019

Log.ic Alerts minor improvement - 14:12 UTC

Type: Improvement
Description: Reduce alert duplication.
Known limitations: N/A
Affected ComponentsLOG.IC ALERTS

Deployment August 25, 2019

Compliance Integration - SecurityHub and HTTP Endpoint Improvements - 12:20 UTC

Type: Improvement
Description: Upgrading the availability of HTTP Endpoint and fixing SecurityHub finding structure according to AWS official documentation.
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATION

Deployment August 22, 2019

Add "Sync Now" support for Azure Resource Groups - 12:18 UTC

Type: Improvement
Description: Now Azure Resource Group Fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected ComponentsCOMPLAINCE ENGINE

Add tags for ACM Certificates and API Gateway entities - 13:43 UTC

Type: Improvement
Description: Added tags for ACM Certificates and API Gateway entities in the Compliance Engine.
Known limitations: N/A
Affected ComponentsCOMPLAINCE ENGINE

Deployment August 20, 2019

Compliance Rulesets update - 13:39 UTC

Type: Improvement
Description: New Azure CIS Foundations v.1.1.0  ruleset. In addition we’ve added  35 new rules for Azure and made several changes and fixes to existing rules. Click here for details.
Known limitations: N/A
Affected ComponentsCOMPLIANCE RULESETS

Deployment August 19, 2019

Log.ic bug fixes

Type: Bug fix
Description: Fix Cloudtrail statistics and quick filters, added a sticky header to logs table and GSL consistency.
Known limitations: N/A
Affected Components LOG.IC

Deployment August 18, 2019

Added API for Log.ic on-boarding

Type: New feature
Description: Added API for Log.ic on-boarding.
Affected Components LOG.IC

Deployment August 15, 2019

Added AWS Guard Duty support for Stockholm Region - 13:07 UTC

Type: Improvement
Description: Added support for the Stockholm region when fetching AWS Guard Duty metadata and it is usable in Protected Assets page and Compliance.
Affected ComponentsCOMPLIANCE ENGINE PROTECTED ASSETS

Added support for GCP Cloud SQL in Protected Assets and Compliance - 12:00 UTC

Type: Improvement
Description: Now GCP Cloud SQL entities are fetched and can be seen in compliance engine and in protected assets page.
Affected ComponentsCOMPLIANCE ENGINE PROTECTED ASSETS

Deployment August 14, 2019

Compliance Assessment History to CSV - 15:50 UTC

Type: Bug fix
Case ID: DFT-546
Description: 'Organizational Unit Path' was returned as N/A.
Affected ComponentsCOMPLIANCE ENGINE API 

Cloud Account Page - Add mark for credential issue - 15:45 UTC

Type: Improvement
Description: In case of missing critical permission for cloud account credential it will mark as 'invalid credential'.
Affected ComponentsUI 

Compliance Remediation - Add GCP bots to the predefined list - 15:45 UTC

Type: Improvement
Description: GCP bots were added to the dropdown list.
Affected ComponentsCOMPLIANCE REMEDIATION 

Deployment August 13, 2019

Compliance Remediation - Allow empty bot parameters - 11:40 UTC

Type: Improvement
Description: Allow to add a bot with empty parameters.
Affected ComponentsCOMPLIANCE REMEDIATION 

Add Sync Now Support for Azure Virtual Machines - 11:30 UTC

Type: Improvement
Description: Moved Azure Virtual Machine fetching to a new infrastructure which adds support for "Sync Now" functionality.
Affected ComponentsDATA FETCHING 

Deployment August 12, 2019

HTTP Trigger integration new rate control mechanism - 12:50 UTC

Type: Improvement
Description: The new control will support request in minimum rate of 10 requests per second, it will prevent the integration from being throttled by the destination.
Known limitations: Up to 10 requests per second.
Affected ComponentsCOMPLIANCE INTEGRATION COMPLIANCE INTEGRATION HTTP ENDPOINT

Deployment August 11, 2019

Fixing Typo in IpAddressMetadata Api - 13:30 UTC

Type: Bug fix
Case ID: DFT-72
Description: Fixing typo in IpAddressMetadata classification field.
Known limitations: N/A
Affected ComponentsNETWORK SECURITY 

Fixing Typo in error message - 13:30 UTC

Type: Bug fix
Case ID: DFT-450
Description: Fixing typo in Security managment API.
Known limitations: N/A
Affected ComponentsNETWORK SECURITY 

API Key Audits Improvements - 13:30 UTC

Type: Improvement
Description: Improving audits for API-KEY management.
Known limitations: N/A
Affected ComponentsUSER MANAGEMENT 

Deployment August 8, 2019

AWS On-boarding Validation changes - 13:00 UTC

Type: Improvement
Description: Updated AWS on boarding process credentials validation which also affects data fetching infrastructure.
Known limitations: N/A
Affected ComponentsONBOARDING 

Deployment August 7, 2019

Azure Key Vault Fetching performance improvements - 11:00 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AWS  

Minor UI enhancements - 08:40 UTC

Type: Improvement
Description: Minor UI enhancements in the top menu, the alerts page, and the Aws lambda protected asset page.
Known limitations: N/A
Affected Components ALERTS PAGEPROTECTED ASSETSTOP MENU

Adding a new API for updating a Dome9 user role - 08:30 UTC

Type: Improvement
Description: Added a new API for user role that accepts an external cloud account id.
Known limitations: N/A
Affected Components USER MANAGEMENT

Deployment August 6, 2019

Fix in compliance integrations for fixing latency issue - 15:50 UTC

Type: Bug fix
Description: Added new handling mechanism to fix latency issue.
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATION  COMPLIANCE NOTIFICATIONS

Added Toggle Filters in Log.ic - 9:00 UTC

Type: Improvement
Description: New type of filters is now available in addition to the GSL filter - Toggle Filters.
This allows easy filtering of data. Auto-filter is also provided and is automatically applied in case of too many results.
Known limitations: N/A
Affected ComponentsLOG.IC  

Deployment August 5, 2019

Compliance Integration HTTP endpoint bug fixes - 15:55 UTC

Type: Bug fix
Case ID: DOME-12252
Description: The finding's status and severity were sent by enum type, the fix will send it as a readable string.
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATION  

Clarity-d3 bug fix - 16:00 UTC

Type: Bug fix
Case ID: DOME-12236
Description: Verify Aws vpcs is uniq
Known limitations: N/A
Affected ComponentsCLARITY-D3  

Azure Policy Assignments minor optimizations - 15:40 UTC

Type: Improvement
Description: Minor optimizations for Azure Policy Assignments.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE 

AWS Application load balancer minor optimizations - 15:40 UTC

Type: Improvement
Description: Minor optimizations for AWS ALB.
Known limitations: N/A
Affected ComponentsPROTECTED ASSETS 

Deployment August 4, 2019

Optimization in Compliance Engine - 15:50 UTC

Type: Improvement
Description: Fine tune some parameters in order to optimize the engine run for some edge cases.
Known limitations: N/A
Affected ComponentsCOMPLIANCE CORE  COMPLIANCE ENGINE

Deployment August 1, 2019

Log.ic -  - 13:40 UTC

Type: Improvement
Description
Known limitations: N/A
Affected ComponentsCLARITY-D3

Clarity-D3 - Some UI improvements - 13:40 UTC

Type: Improvement
Description: Show graph title, Aws vpc peering toggle, add icon to internet nodes on graph and show two vpcs when link is chosen
Known limitations: N/A
Affected ComponentsCLARITY-D3

Remediation - Add new Azure bot to the predefined list - 12:15 UTC

Type: Improvement
Description: The new bot 'modify_network_security_group_scope_by_port'  change network security group scope by a given port.
Known limitations: N/A
Affected ComponentsCOMPLIANCE REMEDIATION

Remediation - Some UI improvements - 12:15 UTC

Type: Improvement
Description: Minor changes in UI components.
Known limitations: N/A
Affected ComponentsCOMPLIANCE REMEDIATION

Filter Panel - Limit the selected item to 100 selection per panel  - 12:15 UTC

Type: Improvement
Description: The limitation made in order to protect the pages from exceeding the browser limitation.
Known limitations: N/A
Affected ComponentsUI COMPONENT

Ruleset - add actions button - 12:15 UTC

Type: Improvement
Description: Add button with actions such as: Exclusion, Remediation or Policy to the main Rulesets page and Ruleset page. 
Known limitations: N/A
Affected ComponentsCOMPLIANCE RULESETS

Deployment July 31, 2019

Alerts page - UI enhancements - 15:25 UTC

Type: Improvement
Description: Minor changes in UI components.
Known limitations: N/A
Affected ComponentsALERTS PAGE

Protected Assets page - Adding new column for Private IP  - 15:25 UTC

Type: Improvement
Description: Displaying Private IP in the index page.
Known limitations: N/A
Affected ComponentsPROTECTED ASSETS

Improving Clarity-D3  - 10:54 UTC

Type: Improvement
Description: Add page title view for SG and Asset, add icons toggle and vpc peering
Known limitations: N/A
Affected ComponentsCLARITY

Improving Users and Roles export to CSV Function  - 10:40 UTC

Type: Improvement
Description: Export to CSV enhancement (renaming and adding new columns)
Known limitations: N/A
Affected ComponentsUSER MANAGEMENT  


Deployment July 30, 2019

Minor optimization in Compliance Engine Core  - 16:30 UTC

Type: Improvement
Description: Fine tune some parameters in order to optimize the engine run for some edge cases.
Known limitations: N/A
Affected ComponentsCOMPLIANCE CORE  

AWS Lambda Function Fetching performance improvements - 12:30 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AWS  

Compliance Scheduled Report Adding CSV Zipped type - 09:30 UTC

Type: Improvement
Description: Adding the ability to set a CSV report zipped in order to have more data in the 10Mb email limitation, if it will be more then 10Mb the system will optimize the CSV to be up to 10Mb.
Known limitations: N/A
Affected ComponentsCOMPLIANCE REPORT  

Tune and improve Compliance Integrations invalid endpoints mechanism - 09:30 UTC

Type: Improvement
Description: Tune and improve the new mechanism.
Known limitationsN/A
Affected ComponentsCONTINUOUS COMPLIANCE INTEGRATIONS  

Deployment July 29, 2019

Ruleset Page add Policy button - 16:00 UTC

Type: Improvement
Description: Adding add Policy button to Ruleset detail page.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE  

Fix attach Security Group to Instance on AWS Instance Details Page - 16:00 UTC

Type: Bug fix
Case ID: DOME-12061
Description: When attach Security Group to Instance the loading animation was stack, the action was not affected.
Known limitations: N/A
Affected ComponentsPROTECTED ASSETS  

Edit Remediation UI fixes - 16:00 UTC

Type: Bug fix
Case IDs: DOME-12205 and DOME-12189
Description: Fix some edge cases for remediation modal opener from some pages, GCP cloud account link was not generated well.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE  

Users and Roles new pages - 13:40 UTC

Type: Improvement
Description: Improved the users and roles pages look and feel, Added filtering capabilities, export to CSV, revoke API keys and reset passwords for other users.
Known limitations: N/A
Affected ComponentsUSER MANAGEMENT  

PREVIEW

External Findings Integration - 10:30 UTC

Type: New Feature
Description: First phase of integration, adding external findings to compliance entities.
Known limitations: N/A
Affected ComponentsCONTINUOUS CCOMPLIANCE INTEGRATIONS ENGINE COMPLIANCE INTEGRATIONS ALERTS PAGE COMPLIANCE ENGINE MANUAL ASSESSMENT API

Edit Remediation fix - 10:30 UTC

Type: Bug fix
Case ID: DOME-12198
Description: Remediation edit had an issue when modifying existing remediation.
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATIONS ENGINE  

Deployment July 24, 2019

Compliance Integrations invalid endpoints mechanism - 13:20 UTC

Type: Improvement
Description: Adding a new mechanism to prevent sending notifications of un-associated integrations by the system.
Known limitationsN/A
Affected ComponentsCONTINUOUS COMPLIANCE INTEGRATIONS  

Azure Redis performance improvements - 12:00 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AZURE  

Continuous Compliance Integration findings model - 09:40 UTC

Type: Improvement
Description: Adding new property to finding model 'remediationActions'.
Known limitationsWill be populated after Remediation feature will be released
Affected ComponentsCONTINUOUS COMPLIANCE  

Deployment July 23, 2019

Enhanced UI customizations for MSP - 09:10 UTC

Type: Improvement
Case ID: DFR-537
Description: Gives two new functionalities for MSP accounts to customize the UI.
Known limitationsN/A
Affected ComponentsMSP UI  

Enhance Exclusions page loading - 09:10 UTC

Type: Improvement
Description: The page loading will use lazy load in order to improve the page loading time.
Known limitationsN/A
Affected ComponentsCOMPLIANCE EXCLUSIONS  

Deployment July 22, 2019

Azure SQL performance improvements - 14:30 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AZURE  

Fixing agent security group rule adding - 13:28 UTC

Type: Bug Fix
Case ID: DFT-554
Description: The '+' (plus) button was sometimes missing when trying to add a rule to an agent security group. The issue was fixed.
Known limitationsN/A
Affected ComponentsNETWORK SECURITY SERVICE - ACCESS LEASE  

Azure SQL Server performance improvements - 13:00 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AZURE  

Aws Sage Maker performance improvements - 12:00 UTC

Type: Improvement
DescriptionAdded more minor improvements, in order to improve the auto scaling and performance.
Known limitationsN/A
Affected Components DATA FETCHERS AWS 

Add support in PublicIpAddress in builder for Clarity-D3 Azure Asset view - 11:19 UTC

Type: Improvement
Description: Add support for azure PublicIpAddress, fix bug in Clarity-D3 GetVnetsAsync and fix duplicate Azure Enums 
Known limitationsN/A
Affected ComponentsCLARITY

Azure Redis cache performance improvements - 08:00 UTC

Type: Improvement
Description: Minor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AZURE  

Deployment July 21, 2019

Compliance Rulesets update - 09:30 UTC

Type: Improvement
DescriptionSample Ruleset renamed to CheckUp and multiple rules were added and changed, 6 new rules added across multiple bundles, more information here.
Known limitationsN/A
Affected ComponentsCOMPLIANCE RULESETS  

Preview

Azure Policy Assignment - 13:00 UTC

Type: New Feature
Description: Added Azure policy assignment entity support.  
Known limitationsN/A
Affected ComponentsDATA FETCHERS AZURE  

Deployment July 18, 2019

Assume role fix for MSP accounts - 07:00 UTC

Type: Bug Fix
Case ID: DFT-552
DescriptionFixed session timeout for assume role connections on MSP trusted accounts.
Known limitationsN/A
Affected ComponentsMSP FEDERATION   

Compliance engine improved error handling - 08:30 UTC

Type: Improvement
Description: Improved error handling that prevented running assessments for specific entities.
Known limitationsN/A
Affected ComponentsCOMPLIANCE ENGINE CONTINUOUS COMPLIANCE

Compliance Integrations SecurityHub - 11:40 UTC

Type: Bug Fix
Case ID: DFT-541
Description: Change the severity mapping between Compliance Finding and SecurityHub model and adding remediation information.
Known limitationsN/A
Affected Components CONTINUOUS COMPLIANCE

Fix test for HTTP endpoint integration - 12:40 UTC

Type: Bug Fix
Case ID: DOME-12140
Description: Add support for endpoint with application/json content type.
Known limitationsN/A
Affected Components COMPLIANCE INTEGRATIONS

Fix force delete for Cloud Account deletion action - 12:40 UTC

Type: Bug Fix
Case ID: DOME-12139
Description: Fixes in the clean up mechanism when removing cloud account.
Known limitationsN/A
Affected Components CLOUD ACCOUNT MANAGEMENT

Deployment July 16, 2019

Enhancing compliance engine mechanism - 15:40 UTC

Type: Improvement
DescriptionAdded more minor improvements, in order to improve the auto scaling and performance.
Known limitationsN/A
Affected ComponentsCONTINUOUS COMPLIANCE COMPLIANCE ENGINE 

Deployment July 15, 2019

Azure Redis cache performance improvements - 13:15 UTC

Type: Improvement
DescriptionMinor changes to improve scaling performance.
Known limitationsN/A
Affected ComponentsDATA FETCHERS AZURE  

Deployment July 14, 2019

Enhancing compliance engine mechanism - 11:50 UTC

Type: Improvement
DescriptionRedesigned the compliance engine, in order to improve its auto scaling and  performance.
Known limitationsN/A
Affected ComponentsCONTINUOUS COMPLIANCE COMPLIANCE ENGINE 

Deployment July 11, 2019

Type: Bug fix
DescriptionReplaced some of our documentation links that were redirected to the old documentation system.
Known limitationsN/A
Affected ComponentsDOME9 DOCUMENTATION  

Compliance playground toggle change  - 12:15 UTC

Type: Improvement
Description: Changed the rule builder free text selector to improve usability
Known limitations: N/A
Affected ComponentsCOMPLIANCE PLAYGROUND UI

Policies page empty policies view fix - 12:15 UTC

Type: Bug fix
Description: Empty page view when navigating with filters fix.
Known limitations: N/A
Affected ComponentsCOMPLIANCE POLICIES PAGE 

Fixing links to entities from open findings - 12:15 UTC

Type: Bug fix
Description: Fixed open findings links for S3Buckets, they were not redirecting to protected assets page.
Known limitations: N/A
Affected ComponentsPROTECTED ASSETS FINDINGS PAGE

Dynamic Access terminate leases fix - 12:15 UTC

Type: Bug fix
Description: On Active leases when selecting the leases to terminate the window was not centered.
Known limitations: N/A
Affected ComponentsNETWORK SECURITY SERVICE - ACCESS LEASE 

Continuous Compliance Report - large CSV report fix - 13:05 UTC

Type: Bug fix
Description: We fixed an issue that affected large CSV reports, the issue prevented the emails to be send to the customers.
Known limitations: N/A
Affected ComponentsCOMPLIANCE REPORTS 


Deployment July 10, 2019

New IAM Safety pages and features - 11:10 UTC

Type: New Feature
DescriptionChanged the performance and look and feel for IAM Safety "Accounts and IAM Users" and "my IAM Safety settings".
Added Many IAM entities to Many Dome9 users, meaning single dome9 user or more can enable many IAM entities.
Known limitationsApple and Android Mobile app does not support those features yet.
Affected ComponentsDOME9 IAM SAFETY DOME9 IAM SAFETY CONFIGURATION 

Users page - adding action and new information - 11:10 UTC

Type: New Feature
Description: Added invite user action, Added mobile information for each user.
Known limitations: N/A
Affected ComponentsUSER MANAGEMENT

Single Sign On Failure page - Added more information - 12:10 UTC

Type: Improvement
Description: Added additional information to assist troubleshoot failures.
Known limitations: N/A
Affected ComponentsDOME9 SSO LOGIN DOME9 USER LOGIN

Deployment July 9, 2019

Added Single Sign On failure page - 08:45 UTC

Type: Improvement
Description: Added a new page for showing single sign on login failures for debugging purposes.
Known limitations: N/A
Affected Components: DOME9 SSO LOGIN DOME9 USER LOGIN

Deployment  July 4, 2019

My Settings

  • V2 API
    • Added the ability to provide a name to the API key.

Compliance and governance

  • Compliance Playground
    • Improved the page layout
Deployment  July 3, 2019

BUG FIXES

  • Compliance Dashboard
    • Fixed exception that prevented the page to load.
  • Azure Onboarding
    • Added default value for onboarding Azure using API.
Deployment  July 1, 2019

Cloud Inventory

  • Cloud Account page
    • Remove cloud account will support remove of attached compliance policies.

Compliance and governance

  • Compliance Dashboard
    • Added statistics information to the assessments results.
  • Compliance Notifications
    • Immediate notifications - Added send notifications to HTTP endpoint.

BUG FIXES

  • DFT-473 - Fixed force remove of cloud account.
Deployment June 27, 2019

Cross system

  • Azure
    • Added Azure Gov support

BUG FIXES

  • DFT-420 - Fixed Platform shows Linux instead of Windows instances
Deployment June 26, 2019

Compliance and governance:

  • Compliance Engine:
    • AWS Network interface - added MAC address and Elastic IP information.

Cloud Inventory

  • Protected assets page
    • AWS Network interface - added MAC address and Elastic IP information.
Deployment June 20, 2019

PREVIEW

Compliance and governance:

  • Compliance Engine:
    • Added Azure NetworkWatcher entity support.
Deployment June 19, 2019

Rule set change

Compliance and governance:

  • CIS AWS Benchmarks 1.2.0 support added
  • 8 new rules added across multiple bundles. Click here for details

BUG FIXES

  • DFT-530 - D9.AZU.NET.09 Ensure that 'Public access level' is set to Private for blob containers - GSL syntax updates
  • DFT-397 - D9.AZU.CRY.10 Ensure that storage account access keys are periodically regenerated - remediation updates
  • DFT-529 - D9.AWS.NET.43 - Ensure that AWS Elastic Load Balancers (ELB) have no inbound rules in their security groups - name update
Deployment June 18, 2019

Compliance and governance:

  • Compliance Engine:
    • Optimized AWS information retrieval service for:
      • SNS Subscription.
      • Log Group.
      • Metric Alarms.
Deployment June 12, 2019

Compliance and governance:

  • Compliance engine:
    • Added special characters support.
    • Optimized AWS information retrieval service for:
      • VPC Peering connection.

BUG FIXES

DFT-428 - Not able to add exclusion due to special characters.

Deployment June 10, 2019

Compliance and governance:

  • Compliance engine:
    • Optimized AWS IAM Policy entity.


BUG FIXES

DFT-527 - IP Lists - Fixed issue with adding IP's.
DFT-513 - Homepage - Filtering to protected assets fix.

Deployment June 4, 2019

Rule set change

Compliance and governance:

  • 34 new rules added across multiple bundles. Click here for details
Deployment June 2, 2019

PREVIEW

Compliance and governance:

  • Compliance engine:
    • Added Azure Container Registry entity support.
    • Added Azure CosmosDBAccount entity support.
Deployment May 23, 2019

Rule set change

Compliance and governance:

  • Compliance Content Updates:
    • 76 new rules added across multiple bundles. Click here for details

PREVIEW

Compliance and governance:

  • Compliance engine:
    • Added AWS SageMaker entity support.

BUG FIXES

DFT-497 - Remediation URL fixes for Azure Port Based Rules
DFT-436 - Key Vault Rules logic (GSL) updates for rules: D9.AZU.CRY.12 and  D9.AZU.CRY.13
DFT-500 - Remove extra brackets for D9.AWS.MON.03 (Ensure a log metric filter and alarm exist for usage of 'root' account)
DFT-435 - D9.GCP.CRY.02 doesn't work for Windows Instances
DFT-498 - D9.AWS.IAM.45 GSL Logic updated to reduce false positives

Deployment May 16, 2019

Compliance and governance:

  • Compliance Engine:
    • Optimized AWS information retrieval service for:
      • VPC Flow logs.
      • Internet Gateway.
      • VPN Gateway.
      • Subnet.
      • IAM Account Summary.
Deployment May 5, 2019

 Cross system

  • Organizational units
    • Added organizational units support
      For more information click here.

Cloud Inventory

  • Protected assets page
    • Enhanced performance.
    • New UI design.
    • Additional entity types support
    • Added export to CSV report

Network Security

  • Security group page
    • Enhanced performance.
    • New UI design.

Compliance and governance:

  • Compliance Dashboard:
    • Enhanced performance.
    • New UI design.


BUG FIXES

DFT-364 - Fixed view SSO settings for Auditors.

Deployment May 2, 2019

PREVIEW

Compliance and governance:

  • Compliance engine:
    • Added Azure Postgre SQL entity support.

BUG FIXES

DOME-11383 - AWS Onboarding - Fixed External ID generator.
DOME-11372 - GCP Organisations Onboarding fix.
DFT-496 - Security groups - Clone security group fix.

Deployment May 1, 2019

Rule set change

Compliance and governance:

  • Compliance Content Updates:
    • GCP CIS Benchmarks Bundle Updates - added 21 new GCP rules to the Ruleset. For more details click here

Across system

  • AWS
    • Added AWS China support

Compliance and governance:

  • Compliance engine:
    • Added AWS S3Bucket Life Cycle information.


BUG FIXES

DFT-491 - Assessment API usage- improved errors handling.
DFT-474 - Fixed Linux Agent Install script.

Deployment April 30, 2019

Compliance and governance:

  • Compliance engine:
    • Added GCP VM instance OS information.
Deployment April 23, 2019

Administration:

  • Users Page:
    • Added Last login details and sort by.
Deployment April 15, 2019

Cloud Inventory:

  • Cloud Account Page:
    • Drastically improved page performance.

BUG FIXES

DOME-11097 - Assessment history - results page filters fix.

Deployment April 9, 2019

BUG FIXES

DFT-468 - Policies page - Attach policies - improved performance.
DOME-11146 - Clarity - GCP graph fixes.

Deployment April 3, 2019

PREVIEW

Compliance and governance:

  • Compliance engine:
    • Added GCP Big Query entity.
Deployment April 1, 2019

Compliance and governance:

  • Renamed compliance categories:
    • Bundles changed to Rulesets
    • Continuous compliance changed to Policies
Deployment March 28, 2019

Cloud accounts:

  • Added cloud account selection for permissions validation.
Deployment March 26, 2019

BUG FIXES

DFT-464 - Security hub support on Oregon region fix.
DFT-429 - Excluded entities does not represented correctly on homepage.

Deployment March 24, 2019

Compliance and governance:

  • Compliance entities:
    • Added VPC Peering property for Aws VPC entity.
Deployment March 19, 2019

Cloud accounts:

  • Added support for GCP Zurich region 

BUG FIXES

DFT-348 - Security groups not being pulled into an onboarded Dome9 account

Deployment March 17, 2019

PREVIEW

Compliance and governance:

  • Compliance engine:
    • Added GCP GKE entity.

Compliance and governance:

  • Compliance engine:
    • Improved the security groups open for all exposure logic
      to increase findings accuracy restrictiveness.
Deployment March 14, 2019

Compliance and governance:

  • Compliance entities:
    • Added IPV6 rules support for Aws Security group.

BUG FIXES

DFT-316 - Compliance NACL fix for Destination ports.


Deployment March 7, 2019

Rule set change

Compliance Updates:

New Bundles:

  • GCP Dome9 SOC2 based on AICPA TSC 2017
  • Azure Dome9 SOC2 based on AICPA TSC 2017
  • AWS Dome9 SOC2 based on AICPA TSC 2017
  • Azure HIPAA

New Rules:

  • D9.AZU.CRY.01 - Ensure that KeyVault is in use
  • D9.AZU.CRY.02 - Ensure that logging for Azure KeyVault is 'Enabled'
  • D9.AZU.CRY.03 - Ensure that the expiry date is set on all SQL Database keys
  • D9.AZU.CRY.04 - Ensure that the expiry date is set on all SQL Server keys
  • D9.AZU.CRY.05 - Ensure that the Redis Cache accepts only SSL connections
  • D9.AZU.CRY.06 - Ensure that 'Secure transfer required' is enabled for Storage Accounts
  • D9.AZU.CRY.07 - Ensure that 'Storage service encryption' is enabled for the Blob Service
  • D9.AZU.CRY.08 - Ensure that 'Storage service encryption' is enabled for the File Service
  • D9.AZU.CRY.10 - Ensure that storage account access keys are periodically regenerated
  • D9.AZU.CRY.11 - Ensure that 'Data encryption' is set to 'On' for Azure SQL Database
  • D9.AZU.CRY.12 - Ensure that the expiry date is set on all keys
  • D9.AZU.CRY.13 - Ensure that the expiry date is set on all secrets
  • D9.AZU.IAM.03 - Ensure that Azure SQL Server Admin is configured with AD Authentication
  • D9.AZU.MON.02 - Ensure that 'Auditing' is enabled for Azure SQL Database
  • D9.AZU.MON.03 - Ensure that 'Threat Detection' is enabled for Azure SQL Database
  • D9.AZU.MON.05 - Ensure that 'Send alerts to' is enabled for Azure SQL Database
  • D9.AZU.MON.06 - Ensure that 'Email service and co-administrators' is 'Enabled' for Azure SQL Database
  • D9.AZU.NET.01 - Ensure that SQL server access is restricted from the internet
  • D9.AZU.NET.02 - Ensure entire Azure infrastructure doesn't have access to Azure SQL Server
  • D9.AZU.NET.03 - Restrict Azure SQL Server accessibility to a minimal address range
  • D9.AZU.NET.06 - Remove unused Network Security Groups
  • D9.AZU.NET.07 - Ensure that at least one Network Security Group is attached to all VMs and subnets that are public
  • D9.AZU.CRY.02 - Ensure that logging for Azure KeyVault is 'Enabled'
  • D9.AZU.CRY.07 - Ensure that 'Storage service encryption' is enabled for the Blob Service
  • D9.AZU.CRY.08 - Ensure that 'Storage service encryption' is enabled for the File Service
  • D9.AZU.CRY.12 - Ensure that the expiry date is set on all keys
  • D9.AZU.CRY.13 - Ensure that the expiry date is set on all secrets
  • D9.AZU.CRY.07 - Ensure that 'Storage service encryption' is enabled for the Blob Service
  • D9.AZU.CRY.08 - Ensure that 'Storage service encryption' is enabled for the File Service
  • D9.AZU.CRY.12 - Ensure that the expiry date is set on all keys
  • D9.AZU.CRY.13 - Ensure that the expiry date is set on all secrets
  • D9.AZU.CRY.02 - Ensure that logging for Azure KeyVault is 'Enabled'
  • D9.AZU.CRY.07 - Ensure that 'Storage service encryption' is enabled for the Blob Service
  • D9.AZU.CRY.08 - Ensure that 'Storage service encryption' is enabled for the File Service
  • D9.AZU.CRY.12 - Ensure that the expiry date is set on all keys
  • D9.AZU.CRY.13 - Ensure that the expiry date is set on all secrets
  • D9.AZU.CRY.07 - Ensure that 'Storage service encryption' is enabled for the Blob Service
  • D9.AZU.CRY.08 - Ensure that 'Storage service encryption' is enabled for the File Service
  • D9.AWS.CRY.20 - AWS Kinesis Streams Keys are rotated
  • D9.AWS.CRY.21 - AWS Kinesis streams are encrypted with KMS customer master keys
  • D9.AWS.CRY.22 - Ensure that your Amazon EFS file systems are encrypted
  • D9.AWS.CRY.23 - Ensure that your Amazon EFS file systems are encrypted using KMS CMK customer-managed keys
  • D9.AWS.CRY.24 - AWS Kinesis Server data at rest has server side encryption (SSE)
  • D9.AWS.IAM.45 - Ensure that your Amazon Lambda functions do not share the same AWS IAM execution role
  • D9.AWS.IAM.49 - ECS Service with Admin Roles
  • D9.AWS.IAM.46 - Lambda Functions with Admin Privileges are not created
  • D9.AWS.CRY.25.PCI - Ensure ElastiCache for Memcached is not in use in AWS PCI DSS environments
  • D9.AWS.CRY.26.PCI - Ensure that ElastiCache for Redis version is compliant with AWS PCI DSS requirements

March 7, 2019 Rules Changes

Compliance and governance:

  • Compliance Dashboard:
    • New Export and refresh buttons.
    • Additional export options.


Deployment March 3 2019

Compliance and governance:

  • Compliance entities:
    • Added Route tables properties support for several entities.
      • Aws Instance.
      • Aws Lambda.
      • Aws RDS.
      • Aws VPC.
      • Aws RedShift.

Examples:

  • VPC where accountNumber not in (‘1234…’, …) should not have internetGateways
  • VPC where accountNumber not in (‘1234…’, …) should not have routeTables contain [ routes contain [ natGatewayId ] ]


Deployment February 27, 2019

Compliance and governance:

  • Notifications:
    • Added PagerDuty to Issue management systems Integration.
      Configuration instructions here.


Deployment February 18, 2019

Compliance and governance:

  • Compliance entities:
    • Aws Lambda - Added Resource policy property.
    • Azure Storage Account - Added Kind property.


Deployment February 17, 2019

Compliance and governance:

  • Compliance entities:
    • New optimized JSON viewer with search capabilities.
      Available on Playground, reports, rule builder.
  • Continuous compliance:
    • Added improved continuous compliance wizard
  • Notifications:
    • Separated the notifications from the compliance policies

User menu:

  • Added create support ticket option.
    As part of the integration we moved to a unified CheckPoint support system.
    New support tickets will be handled on CheckPoint BEYOND support system.
    Existing tickets will be handled on the previous (HelpCenter) system and the ticket history can be accessed.


Deployment February 14, 2019

Cloud inventory - Add GCP cloud account:

  • Redesigned the onboarding structure.
  • Added Gsuite onboarding steps.

Compliance dashboard:

  • Added improved explanation for the export to CSV option..

BUG FIXES

DFT-434 - Detaching policy in continuous compliance.


Deployment January 29, 2019

Administration - Account settings:

  • Redesigned the page
  • Added global emails settings

My settings - Email notifications:

  • Added under cloud inventory an Invalid AWS and Azure credentials notifications option.

BUG FIXES

DFT-350 - Invalid credentials emails being sent even if all options are disabled.
DFT-276 - Option to disable emails being sent to newly created users


Deployment January 14, 2019

PREVIEW

Compliance and governance:

  • Compliance engine:
    • AWS API Gateway entity.

Compliance and governance:

Cross system:

  • Optimized side filter panels

BUG FIXES

DFT-406 - Fixed KeyVault diagnosticSettings object handling.


Deployment January 10, 2019

Cross system:

  • Added support for AWS region Stockholm(eu-north-1)

BUG FIXES

DFT-414 - Exclusions not appearing due to deleted rule.
DFT-383 - Improved big compliance assessment runs handling





Settings