2020 Releases

Deployment Dec 31,2020

AWS Custom Domain Name - 16:00 UTC

Type: New entity
Description:  Added support for AWS Custom Domain Name in the compliance engine
Known limitations: N\A
Affected Components    DATA FETCHERS AWS COMPLIANCE ENGINE

AWS NACL - IPV6 Support - 16:00 UTC

Type: Improvement
Case ID: DFR-1356
Description:  Add IPV6 support in AWS NACL Compliance model and API.
Known limitations: N\A
Affected Components    API COMPLIANCE ENGINE

Deployment Dec 30,2020

Compliance API - 14:00 UTC

Type: Improvement
Description:  New API for future features.
Known limitations: N\A
Affected Components    API

Deployment Dec 28,2020

Azure Service Bus - 18:30 UTC

Type: New Entity
Case ID: DFR-684
Description: Added support for Azure Service Bus in the compliance engine
Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Intelligence - Usage calculation improvements - 12:30 UTC

Type: Improvement
Description: Improving usage calculations model.
Known limitations: N\A
Affected Components INTELLIGENCE

Workload Protection - New Pages - 9:30 UTC

Type: New feature
Case ID: DFR-1250, 1249, 1247, 1264, 1307, 1308

Description: New pages and UI fixes.
Known limitations: N\A
Affected ComponentsUI KUBERNETES

Kubernetes Runtime Protection - Pop up fix - 9:30 UTC

Type: Bug Fix
Case ID: DFT-1013

Description: minor UI fix.
Known limitations: N\A
Affected ComponentsUI KUBERNETES

Kubernetes Onboarding - Scroll bar fix - 9:30 UTC

Type: Bug Fix
Case ID: DFT-1008

Description: minor UI fix.
Known limitations: N\A
Affected ComponentsUI KUBERNETES

Rulesets - Compliance sections fix - 9:30 UTC

Type: Bug Fix
Case ID: DFT-1023

Description: minor UI fix.
Known limitations: N\A
Affected ComponentsUI RULESETS

Remediation - Cloud bot empty parameter fix - 9:30 UTC

Type: Bug Fix
Case ID: DFT-997

Description: minor UI fix.
Known limitations: N\A
Affected ComponentsUI REMEDIATIONS

Protected Assets - Detailed export fix - 9:30 UTC

Type: Bug Fix
Case ID: DFT-1017

Description: Broken modal fix.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Deployment Dec 23,2020

Compliance Engine - 16:00 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components    COMPLIANCE ENGINE

Deployment Dec 22,2020

Compliance Rulesets Update - 16:15 UTC

Type: Improvement
Description:  New rules were added to AWS CloudGuard Best Practices. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment Dec 21,2020

Compliance Update - 15:45 UTC

Type: Internal Improvement
Description:  Created new Retry with backoff mechanism. 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Compliance Update - 13:45 UTC

Type: Internal Improvement
Description:  Added backend support for new feature. 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Compliance Rulesets Update - 12:45 UTC

Type: Improvement
Description:  New rules were added to Azure rulesets. Additionally, we have made changes to existing AWS rules. a complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment Dec 20,2020

Azure Subnet - 10:45 UTC

Type: Bug Fix
Case ID: DFT-1012
Description: Fix Azure subnet route table mapping in compliance entity
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

Deployment Dec 17,2020

AWS EC2 Instance  - 14:30 UTC

Type: Improvement
Case ID: DFR-1327
Description: Added Public DNS and Private DNS properties in compliance engine for AWS Instance entity
Known limitationsN/A
Affected Components  COMPLIANCE ENGINE 

AWS SSM Document - 14:30 UTC

Type: New Entity
Case ID: DFR-1360
Description: Added support for AWS SSM Document in the compliance engine
GSL Examples:

  • Ensure that Dms Endpoint is utilizing ssl:
    SystemManagerDocument should not have accountSharingInfoList contain [ accountId='all' ]

  • Ensure that the SystemManagerDocument of specific account supports the 'Windows' platform:
    SystemManagerDocument where owner = 989524331127 should have platformTypes contain [ 'Windows']

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

AWS DMS Endpoint - 14:30 UTC

Type: New Entity
Case ID: DFR-1254
Description: Added support for AWS DMS Endpoint in the compliance engine
GSL Examples:

  • Ensure that Dms Endpoint is utilizing ssl:
    DmsEndpoint should not have sslMode='none'

  • Ensure that Dms Endpoint is encrypted using Kms:
    DmsEndpoint should not have kmsKeyId isEmpty()

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Azure Regional WAF - 14:30 UTC

Type: New Entity
Case ID: DFR-1210
Description: Added support for Azure Regional WAF (aka Azure Web Application Firewall) in the compliance engine
GSL Examples:

  • Ensure that ApplicationGateway utilizes WAF with Ruletype set to 'OWASP' and version '3.0':
    ApplicationGateway should have (getResource('RegionalWAF', regionalWAFPolicyId) contain[managedRules.managedRuleSets contain [ ruleSetVersion='3.0'] and managedRules.managedRuleSets contain [ ruleSetType='OWASP' ]]) or (firewall.enabled=true and firewall.ruleSetType='OWASP' and firewall.ruleSetVersion='3.0')

  • Ensure that WAF policy for detection mode is in state enabled:
    RegionalWAF where policySettings.state.mode = 'Detection' should have policySettings.state='Enabled'

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Deployment Dec 15,2020

AWS RDS DBCluster - 14:30 UTC

Type: New Entity
Case ID: DFR-1339
Description: Added support for AWS RDS DBCluster in the compliance engine
GSL Examples:

  • Ensure that all the cluster storages are encrypted:
    RDSDBCluster should haveStorageEncrypted=true

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

AWS Storage Gateway - 14:30 UTC

Type: New Entity
Case ID: DFR-1312
Description: Added support for AWS Storage Gateway in the compliance engine
GSL Examples:

  • Ensure that all the gateways are operational:
    StorageGateway should have gatewayOperationalState='ACTIVE'

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

AWS MSK Cluster - 14:30 UTC

Type: New Entity
Case ID: DFR-1297
Description: Added support for AWS MSK Cluster in the compliance engine
GSL Examples:

  • Ensure that MSK Clustert has data encrypted in Cluster while in Transit:
    MskCluster should have encryptionInfo.encryptionInTransit.inCluster=true

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Engine - 14:00 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components    COMPLIANCE ENGINE

Compliance Notifications - Webhook - Jira Integration - 10:30 UTC

Type: New Feature
Case ID: DFR-445
Description: Fixing unrequired calls from UI.
Known limitations: N\A
Affected ComponentsWEBHOOK NOTIFICATIONS

Environments - Serverless UI calls fix - 10:30 UTC

Type: Bug fix
Description: Fixing unrequired calls from UI.
Known limitations: N\A
Affected ComponentsUI ENVIRONMENTS

Environments - Kubernetes page - 10:30 UTC

Type: Minor fix
Description: Fix expand all behavior.
Known limitations: N\A
Affected ComponentsUI ENVIRONMENTS

Environments - Added Compliance policy tab - 10:30 UTC

Type: Improvement
Case ID: DFR-1187

Description: Added additional information on Environment page..
Known limitations: N\A
Affected ComponentsUI ENVIRONMENTS

AWS Fetching System Improvement - 08:30 UTC

Type: Improvement
Description: Fetch data based on activity. 
Known limitations: Not supported in AWS S3 Bucket.
Affected ComponentsDATA FETCHERS AWS   


AWS Data Fetchers - 08:30 UTC

Type: Improvement
Description:  Infra Improvement for AWS data fetchers: IAM Role, IAM Instance Profile.
Known limitations: N\A
Affected Components   DATA FETCHERS AWS

Deployment Dec 14,2020

Compliance Engine - 15:00 UTC

Type: Improvement
Description:  Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components    COMPLIANCE ENGINE

Compliance Notifications - Azure Security Center - 13:00 UTC

Type: New Feature
Description: Released a new Integration type for Azure Security Center.
Known limitations: NA. 
Affected Components  COMPLIANCE NOTIFICATIONS 

Deployment Dec 10,2020

AWS Data Fetchers - 13:30 UTC

Type: Improvement
Description:  Infra Improvement for AWS data fetchers: S3 Bucket, IAM Role, IAM Instance Profile.
Known limitations: N\A
Affected Components   DATA FETCHERS AWS

Intelligence & Threat Hunting. - Azure NSG Flow Logs - 10:30 UTC

Type: New Feature
Description: Released a new version of Azure NSG Flow Logs with a new onboarding method.
Known limitations: NA. 
Affected Components  INTELLIGENCE & THREAT HUNTING 

Platforms API - 09:00 UTC

Type: Improvement
Description: Added additional regions and zones to GCP.
Known limitations: N/A.
Affected Components  API

Protected Assets - 09:00 UTC

Type: Bug Fix
Case ID:
DFT-999
Description
:  Fixed Billable Asset value for AWS Cloud Formation Stack and Kinesis Firehose entities.
Known limitations: N\A
Affected Components   PROTECTED ASSETS

Azure Virtual Network Gateway - 09:00 UTC

Type: Improvement
Description:  Infra Improvement for Virtual Network Gateway data fetcher.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

Deployment Dec 9,2020

Compliance Engine - 12:40 UTC

Type: Improvement
Description: Update assessment model , Internal model improvement 
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE API

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description:  New rules were added to Terraform AWS CIS Foundations ruleset. Additionally, we have made changes to existing rules and remove one rule. a complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment Dec 8,2020

AWS ECS Task Definition - 14:30 UTC

Type: Improvement
Description:  Infra Improvement
Known limitations: N\A
Affected Components   DATA FETCHERS AWS

AWS Data Fetchers - 13:30 UTC

Type: Improvement
Description:  Infra Improvement for AWS data fetchers: IAM Account Summary, IAM Password Policy, IAM Policy, IAM Role Attached Policies, IAM Role Inline Policies, IAM Role Permissions Boundary, IAM Server Certificate, IAM User, IAM User Attached Policies, IAM User Groups, IAM User Inline Policies, IAM User Permissions Boundary, IAM User Tags, Organization, Virtual MFA Devices.
Known limitations: N\A
Affected Components   DATA FETCHERS AWS

Azure Data Fetchers - 10:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Virtual Network Gateway, Role Definition, Virtual Machine Scale Set.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

Deployment Dec 7,2020

Shift Left environment onboarding - 18:00 UTC

Type: Improvement
Description: Adding Infra structure for Shift left - currently not visible to customers.
Known limitations: N\A
Affected Components   API IAC ASSESSMENT UI

Azure Data Fetchers - 11:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Storage Account, Analysis Service, Application Gateway, Logic App, Api Management, Disk, Application Security Group, Container Registry.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

Compliance Rulesets Update - 10:30 UTC

Type: Improvement
Description:  The first release of AWS CIS Foundations v. 1.3.0 ruleset. A complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment Dec 6,2020

Azure Data Fetchers - 09:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure data fetchers: Web App, Function App, Activity Log Alert Rules.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

Deployment Dec 3,2020

Azure Role Definitions - 13:00 UTC

Type: New Entity
Case ID: DFR-1214
Description: Added support for Azure Role Definitions in the compliance engine
GSL Examples:

  • Ensure that `MULTI-FACTOR AUTH STATUS` is `Enabled` for all users who are ‘Owner’:
    RoleAssignment should have (properties contain [getResource('User', principalId) contain [userCredentialRegistrationDetails.isRegisterWithMfa=true]] and properties contain [getResource('RoleDefinition',roleDefinitionId) contain [properties.roleName = 'Owner']])

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Azure Role Assignment - 13:00 UTC

Type: New Entity
Case ID: DFR-1214
Description: Added support for Azure Role Assignment in the compliance engine
GSL Examples:

  • Ensure that the password used for the 'Owner' role assignment is changed every 90 days or less:
    RoleAssignment should have (properties contain [getResource('User', principalId) contain [lastPasswordChangeDateTime after(-90, 'days') ]] and properties contain [getResource('RoleDefinition',roleDefinitionId) contain [properties.roleName = 'Owner']])

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Azure WebApp, FunctionApp and CosmosDB Account Fetchers - 13:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure WebApp, FunctionApp and CosmosDB Account data fetcher.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

MSP Portal - Logo fix - 14:00 UTC

Type: Bug Fix
Case ID: DFT-964
Description: Fixed an issue that affected uploaded logo's visibility.
Known limitations: N/A.
Affected Components  UI MSP

Deployment Dec 2,2020

Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  One new network rule was added to AWS CloudGuard Best Practices ruleset. Additionally, we have made changes to existing rules and remove six old rules. a complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Azure Subnet  - 10:00 UTC

Type: Improvement
Description:  Infra Improvement for Azure Subnet data fetcher.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

Single Sign On - Fixes and Improvements - 9:50 UTC

Type: Improvement and Bug Fix
Case ID: DFT-910, DFT-956
Description: SSO improvements for large SAML elements, fixes for JIT groups.
Known limitations: N/A.
Affected Components  AUTHENTICATION SSO

Deployment Dec 1,2020

Compliance Engine - 14:40 UTC

Type: Improvement
Description: Infra Improvement.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE API

Deployment Nov 30,2020

Compliance Engine - 14:00 UTC

Type: Improvement
Description: Infra Improvement.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE API

Compliance Engine - 13:20 UTC

Type: Improvement
Description: Backend support for upcoming Azure Security Center feature.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

AWS Data Fetchers - 10:00 UTC

Type: Improvement
Description:  Infra Improvement for AWS data fetchers: IAM Role Tags, Cloud Front, Route53 Domains.
Known limitations: N\A
Affected Components   DATA FETCHERS AWS

Manual Assessment - Removed VNET Selection - 8:00 UTC

Type: Improvement
Description: Removed Azure VNET selection on manual assessment and GSL builder.
Known limitations: N\A
Affected ComponentsUI COMPLIANCE ENGINE

Protected Assets - Attach Security groups issue - 8:00 UTC

Type: Bug Fix
Description: Fixed an issue that prevented users to attach security groups to an EC2 Instance.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Azure Onboarding- UI fixes - 8:00 UTC

Type: Bug Fix
Description: Fixed several UI components to handle different resolutions.
Known limitations: N\A
Affected ComponentsUI AZURE UNSAFE-ONBOARDING

Protected Assets - Alerts fix for Kubernetes - 8:00 UTC

Type: Bug Fix
Description: Fixed Alerts issues when the source is Kubernetes Image Scanning.
Known limitations: N\A
Affected ComponentsUI K8S

GCP Security groups - Shared VPC fixes - 8:00 UTC

Type: Bug Fix
Case ID: DFT-883
Description: Fixed UI issues when using Shared VPC.
Known limitations: N\A
Affected ComponentsUI SECURITY GROUPS PROTECTED ASSETS

Security Groups - Added Export support - 8:00 UTC

Type: Improvement
Case ID: DFR-1237, DFR-1096

Description: Adding export support for Security groups.
Known limitations: N\A
Affected ComponentsUI SECURITY GROUPS

Account Page - Data Center indicator - 8:00 UTC

Type: Improvement
Case ID: DFR-1216

Description: Added Data Center indicator.
Known limitations: N\A
Affected ComponentsUI ACCOUNT PAGE

Environments - Added Kubernetes status - 8:00 UTC

Type: Improvement
Case ID: DFR-1195

Description: Added additional indicators to Kubernetes status.
Known limitations: N\A
Affected ComponentsUI ENVIRONMENTS

Deployment Nov 29,2020

AWS SNS Platform Application - 12:30 UTC

Type: New Entity
Description: Added support for AWS SNS Platform Application in the compliance engine

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

AWS Glue Connection - 12:30 UTC

Type: New Entity
Description: Added support for AWS Glue Connection in the compliance engine
GSL Examples:

  • Ensure that GlueConnection enforce SSL for JDBC connections:
    GlueConnection should have connectionProperties contain [ key='JDBC_ENFORCE_SSL' and value='true' ] where connectionType = 'JDBC'

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

GCP VM Instance - 12:30 UTC

Type: Bug fix

Case ID: DFR-1215

Description: Project level setting not mapped to resources
Known limitations:  N/A
Affected Components  DATA FETCHERS GCP COMPLIANCE ENGINE

AWS VPC Endpoint  - 12:30 UTC

Type: Improvement
Case ID: DFR-1209
Description: Additional properties are supported in compliance engine for AWS VPC Endpoint entity
Known limitationsN/A
Affected Components  COMPLIANCE ENGINE 

Azure Data Explorer - 12:30 UTC

Type: New Entity
Description: Added support for Azure Data Explorer in the compliance engine
GSL Examples:

  • Ensure that Azure DataExplorerCluster is enabled for purge:
    DataExplorerCluster should have enablePurge=true

  • Ensure that Auzre DataExplorerCluster is encrypted:
    DataExplorerCluster should have enableDiskEncryption=true

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Azure Disk - 12:30 UTC

Type: New Entity
Description: Added support for Azure Disk in the compliance engine
GSL Examples:

  • Ensure that Azure disks are encrypted:
    Disk should have properties.encryptionSettingsCollection.enabled=true

  • Ensure that Azure disks are set with up to 2 shares:
    Disk should have properties.maxShares <= 2

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Azure Role Assignment - 12:30 UTC

Type: New Entity 
Description: Added support for Azure Role Assignment entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS AZURE 

Azure Firewall - 12:30 UTC

Type: New Entity
Case ID: DFR-1274

Description: Added support for Azure Firewall entity in the compliance engine.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Environment Missing Permissions - 11:00 UTC

Type: Bug Fix
Case ID: DFT-975

Description: Missing permissions were not visible for Gov / China Cloud Accounts.
Known limitations: N/A.
Affected Components UI API

Deployment Nov 25,2020

Authentication Hardening - 11:00 UTC

Type: Improvement
Description: Hardening Improvement for all authentication types.
Known limitations: N/A.
Affected Components  AUTHENTICATION SERVICE ALL REGIONS UI MSP

Compliance Engine - 9:20 UTC

Type: Improvement
Description: Infra Improvement.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

Compliance Rulesets Update - 9:00 UTC

Type: Improvement
Description: The first release of the Japanese AWS Dome9 FISC ruleset.
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS 

Deployment Nov 24,2020

Compliance Rulesets Update - 10:15 UTC

Type: Improvement
Description:  Adding new rules to AWS CloudGuard Best Practices ruleset.
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS 

Deployment Nov 23,2020

GCP Security Group - 16:30 UTC

Type: Improvement
Description: Added 'description' field to GcpSecurityGroup inbound and outbound rules.
Known limitations:  N/A
Affected Components  DATA FETCHERS GCP COMPLIANCE ENGINE

AWS VPC Endpoint - 12:00 UTC

Type: Improvement
Description: Added support for additional properties.
Known limitationsAdditional fields still not available in compliance engine and protected assets page.
Affected Components  DATA FETCHERS AWS 

Azure Private Endpoint - 12:00 UTC

Type: Improvement
Description: Infra Improvement.
Known limitationsN/A
Affected Components  DATA FETCHERS AZURE 

AWS Workspaces  - 12:00 UTC

Type: Bug Fix
Case ID: DFT-978
Description: Fix for disk encryption status reported incorrectly 
Known limitationsN/A
Affected Components  COMPLIANCE ENGINE 

Compliance Rulesets Update - 10:00 UTC

Type: Bug Fix

Case ID: DFT-961, DFT-979, DFT-758

Description:  Rules fixes D9.AZU.NET.06, D9.AZU.CRY.19, D9.AZU.LOG.03
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS

Deployment Nov 22,2020

Intelligence & Threat Hunting. - Flow Logs Time Line - 12:00 UTC

Type: New Feature
Description: Added timeline to Flow Logs traffic.
Known limitations: NA. 
Affected Components  INTELLIGENCE & THREAT HUNTING 

Intelligence & Threat Hunting. - Customize Centralize On-boarding - 12:00 UTC

Type: New Feature
Description: Added support to on-board centralized bucket with multiple sources of AWS Cloudtrail and Flow Logs.
Known limitations: NA. 
Affected Components  INTELLIGENCE & THREAT HUNTING 

AWS SNS Platform Application - 12:00 UTC

Type: New Entity 
Description: Added support for AWS SNS Platform Application entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS AWS 

Azure Data Explorer - 12:00 UTC

Type: New Entity 
Description: Added support for Azure Data Explorer entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS AZURE 

Azure HDInsight - 12:00 UTC

Type: New Entity
Description: Added support for Azure HDInsight in the compliance engine
GSL Examples:

  • Ensure that HDInsight is encypted with encryptionAtHost:

    HDInsight should have properties.diskEncryptionProperties.encryptionAtHost=true
  • Ensure that HDInsight supports TLS version '1.2':

    HDInsight should have properties.minSupportedTlsVersion='1.2'

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

AWS ECS Service- 11:15 UTC

Type: Bug Fix
Case ID: DFT-955
Description: Fix 'taskDefinition' property updating issue
Known limitationsN/A
Affected Components  COMPLIANCE ENGINE 

AWS Kinesis Firehose  - 11:15 UTC

Type: New Entity
Description: Added support for AWS Kinesis Firehose in the compliance engine
Known limitationsN/A
Affected Components DATA FETCHERS AWS COMPLIANCE ENGINE 

AWS Cloud Formation Stack  - 11:15 UTC

Type: New Entity
Description: Added support for AWS Cloud Formation Stack in the compliance engine
Known limitationsN/A
Affected Components DATA FETCHERS AWS COMPLIANCE ENGINE 

Deployment Nov 19,2020

AWS Network Firewall - 11:00 UTC

Type: New Entity
Description: Added support for AWS Network Firewall in the compliance engine:
GSL Examples:

  • Ensure that Network Firewall uses the 'Flow' logtype:

    NetworkFirewall should have loggingConfiguration.logDestinationConfigs with [ logType='FLOW' ]
  • Ensure that Network Firewall status is 'Ready' and is in-sync:

    NetworkFirewall should have (firewallStatus.status='READY' and firewallStatus.configurationSyncStateSummary='IN_SYNC')

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Azure Virtual Machine API- 08:30 UTC

Type: Bug Fix
Case ID: DFT-953

Description: Fix permission issue in GET Azure Virtual Machine by cloud account id API
Known limitations: N\A
Affected ComponentsAPI

Azure ActivityLogMonitor - 08:30 UTC

Type: Bug Fix
Case ID: DFT-965

Description: Fix Typos in ActivityLogMonitor compliance model.
Known limitations: N\A
Affected ComponentsCOMPLIANCE ENGINE

Service Accounts - 08:30 UTC

Type: Improvement
Case ID: DFR-1273

Description: Allow to manage Service Accounts via MSP assumed roles.
Known limitations: N\A
Affected ComponentsAPI

Deployment Nov 18,2020

Azure Data Fetchers - 13:00 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

AWS Route53 Hosted Zone - 13:00 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components   DATA FETCHERS AWS

Deployment Nov 17,2020

Protected Assets - Kubernetes Alerts fix - 19:07 UTC

Type: Bug Fix
Description: Fixing Alerts representation on Kubernetes entities .
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Dashboard - Add PDF export - 9:05 UTC

Type: Improvement
Description: Added Dashboard export to PDF.
Known limitations: N\A
Affected ComponentsUI DASHBOARDS

Protected Assets - Generic Entity page - 9:05 UTC

Type: Improvement
Description: On Generic pages the properties tab is the default tab.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Protected Assets - Added Tabs on Entity page - 9:05 UTC

Type: Improvement
Description: Separated the Alerts tab to Security events / Tasks Tabs.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Dashboards - Added missing % to trend widgets - 9:05 UTC

Type: Bug Fix
Description: Added missing % to trend widgets.
Known limitations: N\A
Affected ComponentsUI DASHBOARDS

GSL Builder - Combo box fixes - 9:05 UTC

Type: Improvement
Description: Fixed responsive boxes and missing VNET selection box.
Known limitations: N\A
Affected ComponentsUI

Compliance Rulesets - Fixed mislabeled titles - 9:05 UTC

Type: Bug fix
Case ID: DFT-970

Description: GSL logic was added back.
Known limitations: N\A
Affected ComponentsUI RULESETS

GSL Builder - Kubernetes Categories - 9:05 UTC

Type: Improvement
Case ID: DFR-1240

Description: Adding support for Kubernetes runtime assurance.
Known limitations: N\A
Affected ComponentsUI

Protected assets - Linkable Cloud Accounts - 9:05 UTC

Type: Improvement
Case ID: DFR-1183

Description: Added links to the cloud accounts.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Protected Assets - Added additional fields support - 9:05 UTC

Type: Improvement
Case ID: DFR-1182

Description: Added additional fields support on the entity page.
Known limitations: N\A
Affected ComponentsUI PROTECTED ASSETS

Deployment Nov 16,2020

Intelligence & Threat Hunting - Generic on-boarding - 14:00 UTC

Type: New Feature
Description:  Adding the ability to on-board Multiple cloud accounts in the same S3
Known limitations: N\A
Affected Components   INTELLIGENCE & THREAT HUNTING 

Compliance Rulesets Update - 14:00 UTC

Type: Improvement
Description:  Adding new rules to AWS CloudGuard Best Practices ruleset
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS 

Compliance Rulesets Update - 14:00 UTC

Type: Bug Fix
Description:  Rules fixes in Terraform AWS CIS Foundations ruleset
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS

Deployment Nov 12,2020

Compliance Engine - 14:00 UTC

Type: Improvement
Description: Infra Improvement.

Known limitations: N/A.
Affected Components  COMPLIANCE CORE 

Azure HDInsight - 10:00 UTC

Type: Bug Fix
Description: Fix permission errors handling
Known limitations: N/A
Affected Components  DATA FETCHERS AZURE 

Deployment Nov 10,2020

Azure HDInsight - 17:00 UTC

Type: New Entity support
Description: Added support for Azure HDInsight entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS AZURE 

K8s Agents Status Notification - 15:00 UTC

Type: Improvement
Description: New Infrastructure for K8s agents status notifications.
Known limitations: N/A
Affected Components:   NOTIFICATIONS 

Compliance Engine - 15:00 UTC

Type: Bug Fix
Description: Infra Improvement.
Known limitations: N/A.
Affected Components  COMPLIANCE CORE API

Compliance Engine - 15:00 UTC

Type: Bug Fix
Description: Fixed internal issues that caused assessment failures on the following entities: AWS ELB, AWS EcsService.
Known limitations: N/A.
Affected Components  COMPLIANCE CORE API

Azure Data Fetchers - 12:30 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

GCP Image - 12:00 UTC

Type: Improvement
Case ID: DFR-613

Description: Added support for GCP Image in the compliance engine:
GSL Examples:

  • Ensure that Image has a sha235 key encryption:

    Image should not have imageEncryptionKey.sha256 isEmpty()
  • Ensure that Image has a kms encryption:

    Image should not have imageEncryptionKey.kmsKeyName isEmpty()

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS GCP

GCP Redis - 12:00 UTC

Type: Improvement
Case ID: DFR-613

Description: Added support for GCP Redis in the compliance engine:
GSL Examples:

  • Ensure that Redis tier is equal 'STANDARD_HA':

    Redis should have tier='STANDARD_HA'
  • Ensure that Redis is utilizing a valid configuration:

    Redis should not have redisConfigs isEmpty()

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS GCP

AWS Athena Work Group - 12:00 UTC

Type: Improvement
Case ID: DFR-613

Description: Added support for AWS Athena Work Group in the compliance engine:
GSL Examples:

  • Ensure that the settings for the workgroup override client-side settings:

    AthenaWorkGroup should have configuration.enforceWorkGroupConfiguration=true
  • Ensure that AthenaWorkGroup is ecnrypted with 'SSE_KMS':

    AthenaWorkGroup should have configuration.resultConfiguration.encryptionConfiguration.encryptionOption='SSE_KMS'

Known limitationsN/A
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Assessment - Fixed IPV6 conversion on network functions 8:15 UTC

Type: Bug Fix
Case ID: DFT-962
Description: Fixed an issue that caused discrepancies in results when using specific IPV4 ranges on GSL network functions.
Known limitations: N\A
Affected ComponentsCOMPLIANCE ENGINE

Deployment Nov 9,2020

GCP Image - 17:00 UTC

Type: New Entity support
Description: Added support for GCP Image entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS GCP 

Azure Data Fetchers - 12:00 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description:  The first release of CIS Kubernetes Benchmark v1.6.1 ruleset
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS 

Compliance Rulesets Update - 12:00 UTC

Type: Bug Fix
Description:  Rule removal: D9.AZU.NET.29; Rules fixes: D9.AZU.LOG.03, D9.TF.AZU.NET.04, D9.TF.AZU.NET.05, D9.TF.AZU.NET.08, D9.TF.AZU.NET.09, D9.TF.K8S.IAM.25
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS

Deployment Nov 5,2020

Compliance Assessment History Stats - 16:00 UTC

Type: Improvement
Description:  Adding Severity breakdown to the assessment history stats.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE 

Compliance Rulesets Update - 6:00 UTC

Type: Improvement
Description:  Adding new rules to Terraform AWS CIS Foundations ruleset.
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS 

Deployment Nov 4,2020

Azure Data Fetchers - 12:30 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE


Azure Compute Disk - 11:00 UTC

Type: New Entity support
Description: Added support for Azure Compute Disk entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS AZURE 

Compliance Assessment - Adding Terraform Assessment support - 10:00 UTC

Type: New Feature
Description: Added Terraform assessment support, supporting Terraform version 11 and above.
Known limitations: N\A
Affected ComponentsCOMPLIANCE ENGINE TERRAFORM ASSESSMENT

Deployment Nov 3,2020

Compliance Rulesets Update - 18:00 UTC

Type: Improvement
Description:  Adding new rules to AWS CloudGuard Best Practices ruleset.
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS 

AWS Athena Work Group - 15:00 UTC

Type: New Entity support
Description: Added support for AWS Athena Work Group entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS AWS 

GCP Redis - 15:00 UTC

Type: New Entity support
Description: Added support for GCP Redis entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS GCP 

Compliance Rulesets Update - 14:00 UTC

Type: Bug Fix
Description:  Rules removal: D9.AZU.LOG.01, D9.AZU.LOG.07, D9.AZU.LOG.08.
Known limitations: N\A
Affected Components   COMPLIANCE RULESETS

Compliance Engine - GCP Shared VPC support  - 8:00 UTC

Type: Improvement
Description:  Added GCP shared networks support to the Compliance engine checks.
Known limitations: The Project sharing the network to other projects must be onboarded to the system as well.
Affected Components   COMPLIANCE ENGINE

Deployment Nov 2,2020

Log.ic - new anomalies detection for account activity- 17:50 UTC

Type: New Feature
Description:  Anomalies detection based on Machine Learning models for account activity.
Added Features:
- console login of users by the user agent and geolocation;
- user API events by geolocation and user agent
- baseline by event name or target type. 
Known limitations: N\A
Affected ComponentsLOG.IC

System notification - Notify when local storage is disabled - 15:30 UTC

Type: Improvement
Description: Added notification when the browser local storage is disabled.
Known limitations: N\A
Affected ComponentsUI

Status page  - Indicator improvement - 15:30 UTC

Type: Improvement
Description: Added status page incident as alert in content.
Known limitations: N\A
Affected ComponentsUI

Compliance Assessment - Drop Down improvements - 15:30 UTC

Type: Improvement
Description: Improved the drop down selectors on run assessment page.
Known limitations: N\A
Affected ComponentsUI

Protected Assets - Fixed Navigation Issue - 15:30 UTC

Type: Bug Fix
Description: Fixed an issue that affected routing between asset page to log.ic.
Known limitations: N\A
Affected ComponentsUI

Azure Log.ic - Fixed Onboarding Text - 15:30 UTC

Type: Bug Fix
Description: Modified text on the Azure Log.ic steps.
Known limitations: N\A
Affected ComponentsUI

IP Addresses - Fixed exception handling - 15:30 UTC

Type: Bug Fix
Description: Fixed exception handling on specific cases.
Known limitations: N\A
Affected ComponentsUI

Dashboard - Fixed Gauge widget on no data - 15:30 UTC

Type: Bug Fix
Description: Fixed widget behavior on click and no data.
Known limitations: N\A
Affected ComponentsUI DASHBOARD

IP Addresses - Fixed exception - 15:30 UTC

Type: Bug Fix
Description: Fixed exception on specific cases.
Known limitations: N\A
Affected ComponentsUI

Dynamic Access - Fixed filters state - 15:30 UTC

Type: Bug Fix
Description: Fixed the filters state on refresh.
Known limitations: N\A
Affected ComponentsUI

Terraform Rulesets - Added CLI command line snippet - 15:30 UTC

Type: Improvement
Case ID: DFR-1196
Description: Added CLI snippet to copy paste easily.
Known limitations: N\A
Affected ComponentsUI

Kubernetes Onboarding - Runtime protection support - 15:30 UTC

Type: Improvement
Case ID: DFR-1193

Description: Added Runtime protection support to the features list
Known limitations: N\A
Affected ComponentsUI

GSL Builder - Kubernetes Categories - 15:30 UTC

Type: Improvement
Case ID: DFR-1188

Description: Adding Categories grouping to Kubernetes.
Known limitations: N\A
Affected ComponentsUI

Cloud Accounts - Rebranding as Environments - 15:30 UTC

Type: Improvement
Case ID: DFR-1185

Description: Renaming the cloud accounts to environments.
Known limitations: N\A
Affected ComponentsUI

Compliance engine - CFT Tab Removal - 15:30 UTC

Type: Improvement
Case ID: DFR-1053, DFR-1056

Description: Removed CFT tab from run assessment, will be possible in the future to run CFT as a platform.
Known limitations: N\A
Affected ComponentsUI

Compliance Rulesets Update - 10:00 UTC

Type: Improvement
Description: The first release of Terraform Azure CIS Foundations, EKS CloudGuard Best Practices, Kubernetes v.1.14 CloudGuard Best Practices and CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 rulesets.  Additionally, we have made changes to existing Azure network rules:  D9.AZU.NET.26;D9.AZU.NET.18.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment Nov 1,2020

Compliance Engine - 17:00 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Compliance Engine - 16:00 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Deployment Oct 29,2020

AWS Athena - 18:00 UTC

Type: Improvement
Case ID: DFR-830

Description: Added support for AWS Athena Query executions in the compliance engine:
GSL Examples:

  • Ensure that the Athena associated DB and Catalog are valid:

    Athena should not have (queryExecutionContext.catalog isEmpty() or queryExecutionContext.database isEmpty())
  • Ensure that the Athena execution results are encrypted:

    Athena should have (resultConfiguration.encryptionConfiguration.encryptionOption='SSE_KMS' or resultConfiguration.encryptionConfiguration.encryptionOption='SSE_S3')

Known limitations:  Query executions are fetched for Primary Work Group.

Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Azure API Management Service- 18:00 UTC

Type: Improvement
Case ID: DFR-1204

Description: Added support for Azure API Management in the compliance engine:
GSL Examples:

  • Ensure that the API Management Service holds a specific IP address:

    ApiManagementService should have privateIPAddresses contain [ '10.1.0.5']
  • Ensure that the API Management is associated with a subnet with the 10.1.0.0/26 range:

    ApiManagementService should have virtualNetworkConfiguration contain [ getResource('Subnet', subnetResourceId) contain [addressRange = '10.1.0.0/26']]

Known limitations:  Identity property returns assigned only if it was created along with the API Management service itself. If added later, it will still return as null.

Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Azure Data Fetchers - 13:30 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

AWS IAM Access Keys - 13:30 UTC

Type: Improvement
Description:  Infra Improvement in fetching system.
Known limitations: N\A
Affected Components   DATA FETCHERS AWS

Deployment Oct 27,2020

Compliance Engine - 09:40 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Deployment Oct 22,2020

Compliance Engine - 13:30 UTC

Type: Bug Fixes
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

AWS WAF Regional and  WAF Regional V2- 13:30 UTC

Type: Improvement
Case ID: DFR-1203
Description: Added support for API Gateways property in WAF and WAF V2 compliance model.
In addition, added support for WAF Regional property in API Gateway compliance model.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Azure Data Fetchers - 13:30 UTC

Type: Improvement
Description:  Infra Improvement.
Known limitations: N\A
Affected Components   DATA FETCHERS AZURE

Compliance Engine - 09:10 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Deployment Oct 21,2020

Notifications - Security Hub Integration fix - 15:00 UTC

Type: Bug Fix
Case ID: DFT-944
Description: Fixed an issue that caused notifications to get access denied from AWS.
Known limitations: N\A
Affected Components   SECURITY HUB

Compliance Engine - 12:00 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Compliance Assessment History API - 07:50 UTC

Type: Improvement
Description:  Improve performance of '/AssessmentHistoryV2/LastAssessmentResults' API.
Known limitations: N\A
Affected Components   API

Deployment Oct 19 2020

New toolbar action design- 14:30 UTC

Type: Improvement
Description: Redesign action toolbar for security group, user management and role management pages .
Known limitations: N/A.
Affected Components  UI 

404 Page - 14:30 UTC

Type: Improvement
Description: Redesign for 404 page
Known limitations: N/A.
Affected Components  UI 

Azure On Boarding - 14:30 UTC

Type: Update
Case ID: DFR-912

Description: Updated Azure on boarding instructions
Known limitations: N/A.
Affected Components  ON BOARDING 

Kubernetes On Boarding - 14:30 UTC

Type: Update
Case ID: DFR-912

Description: Updated Kubernetes on boarding instructions
Known limitations: N/A.
Affected Components  ON BOARDING 

New Data Centers - 14:30 UTC

Type: Improvement
Case ID: DFR-1139

Description: Added two new data centers for login - Europe (EU) and asia pacific (AP)
Known limitations: N/A.
Affected Components  LOGIN 

Compliance Engine - AWS Personalize - 13:40 UTC

Type: Improvement
Case ID: DFR-834

Description: Added support for AWS Personalize in the compliance engine:
GSL Examples:

  • Ensure AWS Personalize data encryption is active:

    Personalize should not have kmsKeyArn isEmpty()

Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Engine - AWS Translation Terminology- 13:40 UTC

Type: New Entity
Description: Added support for AWS Translation Terminology in the compliance engine.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Engine - AWS Translate - 13:40 UTC

Type: New Entity
Case ID: DFR-835

Description: Added support for AWS Translate in the compliance engine:
GSL Examples:

  • Ensure translation jobs status is not failed:

    TranslationJob should not have jobStatus='FAILED'
  • Ensure translation jobs has associated terminology: TranslationJob should not have terminologyNames isEmpty()

Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Engine - AWS Transcribe Medical - 13:40 UTC

Type: New Entity
Description: Added support for AWS Transcribe Medical in the compliance engine.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Engine - AWS Transcribe - 13:40 UTC

Type: New Entity
Case ID: DFR-832

Description: Added support for AWS Transcribe in the compliance engine:
GSL Examples:

  • TranscribeJob should have 'wav' media format:

    TranscribeJob should have mediaFormat='wav'
  • TranscribeJob should have up to 5 speaker labels defined: TranscribeJob should have settings.maxSpeakerLabels<=5

Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Deployment Oct 16 2020

Compliance Engine - Internal improvements 10:00 UTC

Type: Improvement
Description:  Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components    COMPLIANCE ENGINE API

Deployment Oct 15 2020

Data fetching services - 9:30 UTC

Type: Improvement
Description:  Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components   ALL DATA FETCHING COMPONENTS COMPLIANCE ENGINE

Deployment Oct 11 2020

Compliance Engine - Webhook 12:00 UTC

Type: Bug fix
Description:  Fixed a bug that affected the Webhook tester feature.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Single Sign On - Improved JIT support  - 9:30 UTC

Type: Improvement
Case ID: DFT-910
Description:  Improved Just in time provisioning for many group members and roles.
Known limitations: N\A
Affected Components   SSO

Compliance Engine - 9:30 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Deployment Oct 08 2020

Compliance Engine - Azure Activity Logs - 13:00 UTC

Type: Improvement
Case ID: DFR-877

Description: Added support for Azure Activity Log Alert Rules and Diagnostic Settings in the compliance engine:

  • New entity called 'ActivityLogMonitor' contains Activity Log Diagnostic Settings and aggregated information of Activity Log Alert Rules operations.
  • New entity called 'ActivityLogAlertRule' contains specific information about each Activity Log Alert Rule in the subscription.

GSL Examples:

  • Ensure the Storage Container storing the Activity Logs is not publicly accessible:

    'ActivityLogMonitor should not have diagnosticSettings contain [ storageContainer.properties.publicAccess isEmpty()=false and storageContainer.properties.publicAccess!='None' ]'
  • Ensure that Activity Log Alert exists for Create or Update Network Security Group:

    'ActivityLogMonitor should have alertRuleOperations contain-any [$ in ('microsoft.network/networksecuritygroups/write', 'microsoft.network/networksecuritygroups/all', 'all') ]'

Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Deployment Oct 07 2020

AWS SnsTopic - Policy statement fix - 10:00 UTC

Type: Bug Fix
Case ID: DFT-884
Description: Fixed a bug that affected the policy statements principal.
Known limitations: N/A
Affected Components  DATA FETCHERS AWS 

Deployment Oct 06 2020

AWS Transcribe Job and Transcribe Medical Job - 16:30 UTC

Type: New Entity support
Description: Added support for AWS Transcribe Job and AWS Transcribe Medical Job entities properties.
Known limitations: Entity is not available in compliance engine and protected assets page. 
Affected Components  DATA FETCHERS AWS 

Exclusions and Remediation - New Infrastructure - 16:30 UTC

Type: Improvement
Description: Added a new Infrastructure for exclusions and remediation next version.
Known limitations: N/A.
Affected Components  API EXCLUSIONS REMEDIATION

Azure Activity Logs - 08:00 UTC

Type: Improvement
Case ID: DFR-1162
Description: Added a new Infrastructure to fetch Azure Activity Logs.
Known limitations: Will be used in later releases to optimize data fetching mechanism for Azure entities.
Affected Components  DATA FETCHERS AZURE 

Deployment Oct 05 2020

Create Execution  - 23:00 UTC

Type: Bug 
Description: DFT-934 - Unable to create exclusion fix
Known limitations: N/A
Affected Components   COMPLIANCE

Protected Asset - AWS WAF Regional V2 - 17:00 UTC

Type: Improvement
Description: Added support for AWS WAF Regional V2 entity in protected assets.
Known limitations: N/A
Affected Components  UI COMPLIANCE

Deployment Oct 04 2020

New Mobile Application Version - 20:10 UTC

Type: Improvement
Description: New mobile version for iOS with region selection.
Known limitations: N/A.
Affected Components   MOBILE

New CloudGuard Chrome Extension - 20:10 UTC

Type: Improvement
Description: New chrome extension with support for regions selection.
Known limitations: N/A.
Affected Components  EXTENTION 

Dashboard- minor improvements- 20:10 UTC

Type: Improvement
Description: sections not displayed on no data and collapse by defaults improvements.
Known limitations: N/A.
Affected Components  UI DASHBOARD

Menu - Loader improvement- 20:10 UTC

Type: Improvement
Description: When navigating the user can click on the internal menu without waiting that the page will finish loading.
Known limitations: N/A.
Affected Components  UI 

Alerts - Entity links improvement- 20:10 UTC

Type: Improvement
Description: Links improvement for open on the same tab.
Known limitations: N/A.
Affected Components  UI 

Compliance Notifications - Bug fix- 20:10 UTC

Type: Bug Fix
Case ID: DFT-890
Description: Fixed an issue that reverted the day to Sunday on Japanese language.
Known limitations: N/A.
Affected Components  UI 

Posture management - export fix- 20:10 UTC

Type: Bug Fix
Case ID: DFT-881
Description: Fixed export issue.
Known limitations: N/A.
Affected Components  UI 

Cloud accounts - Kubernetes status alignments - 20:10 UTC

Type: Improvement
Description: Aligned Kuberenetes accounts status to the other platforms.
Known limitations: N/A.
Affected Components  UI CLOUD ACCOUNTS

Compliance notifications - Filtering support - 20:10 UTC

Type: Improvement
Description: Added filter capability to the compliance Immediate notifications.
Known limitations: Not supported on Scheduled reports..
Affected Components  UI COMPLIANCE NOTIFICATIONS

Kubernetes onboarding - instructions updates - 20:10 UTC

Type: Improvement
Description: Instructions update.
Known limitations: N/A.
Affected Components  UI 

Service Account page - 20:10 UTC

Type: New Feature
Description: Added support service accounts API keys.
Known limitations: N/A.
Affected Components  UI 

AWS WAF Regional V2 - 17:45 UTC

Type: New Entity support
Description: Added support for AWS WAF Regional V2 entity properties.
Known limitations: Not Supported on protected assets yet.
Affected Components  DATA FETCHERS AWS 

Azure Virtual Network - Compliance Engine - 15:00 UTC

Type: Improvement
Case ID: DFR-956

Description: Added support for Service and Private Endpoints properties.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

AWS ECS - Compliance Engine - 13:30 UTC

Type: Improvement
Description: Removed unused properties from AWS ECS entities: EcsCluster, EcsService, EcsTask.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE API

Deployment Oct 02 2020

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
Description: First release of the  AWS NIST 800-171 and Azure NIST 800-171 rulesets.  As part of this release we have added 7 new rules across various services in AWS. Additionally we have made changes to existing rules, a complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment Sep 30 2020

Azure - remove account through API using Subscription ID - 17:30 UTC

Type: Improvement
Case ID: DFR-1167
Description: Account can be removed through API call using Subscription ID.
Known limitations: N/A.
Affected Components    ACCOUNT API

Deployment Sep 24 2020

Notifications - Scheduled report day option fix - 18:52 UTC

Type: Bug fix
Case ID: DFT-890
Description: Fixed the time selection on Japanese language.
Known limitations: N/A.
Affected Components   NOTIFICATIONS UI

Managed list - Permissions save option fix - 18:52 UTC

Type: Bug fix
Case ID: DFT-908
Description: Fixed the save option visibility according to permissions.
Known limitations: N/A.
Affected Components   MANAGED LIST UI

Protected assets - Export report by asset type fix - 12:13 UTC

Type: Bug fix
Case ID: DFT-923
Description: Fixed broken links while downloading report.
Known limitations: N/A.
Affected Components   PROTECTED ASSETS UI

Protected assets - Alerts on asset page fix - 11:47 UTC

Type: Bug fix
Case ID: DFT-896
Description: Fixed alerts view when navigating between assets.
Known limitations: N/A.
Affected Components   PROTECTED ASSETS UI

Compliance Engine - 7:30 UTC

Type: Improvement
Description:  Change internal configuration.
Known limitations: N\A
Affected Components   COMPLIANCE ENGINE

Deployment Sep 23 2020

Azure Function App - 11:30 UTC

Type: Improvement
Description: Added additional fields to Azure Function App entity.
Known limitations: Environment variables fetching demand additional permissions for Website Contributor role.
Affected Components  DATA FETCHERS AZURE API

Deployment Sep 22 2020

Azure Private Endpoints - 14:00 UTC

Type: Improvement
Description: Added Azure Private Endpoints entity
Known limitations:  Entity is not available in compliance engine and protected assets page. Will be available at later release as a part of Azure Virtual Network entity.
Affected Components  DATA FETCHERS AZURE  

ServiceNow App - 13:40 UTC

Type: Improvement
Description: Dome9 ServiceNow App supports Orlando version in the ServiceNow store: https://store.servicenow.com/sn_appstore_store.do#!/store/application/659f0e251b3eb30071e463d07e4bcbd9/1.1.0
Known limitations: N/A 
Affected Components: N/A

Deployment Sep 21 2020

Kubernetes Account Page - 21:10 UTC

Type: Improvement
Description: Selecting a kubernetes account via the Cloud Accounts page will display the new  kubernetes page where you are able to enable / disable agent features.
Known limitations: N/A.
Affected Components  KUBERNETES 

Alerts/Account/Policy Rules Pages Redesign Toolbar - 21:10 UTC

Type: Improvement
Description: New action toolbar for alerts menu items, account page and policy rules.
Known limitations: N/A.
Affected Components  ALERTS  ACCOUNT

Cloud Inventory CSV Export - 21:10 UTC

Type: Feature
Description: You can now export all your cloud accounts into a CSV file
Known limitations: N/A.
Affected Components   ACCOUNTS

Type: Bug
Description: Fixed link from security group page to alerts page
Known limitations: N/A.
Affected Components   SECURITY GROUPS

Widget Title Double Click - 21:10 UTC

Type: Bug
Description: Double clicking the widget title will now open the widget settings modal
Known limitations: N/A.
Affected Components   DASHBOARD

Deployment Sep 18 2020

Compliance GSL Engine - 10:19 UTC

Type: Improvement
Description: Improved GSL performance. 
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

Deployment Sep 17 2020

Compliance Engine - Change internal configuration - 13:30 UTC

Type: Improvement
Description: Change internal configuration.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE API

Compliance Engine - GSL - 12:50 UTC

Type: Improvement
Description: Improved GSL to be more efficient. 
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

Deployment Sep 16 2020

Compliance Engine - Azure Virtual Network Gateway - 12:30 UTC

Type: Improvement
Case ID: DFR-540

Description: Added support for Azure Virtual Network Gateway entity in the compliance engine.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

Deployment Sep 15 2020

Compliance Engine - AWS IAM Users Access Keys  - 15:30 UTC

Type: Improvement
Case ID: DFT-877
Description: Added AWS IAM Users Access Keys data in compliance.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

 Azure Function App - 15:30 UTC

Type: Improvement
Description: Added related Functions and Environment variables information for Azure Function App.
Known limitations: Environment variables fetching demand additional permissions for Website Contributor role.
Affected Components  DATA FETCHERS AZURE

Compliance Engine - Azure SQL DB & SQL Server Advanced Security Settings- 15:30 UTC

Type: Improvement
Case ID: DFT-897
Description: Display accurate data on the SQL DB in relation to the SQL Server settings.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Deployment Sep 14 2020

Support Private and Service endpoints properties for Azure Subnet - 14:30 UTC

Type: Improvement
Description: Added Private and Service endpoints properties for Azure Subnet entity as enrichment
Known limitations: Infra only
Affected Components  DATA FETCHERS AZURE  

AWS Translation Job and AWS Translation Terminology - 14:30 UTC

Type: Improvement
Description: Added AWS Translation Jobs and AWS Translation Terminology entities
Known limitations:  Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components  DATA FETCHERS AWS  

Azure Virtual Network Gateway - 12:30 UTC

Type: Improvement
Description: Added Azure Virtual Network Gateway entity
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components DATA FETCHERS AZURE

Deployment Sep 13 2020

Compliance Engine - 11:00 UTC

Type: Improvement
Description: Adding GSL Functionality 
Known limitations: N/A.
Affected Components  COMPLIANCE CORE 

Deployment Sep 10 2020

Compliance Engine - 14:00 UTC

Type: Improvement
Description: Internal improvements.  
Known limitations: N/A.
Affected Components  COMPLIANCE CORE COMPLIANCE INTEGRATIONS

Compliance Engine - 12:00 UTC

Type: Improvement
Description: Adding step scaling to components.  
Known limitations: N/A.
Affected Components  COMPLIANCE CORE 

Deployment Sep 9 2020

Service Account - API support - 15:00 UTC

Type: New Feature
Case ID: DFR-520
Description: Added internal support for service accounts.
Known limitations: Not visible on UI yet.
Affected Components  API 

Compliance Engine - AWS RDS - 14:00 UTC

Type: Improvement
Description: Added sync status information for AWS RDS option groups and parameter groups.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Engine - AWS Step Function - 07:30 UTC

Type: Improvement
Case ID:  DFR-640
DescriptionAdded AWS Step Function State Machine support in the Compliance Engine.

GSL Examples:

  • Ensure that AWS Step Function State Machine should have logs configured:

    'StepFunctionStateMachine should have loggingConfiguration.level!='OFF''
  • Ensure that AWS Step Function State Machine of type Express should have their definition json string be shorter than 1000 chars:

    'StepFunctionStateMachine where machineType='EXPRESS' should not have definition length()>1000'


Known limitations: N/A
Affected Components  COMPLIANCE ENGINE

Compliance Engine - AWS System Manager - 07:30 UTC

Type: Improvement
Case ID:  DFR-809
DescriptionAdded AWS System Manager Parameter support in the Compliance Engine.

GSL Examples:

  • Ensure that SystemManagerParameter includes x,y,z policies

    'SystemManagerParameter should not have policies contain-all ['policyType:ExpirationNotification' and 'policyType:Expiration' and 'policyType: NoChangeNotification']'
  • Ensure that SystemManagerParameter is of tier 'Advanced'

    'SystemManagerParameter should have tier = 'Advanced''

Known limitations: N/A
Affected Components  COMPLIANCE ENGINE

Compliance Engine - AWS Glue - 07:30 UTC

Type: Improvement
Case ID:  DFR-829
DescriptionAdded AWS Glue Security Configuration support in the Compliance Engine.

GSL Examples:

  • Ensure that at-rest encryption is enabled when writing Amazon Glue logs to CloudWatch Logs.

    'GlueSecurityConfiguration should not have encryptionConfiguration.cloudWatchEncryption.cloudWatchEncryptionMode = 'DISABLED''
  • Ensure that Amazon Glue enforce data-at-rest encryption using KMS CMKs.

    'GlueSecurityConfiguration should not have (encryptionConfiguration.s3Encryption with [ s3EncryptionMode='DISABLED' ] or encryptionConfiguration.cloudWatchEncryption.cloudWatchEncryptionMode='DISABLED' or encryptionConfiguration.jobBookmarksEncryption.jobBookmarksEncryptionMode='DISABLED')'

Known limitations: N/A
Affected Components  COMPLIANCE ENGINE

Compliance Engine - AWS MQ Broker- 07:30 UTC

Type: Improvement
Case ID:  DFR-981
DescriptionAdded AWS MQ Broker support in the Compliance Engine.

GSL Examples:

  • Ensure that AWS MQ brokers have the Auto Minor Version Upgrade feature enabled:

    'MqBroker should have autoMinorVersionUpgrade=true'
  • Ensure that AWS MQ brokers are using the active/standby deployment mode:

    'MqBroker should have (deploymentMode like '%ACTIVE%' or deploymentMode like '%STANDBY%')'

Known limitations: N/A
Affected Components  COMPLIANCE ENGINE

Compliance Engine - AWS Transfer - 07:30 UTC

Type: Improvement
Case ID:  DFR-463
DescriptionAdded AWS Transfer support in the Compliance Engine.

GSL Example:

  • Ensure that AWS Transfer is not public:
    'Transfer should not have endpointType='PUBLIC'
  • Ensure that AWS Transfer should not support FTP protocol:
    'Transfer should not have (protocols contain-any [ $ in ('FTP')] )])'

Known limitations: N/A
Affected Components  COMPLIANCE ENGINE

Compliance Engine - AWS ECR Repository - 07:30 UTC

Type: Improvement
Description: Added support for AWS ECR Repository entity in the compliance engine.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

Compliance Engine - Azure SQL Managed Instance - 07:30 UTC

Type: Improvement
Case ID: DFR-807

Description: Added support for Azure SQL Managed Instance entity in the compliance engine.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE 

Compliance Engine - 07:30 UTC

Type: Bug Fix
Description: Fixed internal issue that caused assessment failures on AWS EcsService entity.
Known limitations: N/A.
Affected Components  COMPLIANCE CORE API

Deployment Sep 8 2020

ShiftLeft - New Menu Item  - 16:00 UTC

Type: New Feature
Description: New ShiftLeft menu item feature
Known limitations: N/A
Affected Components    SHIFTLEFT 

Compliance Engine - AWS RDS - 15:10 UTC

Type: Improvement
Case ID: DFR-707, DFR-997

Description: Added additional properties for AWS RDS in the compliance engine: engineVersion, optionGroups, parameterGroups.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Engine - Azure Key Vault - 14:30 UTC

Type: Improvement
Case ID: DFR-381
Description: Added additional properties for Azure Key Vault in the compliance engine: enablePurgeProtection, networkAcls, privateEndpointConnections.
Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Compliance Engine - Azure NSG Flow Logs - 14:20 UTC

Type: Improvement
Case ID: DFR-422

Description: Added support for Azure NSG Flow Logs in the compliance engine:

  • Added property to Azure NetworkSecurityGroup entity called nsgFlowLog. Holds Flow Log information in case it is enabled.
  • New entity called NsgFlowLog. Holds all enabled Flow Logs in the subscription.

Known limitations: N/A.
Affected Components  COMPLIANCE ENGINE DATA FETCHERS AZURE

Deployment Sep 7 2020

Authentication - Internal Configuration Change - 16:20 UTC

Type: Internal Improvement
Description: Configuration change to support multi region applications. 
Known limitations: N/A
Affected Components    AUTHENTICATION

Email notification configuration SAVE button fix - 15:12 UTC

Type: Bug
Description: When checking and then unchecking an option - the SAVE button is enabled and wasn't rolled back.
Known limitations: N/A
Affected Components  UI

Azure Function App Asset  - 15:12 UTC

Type: Improvement
Description: Added dedicated details asset page
Known limitations: N/A
Affected Components  PROTECTED ASSETS

Internal

UI - infrastructure improvement  - 15:12 UTC

Type: Improvement
Description: Added internal component for UI - currently not in use yet. 
Known limitations: N/A
Affected Components  NONE

Compliance Engine Internal Configuration Change - 9:05 UTC

Type: Internal Improvement
Description: Improved Error handling. 
Known limitations: N/A
Affected Components    COMPLIANCE ENGINE  API

Azure Onboarding - 7:24 UTC

Type: Improvement
Description: Minor changes to Azure onboarding. 
Known limitations: N/A
Affected Components    UI 

UI - toobarl change - 7:24 UTC

Type: Improvement
Description: Protected assets and managed list - Toolbar improvement. 
Known limitations: N/A
Affected Components    UI 

UI - tool tips text changes - 7:24 UTC

Type: Minor Improvement
Description: Added several tool tips. 
Known limitations: N/A
Affected Components    DASHBOARDS 

Dashboard - Fixed scrolling issue - 7:24 UTC

Type: Minor fix
Description: Fixed scrolling when adding dashboard widget. 
Known limitations: N/A
Affected Components    DASHBOARDS 

Dashboard - Added new default dashboards - 7:24 UTC

Type: Improvement
Description: New default dashboards for AWS, Azure, GCP, Serverless. 
Known limitations: N/A
Affected Components    DASHBOARDS 

Deployment Sep 6 2020

Serverless - Permissions fix - 6:00 UTC

Type: Bug fix
Description: Fixing an issue that did not allocated OU permissions to lambda functions.  
Known limitations: N/A.
Affected Components  COMPLIANCE CORE 

Deployment Sep 3 2020

AWS Step Functions entity - 13:30 UTC

Type: Improvement
Case ID:  DFR-640
Description: Added AWS Step Functions entity (State Machines)
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components  DATA FETCHERS AWS  

Compliance Engine - 11:00 UTC

Type: Improvement
Description: Adding step scaling to components.  
Known limitations: N/A.
Affected Components  COMPLIANCE CORE 

Deployment Sep 2 2020

AWS Systems Manager entity - 13:30 UTC

Type: Improvement
Case ID:  DFR-809
Description: Added AWS Systems Manager entity (SSM)
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components  DATA FETCHERS AWS  

AWS Transfer entity - 13:30 UTC

Type: Improvement
Case ID:  DFR-463
Description: Added AWS Transfer entity
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components  DATA FETCHERS AWS  

Compliance Engine - 12:00 UTC

Type: Improvement
Description: Bug Fix
Known limitations: N/A.
Affected Components  COMPLIANCE CORE SERVERLESS

Compliance Engine - 10:00 UTC

Type: Improvement
Description: Infra Improvement
Known limitations: N/A.
Affected Components  COMPLIANCE CORE 

Deployment Sep 1 2020

AWS ECR Repository - 17:00 UTC

Type: Improvement
Description: Added a new Data Fetcher to fetch AWS ECR repositories.
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components DATA FETCHERS AWS

Support AWS Regions - Cape Town and Milan - 17:00 UTC

Type: Improvement
Description: Added Support for AWS Cape Town and Milan regions.
Known limitations: N/A
Affected Components API DATA FETCHERS AWS COMPLIANCE ENGINE

Deployment Aug 31 2020

Internal Configuration Change in Compliance Core - 14:00 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components: COMPLIANCE CORE 

Generic List broken save button fix - 10:40 UTC

Type: Bug fix
Case ID:  DFT-899
Description: Fix an issue when save button was not enabled for generic list edit mode.
Known limitations: N/A
Affected Components  UI  

Deployment Aug 27 2020

AWS MQ Service entity - 12:30 UTC

Type: Improvement
Case ID:  DFR-981
Description: Added AWS MQ Service entity
Known limitations: Infra only
Affected Components  DATA FETCHERS AWS  

Azure NSG Network Assets Stats- 12:00 UTC

Type: Improvement
Case ID:  DFR-995
Description: Support network interfaces count in NSG network assets stats 
Known limitations: N/A
Affected Components  DATA FETCHERS AZURE  COMPLIANCE ENGINE

Compliance Engine Internal Configuration Change - 11:57 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components API

AWS Onboarding - permissions update - 11:47 UTC

Type: Improvement
Description: Removed actions that are now included on the AWS SecurityAudit policy and adding new permissions for new supported entities on the read only policy,  
Known limitations: N/A
Affected Components  UI  

Deployment Aug 26 2020

AWS Cognito User and Identity Pools - 14:00 UTC

Type: Improvement
Case ID:  DFR-475
Description: Added AWS Cognito User and Identity Pools support in the compliance engine

GSL Examples:

  • Cognito user pool password strength must be defined as X,Y,Z
    • CognitoUserPool should have (userPoolType.policies.passwordPolicy.requireLowercase=true and userPoolType.policies.passwordPolicy.requireNumbers=true and userPoolType.policies.passwordPolicy.requireSymbols=true)
  • Cognito user pool temporary passwords set by administrators should expire after n days if not used.
    • CognitoUserPool should have userPoolType.policies.passwordPolicy.temporaryPasswordValidityDays<=3
  • Cognito user pool settings for multi-factor authentication (MFA) must be enabled
    • CognitoUserPool should have userPoolType.mfaConfiguration='ON'
  • Cognito user pool advanced security must be enabled and block High Risk user authentications.
    • CognitoUserPool should have (userPoolType.userPoolAddOns.advancedSecurityMode='ENFORCED') and (riskConfiguration.accountTakeoverRiskConfiguration.actions.highAction.eventAction= 'BLOCK')
  • No additions to Cognito user pool advanced security IP address exception whitelist / blacklist
    • CognitoUserPool should have (riskConfiguration.riskExceptionConfiguration.blockedIPRangeList isEmpty() and riskConfiguration.riskExceptionConfiguration.skippedIPRangeList isEmpty()


Known limitations: N/A
Affected Components  DATA FETCHERS AWS  COMPLIANCE ENGINE

AWS WorkSpaces - 14:00 UTC

Type: Improvement
Case ID:  DFR-299
DescriptionAdded AWS WorkSpaces support in the Compliance Engine.

GSL Example:

  • Ensure that AWS WorkSpace is associated with an AWS Directory Service of type ‘AD Connector’:
    'Workspace should have workspaceDirectory.directoryType like 'AD_CONNECTOR''
  • Ensure that AWS WorkSpace Directory 'Reconnect Enabled' option is disabled:
    'Workspace should have workspaceDirectory.workspaceClientProperties.reconnectEnabled='DISABLED''

Known limitations: N/A

Affected Components DATA FETCHERS AWS COMPLIANCE ENGINE

Deployment Aug 25 2020

Support Permission Boundary Policies sub-model for IAMUser and IAMRole entities - 13:30 UTC

Type: Improvement
Case ID:  DFR-709
Description: Added Permission Boundary Policies enrichment for IAMUser and IAMRole entities
Known limitations: N/A
Affected Components  DATA FETCHERS AWS  COMPLIANCE ENGINE

Deployment Aug 24 2020

Support AWS Glue - 16:30 UTC

Type: Improvement
Case ID:  DFR-829
Description: Added AWS Glue entity
Known limitations: Infra only
Affected Components  DATA FETCHERS AWS  

API Internal Configuration Change - 15:25 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    API 

Log.ic. -New quick filters to AWS and Dome9 events- 7:30 UTC

Type: Improvement
Description: NA
Known limitations: NA
Affected Components LOG.IC

Deployment Aug 20 2020

Azure SQL Managed Instance - 13:00 UTC

Type: Improvement
Description: Added a new Data Fetcher to fetch Azure SQL Managed Instances.
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components DATA FETCHERS AZURE

Deployment Aug 19 2020

Support AWS NAT Gateways - 17:00 UTC

Type: Improvement
Case ID:  DFR-744
Description: Added AWS NAT Gateways entity
Known limitations: N/A.
Affected Components  DATA FETCHERS AWS COMPLIANCE ENGINE PROTECTED ASSETS

Support AWS RDS DB Snapshots - 17:00 UTC

Type: Improvement
Case ID:  DFR-291
Description: Added AWS RDS DB Snapshots entity
Known limitations: Basic, without enrichments.
Affected Components  DATA FETCHERS AWS COMPLIANCE ENGINE PROTECTED ASSETS

Support AWS Cognito User and Identity Pools - 17:00 UTC

Type: Improvement
Case ID:  DFR-475
Description: Added AWS Cognito User and Identity Pools entities
Known limitations: Infra only
Affected Components  DATA FETCHERS AWS  

Entity inspect expand by level - 5:00 UTC

Type: New Feature
Description: Adding a new dropdown for select a predefined levels to expand.
Known limitations: N/A.
Affected Components: UI 

Notifications - Google Security Command Center Integration  - 5:00 UTC

Type: New Feature
Description: Open the integration for all customers.
Known limitations: N/A.
Affected Components: UI 

Notifications - Google Security Command Center Integration  - 5:00 UTC

Type: New Feature
Description: Open the integration for all customers.
Known limitations: N/A.
Affected Components: UI 

Page not found (404) UI changes - 5:00 UTC

Type: Improvement
Description: Minor UI changes.
Known limitations: N/A.
Affected Components: UI 

Remediation creation modal bug fix - 5:00 UTC

Type: Bug fix
Case ID: DFR-875
Description: Fix an issue which preventing from saving custom bots with '-' char.
Known limitations: N/A.
Affected Components: UI 

Protected Asset - Adding new fields to export CSV report - 5:00 UTC

Type: Improvement
DescriptionExports of Protected Assets for EC2 instances now include additional fields.
The export CSV file will include fields for the OS Platform and the AWS Image Id.
These new fields will  appear in each record,  before the tag fields.

Known limitations: N/A.
Affected Components: UI 

Log.ic - New widget for Flow Logs traffic trend- 5:00 UTC

Type: New Feature
Description: New widgets that show bytes per hour
Known limitations: Support only AWS Flow Logs; soon will support K8S Flow Logs.
Affected Components: LOG.IC 

Deployment Aug 18 2020

Log.ic - schedule report - 22:00 UTC

Type: New Feature
Description: A schedule report for alerts of network and events activity. 
Known limitations: Summary and Detail reports are the same.
Affected Components: LOG.IC 

Deployment Aug 17 2020

Internal Configuration Change in Compliance Core - 14:35 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components: COMPLIANCE CORE API

Deployment Aug 12 2020

Kubernetes bug fix - 15:40 UTC

Type: Bug fix
Case ID: DFT-859
Description: Change Kubernetes entities' 'AccountNumber' field to represent CloudGuard's Kubernetes cluster ID instead of CloudGuard's Account ID.
Known limitations: N/A
Affected Components: COMPLIANCE CORE

Compliance engine fix - Lists calculation on network functions - 15:25 UTC

Type: Bug fix
Case ID: DFT-856
Description: Fix an issue when Generic and IP Lists not calculated correct in some of the GSL network function. 
Known limitations: N/A
Affected Components: COMPLIANCE CORE API

Internal Configuration Change in Compliance Core - 12:35 UTC

Type: Improvement
DescriptionAPI
Known limitations: N/A
Affected Components: COMPLIANCE CORE API

CSV Export Infra - 09:00 UTC

Type: Improvement
Description: Internal change. 
Known limitations: N/A
Affected Components:  API

Deployment Aug 11 2020

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
Description: First release of the Terraform AWS CIS Foundations for static assessment of your cloud workloads. As part of this ruleset we have added 20 new rules across various services in AWS. Additionally we have made changes to existing rules, a complete list can be found here
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Internal Configuration Change in API Project - 12:44 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components: API

Internal Configuration Change in AWS Inspector - 11:00 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components: DATA FETCHERS AWS 

Support AWS CloudTrail tags - 10:00 UTC

Type: Improvement
Case ID:  DFT-824
Description: Added Tags support for AWS CloudTrail entity
Known limitations: N/A.
Affected Components  DATA FETCHERS AWS 

Support AWS Elastic IP tags - 10:00 UTC

Type: Improvement
Case ID:  DFT-824
Description: Added Tags support for AWS Elastic IP entity
Known limitations: N/A.
Affected Components  DATA FETCHERS AWS 

AWS S3 Bucket - Object Level Logging - 10:00 UTC

Type: Bug Fix
Description: Fixed an issue with AWS S3 Bucket Compliance Entity. Bad handling of the bucket Prefix field in Cloud Trail Data Events, caused the value of Object Level Logging to be false.
Known limitations: N/A.
Affected Components  COMPLIANCE CORE API

Deployment Aug 6 2020

User List - 16:00 UTC

Type: Bug
Description: A user that was added is not displayed in the users list fix.
Known limitations: N/A
Affected Components    USER MANAGEMENT  

Posture Management Pages Redesign - 16:00 UTC

Type: Improvement
Description: All sub menu pages for Posture Management buttons have been redesigned
Known limitations: N/A
Affected Components    POSTURE MANAGEMENT  

Dashboard Widget Scroll - 16:00 UTC

Type: Improvement
Description: Now will show a scroll for a widget only when hovering the widget
Known limitations: N/A
Affected Components    DASHBOARD  

Deployment Aug 5 2020

Compliance Engine Internal Configuration Change - 10:12 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE CORE  API

Deployment Aug 4 2020

 Support Route53 Domain, Hosted Zone and Recordset Group Tags - 08:30 UTC

Type: Improvement
Case ID:  DFT-824
Description: Added support for Tags to Route53 Domain, Hosted Zone and Recordset Group entities
Known limitations: N/A.
Affected Components  DATA FETCHERS AWS 

Deployment Aug 3, 2020

 New multi Trend Widget - 09:30 UTC

Type: Improvement
Description: Added new dashboard widget with multi trend line options
Known limitations: N/A.
Affected Components  DASHBOARD 

Deployment Jul 30, 2020

AWS Access Analyzer - 11:30 UTC

Type: Improvement
Description

  • Added AWS Access Analyzer Integration into the Compliance Engine.
  • AWS Access Analyzers are now part of the 'Region' entity and are listed under the 'accessAnalyzers' field.
  • Supported AWS entities includes a new field called 'accessAnalyzerFindingCount' which holds the amount of Active findings for the entity.
  • Findings count is supported for the following entities: IamRole, S3Bucket, Lambda, KMS, Sqs.
  • IamRole findings are distinct across regions to avoid finding duplication.

GSL Example:

  • Ensure that AWS Access Analyzer is enabled on region:
    'Region should have accessAnalyzers contain [ status='ACTIVE' ]'
  • Ensure that AWS IAM Roles does not have active findings:
    'IamRole should not have accessAnalyzerFindingCount>0'

Known limitations:

  • Only Account level Analyzers and Findings are fetched. Organization Analyzers are not supported.

Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Deployment Jul 29, 2020

Continuous Compliance fix - 18:50 UTC

Type: Bug fix
Description: Fixing an issue that caused the system to skip accounts using special configuration.
Known limitations: N/A.
Affected Components  COMPLIANCE CORE 

Support AWS ECS Task Tags - 09:30 UTC

Type: Improvement
Case ID:  DFT-824
Description: Added Tags support for AWS ECS Task entity
Known limitations: N/A.
Affected Components  DATA FETCHERS AWS 

Deployment Jul 27, 2020

Dome9 Icon Replacement - 16:00 UTC

Type: Bug 
Description: Replacing old Dome9 icons with CloudGuard icons
Known limitations: N/A.
Affected Components  BRAND 

IP List  - 16:00 UTC

Type: Bug Fixes
Description: Multiple bug fixes within the new IP List page:

  • Invalid value field marked in red
  • Clone ip list
  • Create new ip list from assign modal
  • Security Group link to the new ip list
  • New ip list autofocus 

Known limitations: N/A.
Affected Components  IP LIST 

Compliance Engine - 15:00 UTC

Type: Improvement
Description: Infra Improvement

Known limitations: N/A.
Affected Components  COMPLIANCE CORE API

Azure Security Groups Management Infrastructure Improvement- 13:30 UTC

Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components  AZURE SECURITY GROUP MANAGEMENT  API

Protected Assets - Index Azure VM operating system - 06:30 UTC

Type: Improvement
Description: Index Azure VM operating system
Known limitations: N/A
Affected Components  DATA FETCHERS AZURE  PROTECTED ASSETS 

Deployment Jul 26, 2020

Protected Assets - Index AWS EC2 Instance platform - 13:30 UTC

Type: Improvement
Description: Index AWS EC2 instance platform
Known limitations: N/A
Affected Components  DATA FETCHERS AWS  PROTECTED ASSETS

Compliance Engine - 13:00 UTC

Type: Bug Fix
Description: Fixed internal issues that caused assessment failures on the following entities: AWS IamUser, AWS EcsService, GCP IamUser.

Known limitations: N/A.
Affected Components  COMPLIANCE CORE API

segregated

Deployment Jul 22, 2020

AWS Security Group - Can't Add DNS For A New Service  - 17:55 UTC

Type: Bug Fix
Case ID: DFT-839
Description: Fix for an issue when adding a new service, can't add DNS.
Known limitations: N/A
Affected ComponentsUI 

Integration Infrastructure - Internal Configuration Change - 13:30 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

Deployment Jul 21, 2020

Compliance SNS Notification - Reduce Payload Size  - 16:30 UTC

Type: Improvement
Case ID: DFT-839
Description: SNS supported messages up to 256kb, we issued a fix to reduce large entities which prevented from sending.
Known limitations: N/A
Affected ComponentsCOMPLIACNE INTEGRATION 

Pie Widget Update - 16:00 UTC

Type: Improvement
Description: Changes to the Pie widget legend and tooltip
Known limitations: N/A
Affected ComponentsDASHBOARD 

Serverless Menu Item - 16:00 UTC

Type: Feature
Description: Lambda code scan is now available under Serverless menu item
Known limitations: N/A
Affected ComponentsSERVERLESS 

Dashboard Sections Styling - 16:00 UTC

Type: Improvement
Description: We made changes to the dashboard sections styling as we emphasize the borders between widgets
Known limitations: N/A
Affected ComponentsDASHBOARD 

HTTP Endpoint Integration - Internal Configuration Change - 08:00 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATIONS 

New Security Group view - 10:00 UTC

Type: Improvement
Description: The design has changed to be the same as the default view. 
Known limitations: N/A
Affected ComponentsSECURITY GROUP MANAGEMENT  

Add events and traffic activity to the Security Group view - 10:00 UTC

Type: Improvement
Description: New tabs for event and accounts activity. 
Known limitations: N/A
Affected ComponentsSECURITY GROUP MANAGEMENT  LOG.IC

Add events and traffic activity to the NIC and VPC views - 10:00 UTC

Type: Improvement
Description: New tabs for event and accounts activity. 
Known limitations: N/A
Affected ComponentsPROTECTED ASSETS LOG.IC

Ticketing System Integration - Internal Configuration Change - 11:50 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

 Console Alert - Internal Configuration Change - 11:50 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

 Console Alert - Internal Configuration Change - 11:50 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

 GCP Security Command Center - Internal Configuration Change - 12:30 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

Deployment Jul 20, 2020

HTTP End Point Integration - Internal Configuration Change - 14:10 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

Security Hub Integration - Internal Configuration Change - 14:10 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

Compliance Engine - Azure VMSSInstance - 11:30 UTC

Type: Bug Fix
Description: Fixed an internal issue with Azure VMSSInstance entity.

Known limitations: N/A.
Affected Components  COMPLIANCE CORE API

Network Security - IPV6 Security Groups - 11:30 UTC

Type: Improvement
Description:

  • Added IP Lists support for IPv6 Security Groups.
  • Added Tags Management support for IPv6 Security Groups.

Known limitations: N/A.
Affected Components  AWS SECURITY GROUP MANAGEMENT 

Deployment Jul 19, 2020

Compliance Notifier - Internal Configuration Change - 19:45 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected ComponentsCOMPLIANCE INTEGRATIONS 

Slack Integration - Internal Configuration Change - 19:40 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components COMPLIANCE INTEGRATIONS

HTTP Endpoint Integration - Internal Configuration Change - 19:30 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components:  COMPLIANCE INTEGRATIONS 

Deployment Jul 17, 2020

PREVIEW

AWS SageMaker Training Job - 14:20 UTC

Type: Bug Fix
Description: Disabling tags support due to performance issues.

Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Deployment Jul 16, 2020

Text Filter Italic Text Fix  - 15:40 UTC

Type: Bug
Description: When searching free text in the filter panel the text was talic for a short time
Known limitations: N/A
Affected Components FILTER PANEL 

Combo Box Keyboard Support - 15:40 UTC

Type: Improvement
Description: We have added common keyboard keys support to our combo box (such as enter, escape etc)
Known limitations: N/A
Affected Components COMPONENTS 

Home Dashboard Updated - 15:40 UTC

Type: Improvement
Description: We have updated the predefined home dashboard
Known limitations: N/A
Affected Components DASHBOARD 

HTTP Endpoint Notification - Support self-signed certificates selection test button - 09:40 UTC

Type: Improvement
Description: Endpoint test button support the new checkbox for allowing self-signed certificates. 
Known limitations: N/A
Affected Components HTTP ENDPOINT UI

Deployment Jul 15, 2020

HTTP Endpoint Notification - Allow self-signed certificates for HTTP Endpoint notifications - 13:40 UTC

Type: Improvement
Description: Added checkbox for allowing self-signed certificates for HTTP Endpoint notifications. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS  API UI

Compliance Engine Internal Configuration Change - 07:20 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE CORE  API

Deployment Jul 14, 2020

Removed Alerts/Protected Assets/Log.ic/Overview Dashboard - 16:25 UTC

Type: Improvements
Description: Dashboard from the above pages migrated to main home dashboard.
Known limitations: N/A
Affected Components   DASHBOARD

Dashboard Sections - 16:25 UTC

Type: Improvements
Description: Added widgets sections to dashboard
Known limitations: N/A
Affected Components   DASHBOARD

Cloud Account Page Actions Buttons - 16:25 UTC

Type: Bug
Description: Fixed an issue that buttons are clickable only when hovering the buttons text
Known limitations: N/A
Affected Components   CLOUD ACCOUNTS

Kubernetes Account Rename - 16:25 UTC

Type: Bug
Case ID:  DFT-803
Description: Fixed renaming  kubernetes account name
Known limitations: N/A
Affected Components   KUBERNETES

IE11 Rename Cloud Account - 16:25 UTC

Type: Bug
Case ID:  DFT-8
Description: Fixed renaming cloud account name on ie11
Known limitations: N/A
Affected Components   CLOUD ACCOUNT

Tags support for AWS VPC Endpoint entity - 14:25 UTC

Type: Improvements
Case ID:  DFT-824
Description: Added Tags support for AWS VPC Endpoint entity
Known limitations: N/A
Affected Components   DATA FETCHERS AWS

Tags support for AWS EKS Cluster entity - 14:25 UTC

Type: Improvements
Case ID:  DFT-824
Description: Added Tags support for AWS EKS Cluster entity
Known limitations: N/A
Affected Components   DATA FETCHERS AWS

Performance improvements for OU permissions - 14:25 UTC

Type: Bug Fix and improvements
Case ID:  DFT-798, DFT-832
Description: Fixing several components that caused latency on cloud accounts, security groups and protected assets pages. 
Known limitations: N/A
Affected Components    API CLOUD ACCOUNT PAGE SECURITY GROUPS PAGE SECURITY GROUPS PAGE

AWS KMS - several bug fixes  - 05:00 UTC

Type: Bug Fix
Case ID:  DFT-843, DFT-838
Description: Fixing several components with redeploy.
Known limitations: N/A
Affected Components    DATA FETCHERS AWS 

Deployment Jul 13, 2020

Compliance Scheduled Assessment Report Internal Configuration Change - 14:22 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    SCHEDULED ASSESSMENT REPORT 

Deployment Jul 12, 2020

AWS S3 Bucket - 14:30 UTC

Type: Bug
Description: Fixed an issue with AWS S3 buckets fetching on optional regions.

Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS

Assets Billing Infra Improvement - 12:15 UTC

Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components  API

Compliance Engine Internal Configuration Change - 12:00 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE CORE  API

Deployment Jul 09, 2020

Cloud Account Page - 15:00 UTC

Type: Improvement
Description: DFR-1013 hiding serverless and iam safety from non AWS accounts
Known limitations: N/A
Affected Components      CLOUD ACCOUNTS

PREVIEW

Home Dashboard - Infrastructure Preparation for section feature - 16:00 UTC

Type: Improvement
Description: Infrastructure improvements for section separation support within the Dashboard. 
Known limitations: N/A
Affected Components    API  UI

API Internal Configuration Change - 7:45 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    API 

Deployment Jul 08, 2020

Protected Asset Detail Page - 16:35 UTC

Type: Improvement
Description: Asset details page load each tab on request for performance 
Affected ComponentsPROTECTED ASSETS 

Dashboard And Serverless Icons - 16:35 UTC

Type: Improvement
Description: Menu icons updated for Dashboard and Serverless
Affected ComponentsMENU 

Save Favorite Filter - 16:35 UTC

Type: Bug
Description: Save favorite filter button showed the wrong text
Affected ComponentsFILTER PANEL 

Added Azure Bots - 16:35 UTC

Type: Improvement
Description: Azure bots added to the uI
Affected ComponentsCLOUDBOTS 

On boarding AWS in Japanese - 16:35 UTC

Type: Bug
Description: The Japanese instruction for AWS onboarding shows one section in HTML syntax
Affected ComponentsONBOARDING 

Type: Improvement
Description: Within the alerts page each CVE has a link to an external link for the CVE definition 
Affected ComponentsALERTS 

AWS DynamoDb Table Tags - 15:30 UTC

Type: Improvement
Description: Added support for AWS DynamoDb Table Tags.

Known limitations: Need to add "dynamodb:ListTagsOfResource" permission to Dome9 read only policy. 
Affected ComponentsDATA FETCHERS AWS COMPLIANCE ENGINE

AWS S3 Bucket Account Public Access Block - 15:30 UTC

Type: Improvement
Description

  • Added support for AWS S3 Bucket Account Public Access Block.

GSL Example:

  • Ensure that AWS S3 Bucket block public ACLs is enabled at the account level or at the Bucket level:
    'S3Bucket should have ( accountAccessPublicBlock.blockPublicAcls=true or accessPublicBlock.blockPublicAcls=true )'

Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

PREVIEW

AWS SageMaker Training Job - 14:00 UTC

Type: Improvement
Description

  • Added support for AWS SageMaker Training Job entity.

GSL Example:

  • Ensure that AWS SageMaker Training Job Network Isolation is enabled:
    'SageMakerTrainingJob should have enableNetworkIsolation=true'
  • Ensure that AWS SageMaker Training Job Inter Container Traffic Encryption is enabled:
    'SageMakerTrainingJob should have enableInterContainerTrafficEncryption=true'

Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Remediation - Add new Azure bots to the predefined list - 12:15 UTC

Type: Improvement
Description: Add the following bots (please find the full documentation here):
  modify_network_security_group_scope_by_port
  postgres_enable_connection_throttling
  postgres_enable_log_connections
  postgres_enable_log_disconnections
  postgres_enable_log_duration
  postgres_enable_log_retention_days_7
  postgres_enforce_ssl_connection
  postgres_enforce_ssl_connection_tls_12
  sql_enable_data_encryption
Known limitations: N/A
Affected ComponentsUI


Protected Asset Page - Improve Performance - 12:15 UTC

Type: Improvement
Description: Improve the Asset Details page loading time. 
Known limitations: N/A
Affected Components    UI 

Deployment Jul 07, 2020

Compliance Engine Internal Configuration Change - 11:15 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS 

Compliance Engine Internal Configuration Change - 08:22 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE ENGINE 

Deployment Jul 06, 2020

Security Groups In Protected Assets Page - 15:57 UTC

Type: Bug
Description: Protected assets page displayed security groups as asset type
Known limitations: N/A 
Affected ComponentsPROTECTED ASSETS 

Added Cloud Infra User Interface - 15:57 UTC

Type: Improvement
Description: Added UI interface for adding users from Cloud Infra
Known limitations: N/A 
Affected ComponentsCLOUD INFRA 

Slack Integration Minor UI Changes - 13:57 UTC

Type: Improvement
Description: Icon and some other minor UI changes.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATIONS 

Plan Exceeded - Account Notification - 06:30 UTC

Type: Improvement
Description: Adding usage alert that can be disabled for 30 days.
Known limitations: N/A 
Affected ComponentsUI 

Deployment Jul 05, 2020

AWS EBS Snapshot - 14:00 UTC

Type: Improvement
Description: Added support for AWS EBS Snapshot entity.
GSL Example:

  • EbsSnapshot where volumeId in('vol-1234567', 'vol-12351167') should have encrypted='true'
  • EbsSnapshot where volumeId in('vol-1234567', 'vol-12351167') should have encryptionKey.isCustomerManaged='true'


Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Deployment Jun 30, 2020

Compliance reports Internal Configuration Change - 15:50 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE REPORTS 

Azure SQL Server - Added new property - 14:20 UTC

Type: Improvement
Description: Added Deny Public Network Access property. 
Known limitations: N/A
Affected Components    DATA FETCHERS AZURE COMPLIANCE

Azure SQL Server - Fixed a typo - 14:20 UTC

Type: Bug fix
Case ID: DFT-118
Description: Added Deny Public Network Access property. 
Known limitations: N/A
Affected Components    DATA FETCHERS AZURE COMPLIANCE

Compliance Engine Internal Configuration Change - 08:50 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE ENGINE 

Compliance Engine Internal Configuration Change - 07:30 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE ENGINE 

Switch for the new version of Clarity - 08:30 UTC

Type: Improvement
Description: switch for the new version of Clarity (old version has removed).
Known limitations: N/A
Affected Components    CLARITY 

Deployment Jun 29, 2020

Widget Tooltip Overflow - 16:55 UTC

Type: Bug 
Description: When hovering an item in Top/Latest widget in some cases the tooltip text overflows the container.
Known limitations: N/A.
Affected Components DASHBOARD           

Kubernetes Image In Protected Assets - 16:55 UTC

Type: Improvement
Case ID: DFR-950
Description: Kubernetes object should show findings in protected assets page
Known limitations: N/A 
Affected ComponentsKUBERNETES

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
Description: First release for AWS CCPA Framework and AWS MAS TRM Framework. We have also added 21 new rules across platforms and additionally we have made changes to existing rules, a complete list can be found here

A fix for Japanese Rulesets were made as part of the AWS Best Practices Rulesets and AWS Network Alerts. 

Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

API Internal Configuration Change - 12:00 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    API 

Improve service normalization in IPV6 security groups - 11:00 UTC

Type: Improvement
Description: Improve service normalization in IPV6 security groups.
Known limitations: N/A.
Affected Components  API  AWS NETWORK SECURITY

Support EC2 Instances Export To CSV  - 06:45 UTC

Type: Improvement
Description: EC2 instances export to CSV
Known limitations: N/A
Affected Components    API 

Deployment Jun 28, 2020

Compliance Engine Internal Configuration Change - 20:24 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE ENGINE 

Compliance Engine Internal Configuration Change - 16:48 UTC

Type: Improvement
Description: Change internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS 

Aws SageMaker Notebook Tags - 13:55 UTC

Type: Bug Fix
Case ID: DFT-823
Description: Fixed a bug in SageMaker Notebook data fetcher. Bad handling of Notebook tags caused some accounts to fail on entities fetching.
Known limitations: N/A.
Affected Components DATA FETCHERS AWS           

Account Page - Adding AWS Lambda Function to Billable Calculation - 12:45 UTC

Type: Improvement
Description: Billable AWS Lambda functions calculation will take an effect in all page graphs.
Known limitations: N/A
Affected ComponentsUI

Billable Assets - Adding AWS Lambda Function to Billable Calculation - 08:00 UTC

Type: Improvement
Description: Now all AWS Lambda functions will marked as isBillable:True, the billing will calculated according to the catalog calculation.
Known limitations: N/A
Affected ComponentsAPI UI

Deployment Jun 25, 2020

Logic AWS - write event or protocol on the link between two assets - 11:00 UTC

Type: Improvement
Description: Write on the link between 2 assets the event for Cloudtrail and the protocol for Flow Logs
Known limitations: N/A
Affected Components    LOG.IC 

Deployment Jun 24, 2020

Loading Indicator Replaced - 15:00 UTC

Type: Improvement
Description: While system is loading you will see 3 bouncing dots
Known limitations: N/A
Affected Components    SYSTEM 

Dashboard Menu Order Changed - 15:00 UTC

Type: Improvement
Description: Now the add widget action is on top and the 'New' dashboard button text replaced with 'New Dashboard'
Known limitations: N/A
Affected Components    DASHBOARD 

Widget Click Opens On The Same Page - 13:00 UTC

Type: Improvement
Description: Clicking on a Widget or System Search will go to relevant page in the same browser tab.
Known limitations: N/A
Affected Components    DASHBOARD 

Deployment Jun 23, 2020

Sync Failures In Assessment Result - 16:00 UTC

Type: Bug Fix
Case ID: DFT-829
Description: Fixed an issue that caused assessment result to indicate about entities sync failures.
Known limitations: N/A
Affected Components    COMPLIANCE ENGINE 

Dome9 Icon Replaced With CloudGuard - 18:10 UTC

Type: Improvement
Description: System dome9 icon has been replaced with check point's cloud guard icon.
Affected Components    SYSTEM 

Widget Icons - 13:10 UTC

Type: Improvement
Description: Extended the top/latest widget icon support
Known limitations: N/A
Affected Components    DASHBOARD 

Deployment Jun 22, 2020

Widget Preview - 18:10 UTC

Type: Bug Fix
Description: Widget preview with date or free text filter had no effect.
Known limitations: N/A
Affected Components  DASHBOARD 

Widget Resize by Drag & Drop - 18:10 UTC

Type: Improvement
Description: Now you can resize your widget by drag and drop via mouse.
Known limitations: Pie chart legend now always displayed after resize
Affected Components    DASHBOARD 

Compliance Engine Internal Configuration Change - 13:10 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS 

AWS Secret Manager - 10:30 UTC

Type: Improvement
Description

  • Added support for AWS Secret Manager entity.

GSL Example:

  • Ensure that AWS Secret Manager Secret rotation is enabled:
    'SecretManager should have rotationEnabled=true'
  • Ensure that AWS Secret Manager Secret rotation interval is smaller than 30 days:
    'SecretManager should have rotationRules.automaticallyAfterDays<30'

Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Deployment Jun 21, 2020

Slack Integration UI - 17:25 UTC

Type: New Feature
Description: Added the new Slack integration to the Notification's UI.
Known limitations: Preview.
Affected Components  COMPLIANCE INTEGRATIONS

AWS KMS  - 13:15 UTC

Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS   COMPLIANCE

New Feature - Slack Integration - 11:40 UTC

Type: New Feature
Description: Added new integration with Slack for Compliance Policies, this will allow customer to get immediate report for any identified changes.
Known limitations: UI will support later on today.
Affected Components  COMPLIANCE INTEGRATIONS

Compliance Engine Configuration Change - 06:45 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE ENGINE 

Deployment Jun 19, 2020

Compliance Engine Internal Configuration Change - 08:20 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS  COMPLIANCE CORE API

Deployment Jun 18, 2020

Add/Edit Widget Preview - 14:06 UTC

Type: Improvement
Description: Now when you add or edit a widget you will see a preview of the result before saving.
Known limitations: N/A
Affected Components    DASHBOARD 

API optimization - added new configuration - 12:06 UTC

Type: Improvement
Description: Adding internal configuration. 
Known limitations: N/A
Affected Components    API 

Azure VM Scale Set Instance- 11:30 UTC

Type: Bug Fix
Case ID: DFT-816
Description: Add missing Public IP Address data for Azure VMSSInstance in compliance model
Known limitations: N/A
Affected Components  COMPLIANCE 

Compliance Engine Internal Configuration Change - 10:30 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS 

Deployment Jun 17, 2020


Azure SQL Server and DB  - 15:30 UTC

Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected ComponentsDATA FETCHERS AZURE   

Compliance Engine Internal Configuration Change - 12:50 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS 

Deployment Jun 16, 2020

Disabled Permission Validation For Kubernetes - 14:15 UTC

Type: Improvement
Description: Validate permission button is now disabled for kubernetes.
Known limitations: N/A
Affected Components  PERMISSIONS   

A Null Cloud Account For Kubernetes Alert - 14:00 UTC

Type: Bug
Description: Expanding a kubernetes alert would give a null value for cloud account field.
Known limitations: N/A
Affected Components   ALERTS  

Corrupted Tabs In Protected Assets Page - 14:00 UTC

Type: Bug
Description: When opening multiple tabs in protected assets page they would be corrupted.
Known limitations: N/A
Affected Components   PROTECTED ASSETS  

System Search Shortcut Keys Replaced - 14:00 UTC

Type: Improvement
Description: For system search click ALT + /
Known limitations: N/A
Affected Components   SYSTEM  

Deployment Jun 14, 2020

Compliance Engine Internal Configuration Change - 08:15 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components  API  COMPLIANCE CORE 

Logic - integrate account and event activity in protected assets view - 08:00 UTC

Type: New Feature
Description: New tabs in asset scope of account and events activity. 
Known limitations: N/A
Affected Components   LOG.IC  

Clarity -Bug fixes - 08:00 UTC

Type: Bug
Description: Zoom functionality when entering to Clarity, Load Balancer classification, show details of the link. 
Known limitations: N/A
Affected Components   CLARITY  

Deployment Jun 11, 2020

No Scroll On X-Axis On Small Screens Fix - 16:35 UTC

Type: Bug
Description: When viewing filtered table content on small screen it was not possible to see the entire data of the table and a scroll on the x-axis was missing.
Known limitations: N/A
Affected Components   DASHBOARD  

Dashboard Top Bar Redesign - 16:35 UTC

Type: Improvement
Description: Top dashboard action bar rearranged 
Known limitations: N/A
Affected Components   DASHBOARD  

Cross System Search - 16:35 UTC

Type: Improvement
Description: Now you can search cross system by clicking SHIFT + S anywhere in the application.
Known limitations: N/A
Affected Components   COMPONENTS  

Compliance Engine Internal Configuration Change - 15:55 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components   CONTINUOUS COMPLIANCE  

Deployment Jun 10, 2020

GCP IAM User, Group and Policy  - 13:30 UTC

Type: Improvement
Description: GCP IAM user, group and policy are available in protected assets
Known limitations: N/A
Affected Components  PROTECTED ASSETS    

Azure VM Scale Set Instance- 12:30 UTC

Type: Improvement
Case ID: DFR-909
Description: Add new compliance model for VMSSInstance and add it to NSG stats
Known limitations: N/A
Affected Components  COMPLIANCE    

Compliance Engine Internal Configuration Change - 10:00 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components  API  CONTINUOUS COMPLIANCE  

Logic - added support for Firefox - 10:00 UTC

Type: Improvement
Description: N/A. 
Known limitations: N/A
Affected Components  LOG.IC    

Deployment Jun 9, 2020

Compliance Engine Internal Configuration Change - 18:50 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components  API   

License system integration - 18:00 UTC

Type: Improvement
Description: Some changes in Log.ic eval (trial) licenses.
Known limitations: N/A
Affected Components API 

Kubernetes - Agent status API - 12:00 UTC

Type: New Feature
Description: Added a new API which gets the agent’s status.

  • Agent status

  • Is the agent up to date

  • Creation time

  • Last communication time

  • version

Known limitations: NA
Affected ComponentsAPI   

Logic - Anomaly detection for AWS Flow Logs. Beta - 10:30 UTC

Type: New Feature
Description: A new Ruleset of anomaly detection per port per asset.
Known limitations: NA
Affected ComponentsLOG.IC   

AWS SQS - 08:00 UTC

Type: Improvement
Description: Excluding unsupported regions enrichment
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS   

AWS Fetching System Improvement - 07:15 UTC

Type: Improvement
Description: Fetch data based on region activity. 
Known limitations: Not supported in AWS Security Group
Affected ComponentsDATA FETCHERS AWS   

Deployment Jun 8, 2020

AWS Fetching System Improvement - 12:30 UTC

Type: Improvement
Description: Fetch data based on region activity. 
Known limitations: Not supported in AWS Inspector and Security Group
Affected ComponentsDATA FETCHERS AWS   

License system integration - 11:00 UTC

Type: Improvement
Description: Added support for Log.ic eval (trial) licenses.
Known limitations: N/A
Affected Components API 

Account page - Billable assets fixes - 08:28 UTC

Type: Bug fix
Case ID: DFT-786
Description: Fixing SQL and RDS which were not marked as a billable for some accounts. 
Known limitations: N/A
Affected Components  API  

Account Permission Validation - Added API  - 0740 UTC

Type: Improvement
Description: Added new API to validate cloud account permissions.
Known limitations: N/A
Affected ComponentsAPI

Azure SQL Server and DB  - 07:30 UTC

Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected ComponentsDATA FETCHERS AZURE   COMPLIANCE

Deployment Jun 7, 2020

Compliance Engine Internal Configuration Change - 07:28 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components  API  COMPLIANCE CORE 

Deployment Jun 4, 2020

Alerts Internal Change - 12:30 UTC

Type: Improvement
Description: Added Internal properties that will be introduced in future new releases.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ALERTS

AWS Fetching System Improvement - 12:20 UTC

Type: Improvement
Description: Fetch data based on region activity. 
Known limitations: N/A
Affected Data Fetchers: Elasticsearch, Kinesis Stream and SNS.
Affected ComponentsDATA FETCHERS AWS   

Compliance Engine Internal Configuration Change - 07:28 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components  API  COMPLIANCE CORE 

Deployment Jun 3, 2020

Kubernetes Dashboard - 16:15 UTC

Type: Improvment
Description: New predefined Kubernetes Dashboard 
Known limitations: N/A
Affected Components  DASHBOARD   

Association to OU for GCP accounts is corrupted - 14:15 UTC

Type: Bug Fix
Case Id: DFT-814
Description: Association to OU calls hang forever in browser for GCP projects
Known limitations: N/A
Affected Components  CLOUD ACCOUNTS   

Populate Private IP for GCP VM Instance - 13:15 UTC

Type: Bug Fix
Case Id: DFT-815
Description: Show GCP VM Instance private IPs in Protected asset page.
Known limitations: N/A
Affected Components  PROTECTED ASSETS   

AWS Transit Gateway - 11:10 UTC

Type: Improvement
Description

  • Added support for AWS Transit Gateway entity.
  • Added additional property to AWS VPC entity named 'transitGateways'. It includes a list of attached Transit Gateways.

GSL Example:

  • Ensure that AWS Transit Gateway route tables does not include static routes:

'TransitGateway should not have transitGatewayRouteTables contain [ routes contain [ type='static' ] ]'


Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Logic - added support for AWS SAML users- 08:00 UTC

Type: Improvement
Description: Logic separates and identity SAML user identity. 
Known limitations: N/A
Affected Components    LOG.IC 

Deployment Jun 2, 2020

Rule Engine Improvement - Adding Infrastructure for new features- 16:00 UTC

Type: Improvement
Description: Added infrastructure for new features on the way. 
Known limitations: N/A
Affected Components    RULE ENGINE API

Compliance Integration Internal Configuration Change - 13:59 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS 

Add "Sync Now" support for GCP Firewall Rules- 09:30 UTC

Type: Improvement
Description: GCP Firewall Rules fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components  DATA FETCHERS GCP   

K8s Image Rule Engine Improvement - 07:30 UTC

Type: Improvement
Description: Increase internal limitation
Known limitations: N/A
Affected Components    RULE ENGINE 

AWS ECS Cluster - 05:30 UTC

Type: Improvement
Description: Fetch data based on region activity
Known limitations: N/A
Affected Components  DATA FETCHERS AWS   

Deployment Jun 1, 2020

Add "Sync Now" support for GCP Cloud Network - 15:00 UTC

Type: Improvement
Description: GCP Cloud Network fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components  DATA FETCHERS GCP   

AWS SQS - 11:15 UTC

Type: Improvement
Description: Fetch data based on region activity
Known limitations: N/A
Affected Components  DATA FETCHERS AWS   

Compliance Engine Internal Configuration Change - 09:22 UTC

Type: Improvement
Description: Change some internal configuration. 
Known limitations: N/A
Affected Components  API  COMPLIANCE CORE 

Deployment May 31, 2020


HTTP Endpoint Integration Improve Monitoring Capabilities - 18:35 UTC

Type: Improvement
Description: Add some metrics to improve the component's monitor capabilities. 
Known limitations: N/A
Affected Components  COMPLIANCE HTTP ENDPOINT INTEGRATION

Protected assets - Added AWS ENI private and public IP support   - 15:45 UTC

Type: Improvement
Description: Add support for AWS Network interface and their associated IP's on index and on CSV report. 
Known limitations: N/A
Affected Components  DATA FETCHERS AWS  PROTECTED ASSETS

AWS IAM Users and Roles  - 09:15 UTC

Type: Improvement
Description: Add support for AWS IAM user and role tagging in Compliance 
Known limitations: N/A
Affected Components  DATA FETCHERS AWS  COMPLIANCE ENGINE

Deployment May 28, 2020

Summary/Gauge Widget Thresholds  - 11:45 UTC

Type: Improvement
Description: New Implementation to Summary and Gauge widgets thresholds
Known limitations: N/A
Affected Components  DASHBOARD

Deployment May 27, 2020

Internal changes for several components  - 10:53 UTC

Type: Improvement
Description: Improving internal configuration to reduce dependancies.
Known limitations: N/A
Affected Components  ALL SYSTEM

Deployment May 26, 2020

Azure SQL Server and DB  - 16:00 UTC

Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected ComponentsDATA FETCHERS AZURE   COMPLIANCE

Default Dashboard Cross System Text Search - 16:00 UTC

Type: Improvement
Description: In your default home dashboard page you can now search free text across multiple pages
Known limitations: N/A
Affected ComponentsDASHBOARD   

Deployment May 25, 2020

Compliance Integrations Internal Configuration Change - 14:50 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS   

Fetching System Improvement - 12:00 UTC

Type: Improvement
Description: Performance Improvement
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP 

Rule Engine Improvement - 11:00 UTC

Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components   RULE ENGINE

Rule Engine Improvement - 07:05 UTC

Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components   RULE ENGINE

Deployment May 24, 2020

Fetching System Improvement - 17:30 UTC

Type: Improvement
Description: Performance Improvement
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP 

Deployment May 21, 2020

Widget Filters To Be Based on Inventory- 16:00 UTC

Type: New Feature
GA: DFR-883
DescriptionWidgets with Alerts data source are now based on database inventory instead of findings. 
Known limitations: N/A
Affected ComponentsDASHBOARD 

AWS Config Settings support in Compliance Engine - 13:00 UTC

Type: Improvement
DescriptionAdded AWS Config Settings entity to Compliance Engine.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Compliance Alert Validate and Fix Internal Configuration Change - 09:55 UTC

Type: Improvement
Description: Internal changes for the compliance alert's machanizem validator.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ALERTS

Deployment May 20, 2020

AWS Organization - Accounts Data Fetcher - 15:00 UTC

Type: Improvement
Description: Increased the maximum amount of accounts for each Organization master account.
Known limitations: N/A.
Affected Components DATA FETCHERS AWS   

Intercom - 14:00 UTC

Type: Improvement
Description: Improve throttling errors handling.
Known limitations: N/A.
Affected Components INTERCOM   

Compliance Integrations Internal Configuration Change - 11:53 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS   

Azure Users support in Compliance Engine - 11:00 UTC

Type: Improvement
DescriptionAdded Azure User entity to Compliance Engine.
Known limitations:

  1. To view Azure Users details, Dome9 App Registration should be granted API permissions for Microsoft Graph APIs.
  2. Admin consent is required to use those APIs: 
    1. 'Directory.Read.All'
    2. 'Reports.Read.All'

Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE API

Rule Engine Improvement - 10:08 UTC

Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components   RULE ENGINE

UI Internal Configuration Change - 07:56 UTC

Type: Bug Fix
Description: Minor change in the UI configuration data.
Known limitations: N/A.
Affected Components  UI

Deployment May 19, 2020

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
Description: As part of the new agent for  Kubernetes , we have added 6 new rules based on RBAC roles to Kubernetes CIS 1.5.1 ruleset, you can find the details here.


Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

On boarding AWS China account fix - 15:30 UTC

Type: Bug Fix
Case Id: DFT-715
Description: Fixed an issue for handling empty cloud account in China.
Known limitations: N/A.
Affected Components AWS ON BOARDING  

Rule Engine Improvement - 09:33 UTC

Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components   RULE ENGINE

AWS SQS and SNS - 06:30 UTC

Type: Bug Fix
Description: Fix SQS and SNS Key mapping in compliance model
Known limitations: N/A.
Affected Components   RULE ENGINE

Deployment May 18, 2020

Wrong Asset Types Widget Filters - 16:35 UTC

Type: Bug
Description: When adding a widget with Protected Assets as the data source - the Asset Type filter would show wrong asset type values.
Known limitations: N/A.
Affected Components DASHBOARD   

Add Widget Modal Style - 16:35 UTC

Type: Improvement
Description: Add widget modal style changes
Known limitations: N/A.
Affected Components DASHBOARD   

Compliance Integrations Internal Configuration Change - 14:35 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS   

AWS Organization support in Compliance Engine - 14:00 UTC

Type: Improvement
DescriptionAdded AWS Organization and Account entities to Compliance Engine.
Known limitations: AWS Organization information is visible only for the Organization master account.
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Fetching System Improvement - 13:45 UTC

Type: Improvement
Description: Performance improvement
Known limitations: N/A.
Affected Components  DATA FETCHERS AWS

Logic now supports the new versions of AWS Flow Logs - 08:00 UTC

Type: New Feature
Description: Customers can on-board the new version of AWS Flow Logs.
Known limitations: N/A.
Affected Components LOG.IC  

Deployment May 17, 2020

Dashboard Loading By Name In URL - 16:13 UTC

Type: Improvement
Description: You can now select a dashboard to be loaded by name query param.
Known limitations: N/A.
Affected Components DASHBOARD  

Dashboard Trend Widget - 16:13 UTC

Type: Change
Description: Currently it is not possible to create a trend widget with compliance type of organisation unit.
Known limitations: N/A.
Affected Components DASHBOARD  

On boarding AWS China account fix - 13:10 UTC

Type: Bug Fix
Case Id: DFT-715
Description: Fixed an issue for handling empty cloud account.
Known limitations: N/A.
Affected Components AWS ON BOARDING  

Internal Configuration Change - 11:42 UTC

Type: Improvement
Description: Internal changes for email handling components.
Known limitations: N/A.
Affected Components EMAIL CONFIGURATION  

Deployment May 16, 2020

Logic Widgets - Query cross AWS cloud accounts - 08:10 UTC

Type: Improvement
Description: We added an ability to select all cloud accounts when defining a new widget.
Known limitations: N/A.
Affected Components LOG.IC   

Deployment May 14, 2020

Compliance Integrations Internal Configuration Change - 10:28 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS   

Compliance Integrations Internal Configuration Change - 06:18 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS  API SCHEDULED REPORT

Deployment May 13, 2020

AWS SQS - 15:30 UTC

Type: Improvement
Description: Support all SQS Key types in KMS assets stats compliance model
Known limitations: N/A.
Affected Components DATA FETCHERS AWS  RULE ENGINE

Network Security - security group page fix - 13:30 UTC

Type: Bug fix
Case ID: DFT-792
Description: fixing a race condition when presenting read only security groups.
Known limitations: N/A.
Affected Components API NETWORK SECURITY

Compliance Integrations Internal Configuration Change - 07:00 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS  API SCHEDULED REPORT

Deployment May 12, 2020

Compliance Integrations Internal Configuration Change - 07:00 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS  API SCHEDULED REPORT

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
Description: First release of  Japanese Rulesets

AWS

AWS Dome9 FISC

[日本語]AWS Dome9 Network Alerts

[日本語]AWS Dome9 Best Practices

[日本語]AWS HIPAA

[日本語]AWS Dome9 S3 Bucket Security

[日本語]AWS CIS Foundations v. 1.1.0

[日本語]AWS NIST 800-53 Rev 4 (FedRAMP)

[日本語]AWS GDPR Readiness

[日本語]AWS CSA CCM v.3.0.1

[日本語]AWS ISO 27001:2013


Azure

[日本語]Azure Dome9 Network Alerts

[日本語]Azure Dome9 Best Practices

[日本語]Azure CIS Foundations v. 1.0.0

[日本語]Azure PCI-DSS 3.2

[日本語]Azure NIST 800-53 Rev 4 (FedRAMP)

[日本語]Azure GDPR Readiness

[日本語]Azure CSA CCM v.3.0.1


GCP

 [日本語]GCP Dome9 Network Alerts

[日本語]GCP Dome9 Best Practices

[日本語]GCP CIS Foundations v. 1.0.0

[日本語]GCP PCI-DSS 3.2

[日本語]GCP NIST 800-53 Rev 4 (FedRAMP)

[日本語]GCP CSA CCM v.3.0.1


Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
Description: First release of CIS Kubernetes Benchmark v1.5.0 and Azure CSA CCM v.3.0.1. We have also added new rules and made changes to existing rules, a detailed description along with rule IDs can be found here.

CASE ID :  
DFT-592
DFT-442
DFT-563
DFT-727
DFT-740
DFT-661
DFT-748
DFT-732
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Azure App Services - 15:15 UTC

Type: Improvement
DescriptionAdded support for Azure Web App and Function App entities.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AZURE API

Dashboard Widget By Severity - 13:30 UTC

Type: Improvement
Description: Creating a widget by severity aggregation will show the same color as within the Alerts page
Known limitations: N/A.
Affected Components DASHBOARD 

Dashboard Widget Drag & Drop - 13:30 UTC

Type: Improvement
Description: Improved the look and feel of dragging and sorting widgets across a dashboard.
Known limitations: N/A.
Affected Components DASHBOARD 

Deployment May 11, 2020

SNS Notification Integration Improve Error Handling  - 14:03 UTC

Type: Improvement
Description: Improve internal error handling.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE INTEGRATIONS

AWS SNS  - 15:00 UTC

Type: New Entity
Description: Added support for AWS SNS entity.
GSL Example:

Ensure Amazon SNS topics enforce Server-Side Encryption (SSE):
'SnsTopic should not have cryptoKey.keyId isEmpty()'

Need to add "sns:ListTagsForResource" permission to Dome9 read only policy.

Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS COMPLIANCE ENGINE

GSL Builder - Adding isEmpty() Function Selection for Objects  - 14:45 UTC

Type: Improvement
Case ID: DFR-875
Description: Properties with type of Object can use isEmpty() function as part of the builder flow.
Known limitations: N/A 
Affected ComponentsUI

Cloud Account Page Improve Loading Time - 11:54 UTC

Type: Improvement
Description: Improve page loading time by changing some usage of APIs and split some processes to async.
Known limitations: N/A 
Affected ComponentsUI

Beta for the new version of Clarity - 07:30 UTC

Type: Improvement
Description: We release the beta version of Clarity, with new graph technology and performance improvement.
Known limitations: N/A.
Affected Components CLARITY 

Deployment May 7, 2020

Dashboard Combo Box Search Freezes The Page - 15:48 UTC

Type: Bug
Description: Case ID: DFT-775
Known limitations: N/A.
Affected Components DASHBOARD 

Compliance Integrations Internal Configuration Change - 15:48 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS 

AWS SQS - 13:30 UTC

Type: Improvement
DescriptionAdd properties - MaximumMessageSize and DelaySeconds to compliance model.

Known limitations: N/A 
Affected ComponentsDATA FETCHERS AWS  RULE ENGINE

Compliance Alert Validate and Fix - Internal Configuration Change - 11:23 UTC

Type: Improvement
DescriptionInternal configuration change in the mechanism which find and fix Compliance Alert.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ALERTS

Deployment May 6, 2020

ACM Certificates - 15:15 UTC

Type: Bug Fix
Case ID: DOME-14077
Description: Mishandling of permission issues for listing certificate tags.
Known limitations: N/A.
Affected Components DATA FETCHERS AWS           

Internal Configuration Change - 11:22 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components API  AWS SECURITY GROUP MANAGEMENT

AWS Security Integration - Archive Resolved Findings - 10:45 UTC

Type: Bug Fix
Case ID: DOME-13464
Description: Fix an issue for some of the resolved findings not marked as archive in Security Hub portal.
Known limitations: N/A.
Affected Components SECURITY HUB INTEGRATION           

Deployment May 5, 2020

ACM Certificates - 15:30 UTC

Type: Improvement
Description: Improving data fetcher to include certificates from all key types.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AWS

AWS SQS Rule Entity Fix  - 12:30 UTC

Type: Bug fix
Case ID: DOME-14054
Description: Fix mapping cryptoKey issue in compliance model.
Known limitations: N/A
Affected Components   RULE ENGINE    


GCP KMS - 08:00 UTC

Type: Improvement
Description: Improve error handling including throttling exceptions.

Known limitations: N/A.
Affected Components DATA FETCHERS GCP           

AWS Log Groups- 08:00 UTC

Type: Improvement
Description: Improve permissions issues handling.

Known limitations: N/A.
Affected Components DATA FETCHERS AWS           

Deployment May 4, 2020

Azure fetching system upgrade - 16:00 UTC

Type: Improvement
Description: Upgrading several Azure API components.
Known limitations: N/A.
Affected Components DATA FETCHERS AZURE   API   AZURE NETWORK SECURITY     COMPLIANCE INTEGRATION

Deployment May 3, 2020

Alerts/Protected Assets/SecurityGroups Pages Loading Improvement - 19:37 UTC

Type: Improvement
Description: Improve the loading time for the pages above.
Known limitations: N/A.
Affected Components UI 

Rule Engine Improve Error Handling - 07:45 UTC

Type: Improvement
Description: Improve internal error handling for some functions.
Known limitations: N/A.
Affected Components RULE ENGINE 

Deployment April 30, 2020

Compliance Integrations Internal Configuration Change - 14:35 UTC

Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATIONS 

Organizational Unit API - 18:15 UTC

Type: Improvement
Description: Improve the API performance for large customers.
Known limitations: N/A.
Affected Components API 

AWS SQS - 17:00 UTC

Type: Improvement
Description: Added support for AWS SQS entity.
GSL Example:

  • Ensure Amazon SQS queues enforce Server-Side Encryption (SSE):

'Sqs should not have cryptoKey.keyId isEmpty()'

  • Ensure there is a Dead Letter Queue configured for each Amazon SQS queue:

'Sqs should not have redrivePolicy.deadLetterTargetArn isEmpty()'


Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

AWS EKS Cluster - 15:30 UTC

Type: Improvement
DescriptionAdded support for AWS EKS Cluster entity.
GSL Examples:

  • Ensure that AWS EKS Cluster endpoint access is not public:

'EksCluster should have resourcesVpcConfig.endpointPublicAccess=false'

  • Ensure that AWS EKS Cluster control plane logging is enabled:

'EksCluster should have logging.clusterLogging with [ enabled=true ]'


Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE DATA FETCHERS AWS

Token error handling - 11:10 UTC

Type: Bug fix
Case ID: MAG-202
Description: Fixed the way we deal with error handling from invalid tokens.
Known limitations: N/A.
Affected Components INFRASTRUCTURE 

Deployment April 27, 2020

Logic Account Activity - New implementation for event tracking with the token - 21:00 UTC

Type: New Feature
Description: We added a new enrichment to the event, we are now able to determine the initiator of the action in case of assume role
Known limitations: N/A.
Affected Components LOG.IC 

New Dashboard Widgets - 20:16 UTC

Type: Improvement
Description: Added two new widgets: Trend Change Summary and Trend Line With Change Summary.
Known limitations: N/A.
Affected Components DASHBOARD 

Favorite Dashboard Tag On Sub Menu - 20:16 UTC

Type: Bug fix
Description: Deleting a dashboard that was also marked as favorite now is also removed from sub menu.
Known limitations: N/A.
Affected Components DASHBOARD 

AWS Credentials validation optimization - 9:28 UTC

Type: Improvement
Description: Modified the validation behavior to behave according to the protection mode.
Known limitations: N/A.
Affected Components API 

Deployment April 26, 2020

Early Availability

Notification - Adding HTTP Endpoint Integration for QRadar - 18:25 UTC

Type: Improvement
Description: QRadar integration in EA.
Known limitations: Requires IBM Qradar Application (under development).
Affected Components COMPLIANCE INTEGRATION  UI 

Notification - Adding Sumologic HTTP Endpoint Integration - 18:25 UTC

Type: Improvement
Description: Sumologic type will be send the first level of the finding's entity tree (Sumologic support up to 64kb per finding).
Known limitations: N/A.
Affected Components COMPLIANCE INTEGRATION  UI 

Logic - Move custom and predefined queries to be on the same line with the main filter of Logic - 13:30 UTC

Type: Improvement
Description: Move custom and predefined queries list to be on the same line in the main filter of Logic under the Queries button.
Known limitations: N/A.
Affected Components LOG.IC 

Bug Fix Compliance Policy Organizational Unit Sub Unit Deletion - 11:40 UTC

Type: Bug Fix
Case ID: DOME-13965
Description: Fix issue for Compliance Policy associated to a deleted sub Organizational Unit without parent.
Known limitations: N/A.
Affected Components API 

Internal Configuration Change - 10:45 UTC

Type: New Feature
Description: Added minor internal configuration setting.
Known limitations: N/A.
Affected Components API CONTINUES COMPLIANCE

Deployment April 24, 2020

New Home Dashboard - 15:15 UTC

Type: New Feature
Description: We have added a new menu item called 'Dashboards' where you can see an overview of your setup and build custom dashboards.
Known limitations: N/A.
Affected Components  DASHBOARDS

Deployment April 23, 2020

New Feature - Generic List  - 16:10 UTC

Type: New Feature
Description: Added generic list support on compliance engine, this will allow customer to create lists and use compliance rules to check their content.
Known limitations: N/A.
Affected Components  UI

Logic - add translation from Quick Filters to GSL - 12:45 UTC

Type: Improvement
Description: Now the Quick filters in Logic are part of the GSL.
Known limitations: N/A.
Affected Components  LOG.IC

Compliance OU Trend API - 15:45 UTC

Type: Improvement
Description: Improve the query logic for faster response.
Known limitations: N/A.
Affected Components  API

Deployment April 22, 2020

Serverless - CI/CD Frameworks and Deployment  Pages - 20:37 UTC

Type: New Feature
Description: Enable you to add cloudguard’s solutions (Proact & FSP) into your CI/CD infrastructure

Known limitations: N/A.
Affected Components  SERVERLESS  

IAM Protection - 20:37 UTC

Type: Bug fix
Description: Some cases of flicking IAM account page.

Known limitations: N/A.
Affected Components  IAM  

AWS fetching system upgrade - 17:58 UTC

Type: Improvement
Description: Upgrading several AWS API components.
Known limitations: N/A.
Affected Components DATA FETCHERS AWS   API   AWS NETWORK SECURITY   SCHEDULED ASSESSMENT   COMPLIANCE INTEGRATION

Home Dashboard and Protected Asset Performance Improvement - 10:20 UTC

Type: Improvement
Description: Improve the UI using with some APIs for better performance.
Known limitations: N/A.
Affected Components UI 

Home Dashboard - Adding Mark for Compliance Result Missing Permission or Sync Issue - 10:20 UTC

Type: Improvement
Description: Now for any Compliance Result that have may affected by missing permission or sync issue will mark with relevant icon.
Known limitations: N/A.
Affected Components UI 

CloudGuard Dome9 is now integrated with Tenable.io - 10:20 UTC

Type: Improvement
Description: CloudGuard Dome9 is a unique Cloud Security Posture Management Platform that allows you to ingest information about your cloud environment, query it with our unique GSL (Governance Specification Language) and help your company to focus on high fidelity alerts about your cloud environment.
Known limitations: N/A.
Affected Components UI 

Rule Engine GSL IPV6 support - 07:10 UTC

Type: Improvement
Description: GSL network functions - adding IPV6 support.
Known limitations: N/A.
Affected Components  RULE ENGINE GSL

Deployment April 21, 2020

OU kubernetes support  - 17:20 UTC

Type: Improvement
Description: Adding support with OU filter for Kubernetes Clusters.
Known limitations: N/A.
Affected Components:   UI API

GCP Data fetchers optimizations - 13:41 UTC

Type: Improvement
Description:Minor optimizations for GCP data fetchers.
Known limitations: N/A.
Affected Components:   DATA FETCHERS GCP

AWS Additional Regions Network Management Support - Hong Kong and Bahrain - 11:20 UTC

Type: Improvement
Description: Added Network management Support for AWS Hong Kong and Bahrain regions in Compliance Engine.
Known limitations: N/A.

Affected Components  UI API DATA FETCHERS AWS

Scheduled Assessment Report and Immediate Email Notification Adding Missing Permission Indication - 08:20 UTC

Type: Improvement
DescriptionAdded an indication of missing permission or data sync issue in Compliance Result to the Scheduled Report and the Immediate Email notifications.
Known limitations: N/A.
Affected Components  IMMEDIATE EMAIL NOTIFICATION  DATA FETCHERS AWS

Logic - AWS Cloudtrail orgnization on-boarding - 07:00 UTC

Type: New Feature
Description:

  • Add the option to on-board Cloudtrail organization.

Known limitations: N/A.
Affected Components  LOG.IC  

AWS compliance engine builders optimizations - 6:00 UTC

Type: Improvement
DescriptionImproved the assessments entity builders for AWS ECS, ELB, EC2, KMS, ALB, Sagemaker and security groups.
Known limitations: N/A.
Affected Components  RULE ENGINE  DATA FETCHERS AWS

Deployment April 20, 2020

Dashboard Performance Improvements - 12:15 UTC

Type: Improvement
Description:

  • Optimising server calls

Known limitations: N/A.
Affected Components  DASHBOARD  

Azure Policy Assignment Improvements - 12:15 UTC

Type: Improvement
Description:

  • Added default values for Azure Policy Assignment parameters.
  • New data fetcher added to get Azure Policy Definitions.

Known limitations: N/A.
Affected Components  RULE ENGINE API DATA FETCHERS AZURE

Cloud Account API Performance Improvements - 12:05 UTC

Type: Improvement
Description: Improve Cloud Accounts APIs for UI usage.
Known limitations: N/A.
Affected Components  API UI

Deployment April 19, 2020

GCP Cloud Pub/Sub - 08:15 UTC

Type: Improvement
Description: Improve GCP Pub/Sub fetching infrastructure.
Known limitations: N/A.
Affected Components  DATA FETCHERS GCP

Deployment April 16, 2020

Rule Engine Improvement - 19:55 UTC

Type: Improvement
Description: Improve logic on Instance rules assessments for large accounts.
Known limitations: N/A.
Affected Components  RULE ENGINE  COMPLIANCE CORE

Compliance Assessment History Result Page - Optimization for Large Assessment - 19:55 UTC

Type: Improvement
Description: Optimized the returned result for large assessment history items.
Known limitations: N/A.
Affected Components  UI

Deployment April 13, 2020

Log.ic - Adding infrastructure for Azure - 14:00 UTC

Type: Improvement
Description: Adding infrastructure for Azure support.
Known limitations: N/A.
Affected Components  LOG.IC

AWS Marketplace improvements - 7:40 UTC

Type: Improvement
Description: Adding some fixes to the marketplace flow.
Known limitations: N/A.
Affected Components  AWS MARKETPLACE SERVICE

Deployment April 12, 2020

Clarity - minor improvements - 15:00 UTC

Type: Improvement
Description: Adding more improvements for the new clarity version.
Known limitations: N/A.
Affected Components  UI

AWS Marketplace improvements - 12:10 UTC

Type: Improvement
Description: Adding some improvements to the marketplace flow.
Known limitations: N/A.
Affected Components  AWS MARKETPLACE SERVICE

Deployment April 7, 2020

Network security - New infrastructure to support IPV6 security groups - 17:00 UTC

Type: Improvement
Description: Adding some components that will support IPV6 services in AWS security groups.
Known limitations: N/A.
Affected Components  UI

Compliance Assessment History - 14:20 UTC

Type: Improvement
Description: Adding warning mark for any assessment results suffering from missing permissions or any data sync issues.
Known limitations: N/A.
Affected Components  UI

Deployment April 5, 2020

Log.ic - on-boarding per ENI or subnet - 16:00 UTC

Type: Improvement
Description: A new option to on-board a specific ENI or Subnet.
Known limitations: N/A.
Affected Components  LOG.IC

Network security - New infrastructure to support IPV6 security groups - 12:00 UTC

Type: Improvement
Description: A new infrastructure that will support IPv6 services in AWS security groups
Known limitations: N/A.
Affected Components  AWS SECURITY GROUP MANAGEMENT 

Deployment April 1, 2020

Log.ic - New alerts infrastructure - 12:00 UTC

Type: Improvment
Description: A new infrastructure for the custom alerts of Logic, reduce significantly the delay of the alerts.
Known limitations: N/A.
Affected Components   LOG.IC

Deployment March 26, 2020

Additional Severity Level Add-on - 21:12 UTC

Type: New Feature
Description: Support the new additional severity level 'Informational' and 'Critical' in the UI.
Known limitations: N/A.
Affected Components   UI

SecurityHub Integration - Change Finding's Severity - 09:50 UTC

Type: Improvement
Description: According to SecurityHub change we are now sending Finding's Severity will be send as it in Dome9 .
Known limitations: N/A.
Affected Components   SECURITY HUB INTEGRATION

Additional Severity Level Add-on - 09:50 UTC

Type: New Feature
Description: We have added two new additional severity level to the system: 'Informational' and 'Critical.
Known limitations: UI will support the following later on today, Dome9 compliance rule will be modified in the near future.
Affected Components   API SCHEDULED ASSESSMENT   COMPLIANCE INTEGRATIONS

Deployment March 25, 2020

AWS fetching system upgrade - 16:12 UTC

Type: Improvement
Description: Upgrading several AWS API components.
Known limitations: N/A.
Affected Components DATA FETCHERS AWS   API   AWS NETWORK SECURITY   SCHEDULED ASSESSMENT   COMPLIANCE INTEGRATION

Logic - Enrichment for Identity, Target, and Source in AWS Cloudtrail- 13:30 UTC

Type: Improvement
Description: Enriched Cloudtrail data with Dome9 metadata and Checkpoint Malicious information.
Known limitations: N/A.
Affected Components   LOG.IC    

Deployment March 22, 2020

GSL support for Lists Optimization - 06:55 UTC

Type: Improvement
Description: Optimazied the work in the Assessment run flow.
Known limitations: N/A.
Affected Components   COMPLIANCE ENGINE    

Deployment March 19, 2020

Compliance Alert Validate and Fix - 14:23 UTC

Type: Improvement
DescriptionWe deployed a new machanizem which find and fix Compliance Alert. The component will run on a daily basis and will make sure all the shown alerts are valid.
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ALERTS

AWS KMS - Added ability to check if KMS key is in use - 09:55 UTC

Type: Improvement
Case ID: DFR-782
DescriptionAdded more properties to track unattached KMS keys.
GSL Example: KMS where name != 'default' should not have KMSAssetstats contain-all [ count = 0 ]
Known limitations: N/A 
Affected ComponentsCOMPLIANCE ENGINE

Deployment March 18, 2020

Custom statistic charts for Log.ic Network Activity - 20:55 UTC

Type: New Feature
DescriptionNew dashboards in Network Activity with customization tool.
Known limitations: N/A 
Affected ComponentsLOG.IC

Deployment March 17, 2020

Compliance Rulesets Update - 15:55 UTC

Type: Improvement
DescriptionFirst release of the Azure Dome9 Network Security Ruleset. In addition we have also created the GCP HIPAA Ruleset to fulfill healthcare compliance needs in the GCP platform. 
Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment March 17, 2020

Compliance Engine Improvement  - 15:55 UTC

Type: Improvement
DescriptionImprovement of internal scale capabilities in order to reduce run duration time.
Known limitations: N/A
Affected Components   COMPLIANCE INTEGRATIONS   

Compliance Engine Improvement  - 13:40 UTC

Type: Improvement
DescriptionImprovement of internal scale capabilities in order to reduce run duration time.
Known limitations: N/A
Affected Components   RULE ENGINE   

Scheduled Assessment Report Monitor enhance - 13:30 UTC

Type: Improvement
Description: Enhance internal monitor capabilities for the Report mechanism.
Known limitations: N/A
Affected ComponentsSCHEDULED ASSESSMENT REPORT

Deployment March 16, 2020

GCP Cloud Pub/Sub - 15:15 UTC

Type: New Feature
DescriptionAdded GCP Cloud Pub/Sub entity support.
Known limitations: N/A 
Affected ComponentsDATA FETCHERS GCP COMPLIANCE ENGINE API UI

Add "Sync Now" support for GCP Subnets - 15:15 UTC

Type: Improvement
Description: Now GCP Subnet Fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected ComponentsDATA FETCHERS GCP

Deployment March 15, 2020

Internal Configuration Changes - 17:13 UTC

Type: Improvement
Description: Changing some of the component's configurations for internal purposes.
Known limitations: N/A
Affected ComponentsFETCHERS 

Compliance Engine Improvement  - 12:50 UTC

Type: Improvement
DescriptionImprovement of internal scale capabilities in order to reduce run duration time.
Known limitations: N/A
Affected Components   RULE ENGINE  COMPLIANCE INTEGRATION  SCHEDULED ASSESSMENT

Azure Kubernetes Cluster Rule Entity Fix  - 12:50 UTC

Type: Bug fix
Case ID: DOME-13621
Description: Fix mapping issue in compliance model.
Known limitations: N/A
Affected Components   RULE ENGINE    

Deployment March 12, 2020

Added NACL property for attached / unattached  - 12:30 UTC

Type: Improvement
Description: Added NACL property for checking if the NACL in use, in addition Added ability to track subnets via NACLs.
Known limitations: N/A
Affected Components   COMPLIANCE ENGINE    

Deployment March 11, 2020

Scheduled Assessment Report Bug Fix - 15:55 UTC

Type: Bug fix
Case ID: DOME-13609
Description: Fix and issue which send multiple reports for some user in OU aggregation.
Known limitations: N/A.
Affected Components   SCHEDULED ASSESSMENT REPORT    

Added Internal GSL support for Lists - 13:00 UTC

Type: Improvement
Description: Added support to use compliance engine on lists, this will allow customer to create lists and use compliance rules to check their content.
Known limitations: Supported only on the backend, UI will be supported soon.
Affected Components   COMPLIANCE ENGINE UI   

Deployment March 10, 2020

Alert and Protected Asset Dashboards - 18:35 UTC

Type: Improvement
Description: Adding a few UI/UX changes and new capabilities such as changing widget size and etc.
Known limitations: N/A
Affected Components   UI   

Added support with Azure Kubernetes Cluster - 12:37 UTC

Type: Improvement
Description: Added support with Azure Kubernetes Cluster.
Known limitations: N/A
Affected Components   COMPLIANCE ENGINE PROTECTED ASSETS   

Deployment March 8, 2020

Internal Configuration Changes - 15:13 UTC

Type: Improvement
Description: Changing some of the component's configurations for internal purposes.
Known limitations: N/A
Affected ComponentsCROSS SYSTEM 

Menu Permission Enforcement Changes - 14:47 UTC

Type: Improvement
Description: Enforcement optimization of menu items for low permission users in order to scale up application load time.
Known limitations: N/A
Affected Components   UI   

Deployment March 5, 2020

IAM Safety API Cloud Account Update  - Adding AWS ID Support - 15:50 UTC

Type: Improvement
Description: In order to increase usability we added support for both AWS ID or Dome9 ID.
Known limitations: N/A
Affected Components   COMPLIANCE INTEGRATIONS   IAM SAFETY

Rule Engine Improvement - 08:50 UTC

Type: Improvement
Description: Improve error handling.
Known limitations: N/A
Affected Components   COMPLIANCE INTEGRATIONS   

Deployment March 4, 2020

Compliance Engine - Optimized components scaling capabilities  - 12:42 UTC

Type: Improvement
DescriptionImproved component scaling capabilities.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE

Deployment March 1, 2020

Compliance Engine - Network functions optimization - 10:55 UTC

Type: Improvement
DescriptionWe improved those functions calculations to handle cases with partial IP's information hence improving the accuracy .  
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE

Deployment February 27, 2020

Logic on-boarding using S3 - 15:47 UTC

Type: Improvement
Description: Switch on-boarding to pull data from S3 on customer side instead of Cloudwatch
Known limitations: N/A
Affected ComponentsLOG.IC

Azure Load Balancer Details Page Fix - 12:23 UTC

Type: Bug
Description: When moving to a details page of an Azure load balancer asset an error message would popup are page was redirected to protected assets page.  
Known limitations: N/A
Affected ComponentsAZURE

Filter Group Auto Focus On Search - 12:23 UTC

Type: Improvement
Description: Now when opening a filter category you will be auto focus on the search input.
Known limitations: N/A
Affected ComponentsFILTER PANEL

Entity Inspector (JSON Viewer) insensitive Search - 12:23 UTC

Type: Improvement
Description: Now entity viewer supports search in case insensitive.
Known limitations: N/A
Affected ComponentsJSON

Add "Sync Now" support for Azure Subnets - 09:58 UTC

Type: Improvement
Description: Now Azure Subnet Fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected ComponentsDATA FETCHERS AZURE

License system integration - 09:35 UTC

Type: Improvement
Description: Adjust integration configuration.
Known limitations: N/A
Affected Components API 

Deployment February 26, 2020

Internal Configuration Changes - 10:56 UTC

Type: Improvement
Description: Changing some of the component's configurations for internal purposes.
Known limitations: N/A
Affected ComponentsAWS SECURITY GROUP AUTHENTICATION SERVICE

Deployment February 24, 2020

Compliance Engine Improve Monitoring Capabilities - 15:40 UTC

Type: Improvement
Description: Improve internal monitoring capabilities.
Known limitations: N/A
Affected Components    COMPLIANCE INTEGRATIONS COMPLIANCE CORE SCHEDULED REPORT

AWS Additional Regions Support - Hong Kong and Bahrain - 13:40 UTC

Type: New Feature
Description: Added Support for AWS Hong Kong and Bahrain regions in Compliance Engine.
Known limitations:

The following limitations are valid only to Hong Kong and Bahrain regions:

  • Security Groups statistics in home page and in cloud account page, does not include Security Groups from the new regions.
  • Security Group Management is not supported - Read Only mode is allowed.
  • Clarity is not supported.
  • IP Addresses page does not include IPs from the new regions Security Groups.
  • Flow logs are not supported.


Affected Components  UI API DATA FETCHERS AWS

Deployment February 23, 2020

Alerts / Protected Assets Dashboard - 14:08 UTC

Type: Improvement
Description: Now each widget supports self filtering state.
                        Also styling modifications to pages to match checkpoint style guide.
Known limitations: N/A
Affected Components  DASHBOARD 

Deployment February 20, 2020

Bug fix - MSP Average Usage Export to CSV - 14:15 UTC

Type: Bug fix
Case ID: DOME-13476
Description: Fix wrong calculation for some fields.
Known limitations: N/A
Affected Components  UI

Rule Engine Improvement - 12:53 UTC

Type: Improvement
Description: Improve scaling.
Known limitations: N/A
Affected Components   COMPLIANCE CORE RULE ENGINE API

Deployment February 19, 2020

Failed to load application on IE11 bug fix - 21:55 UTC

Type: Bug fix
Case ID: DOME-13470
Description: Fixed an issue that preventing the central application from being loaded on IE11 due to using with unsupported function/method.
Known limitations: N/A
Affected Components  UI 

Rule Engine Improvement - 12:55 UTC

Type: Improvement
Description: Improve scaling.
Known limitations: N/A
Affected Components   COMPLIANCE INTEGRATIONS  SCHEDULED ASSESSMENT  

Deployment February 18, 2020

Rule Engine Improvement - 14:25 UTC

Type: Improvement
Description: Improve error handling.
Known limitations: N/A
Affected Components   COMPLIANCE INTEGRATIONS  COMPLIANCE CORE API

Sub Menu Hider - 12:49 UTC

Type: New Feature
DescriptionNow you can collapse/expand the sub menu to get more real estate for your data.
Affected Components UI/UX 

Deployment February 17, 2020

Compliance Print Report For GCP Fix - 13:50 UTC

Type: Bug (DFT-725)
DescriptionFixed print of assessment history result for GCP accounts.
Affected Components COMPLIANCE 

PREVIEW

AWS EMR Cluster (ElasticMapReduce) - 11:00 UTC

Type: New Feature
DescriptionAdded AWS EMR Cluster entity support.
Known limitationsOnly EMR clusters which are visible to all users are supported.
Affected Components DATA FETCHERS AWS 

License system integration - 09:55 UTC

Type: Improvement
Description: Adjust integration configuration.
Known limitations: N/A
Affected Components API 

Deployment February 16, 2020

AWS KMS - 13:30 UTC

Type: Improvement + Bug Fix
Description:

  • Updates to AWS KMS entity fetching mechanism, Improved throttling mechanism to handle rate exceeded calls.
  • Fixed an issue with AWS KMS tags and key rotation data in compliance engine.

Known limitations: N/A
Affected Components DATA FETCHERS AWS COMPLIANCE ENGINE

Deployment February 13, 2020

License system integration - 12:40 UTC

Type: Improvement
Description: Adding support with more license types.
Known limitations: N/A
Affected Components API 

Ruleset API Tune Duplicate Logic Enforcement - 12:40 UTC

Type: Bug Fix
Case ID: DOME-13223
Description: Fix an issue when add/save multiple TRUE/FALSE rules in same ruleset.
Known limitations: N/A
Affected Components API RULESET

Deployment February 12, 2020

OU Scheduled Assessment CSV Report - Bug Fix - 16:55 UTC

Type: Bug Fix
Case ID: DFT-707
Description: Fix an issue when the OU name was not written in the CSV for some customers.
Known limitations: N/A
Affected Components SCHEDULED ASSESSMENT REPORT

Azure Analysis Services Server - 13:15 UTC

Type: New Feature
Description

Added Azure Analysis Services Server entity support:

  • New compliance entity called AnalysisServiceServer.

Known limitations: N/A
Affected Components DATA FETCHERS AZURE

Azure Route Table - 13:15 UTC

Type: New Feature
Description

Added Azure Route Table entity support:

  • New compliance entity called RouteTable.
  • Azure Subnet will now contain additional field called routeTableData, which contains the associated route table data.

Known limitations: N/A
Affected Components DATA FETCHERS AZURE

Compliance Content - Bug fix - 08:50 UTC

Type: Bug fix
Case ID: DOME-13359
Description: We fixed a bug in Azure Load Balancer - An empty value in load balancing rule probe caused assessments failures.
Known limitations: N/A
Affected ComponentsCOMPLIANCE ENGINE

Deployment February 11, 2020

License system integration upgrade 16:00 UTC

Type: Improvement
Description: Added integration support for our license system.
Known limitations: N/A
Affected ComponentsLICENSE SYSTEM 

Cloud Accounts CSV - 13:26 UTC

Type: Improvement
Description: Added DOME9 ID column to export CSV file
Known limitations: N/A
Affected ComponentsCLOUD ACCOUNTS 

AWS EC2 Backend Integration Upgrade - 09:00 UTC

Type: Improvement
Description: Upgraded the internal SDK used to communicate with AWS EC2 entities to version 3.3.123.2.
Known limitations: N/A
Affected ComponentsAWS FETCHING SYSTEM 

Deployment February 06, 2020

Filter Panel Styling - 14:52 UTC

Type: Improvement
Description: Updated style
Known limitations: N/A
Affected ComponentsFILTERS 

Protected Assets Dashboard Deep Linking Fix - 14:52 UTC

Type: Bug Fix
Description: Clicking on chart value will now open a new tab with the protected assets page with the correct filters
Known limitations: N/A
Affected ComponentsFILTERS

Kubernetes On Boarding From Cloud Account - 14:52 UTC

Type: Bug Fix
Description: On board to Kubernetes from cloud account page fixed.
Known limitations: N/A
Affected ComponentsKUBERNETES

Deployment February 05, 2020

MSP Average Usage Export to CSV - 13:45 UTC

Type: Improvement
Description: Add new ability to export the accounts average usage by date.
Known limitations: N/A
Affected ComponentsAPI UI

MSP Portal - 13:45 UTC

Type: Improvement
Description: Some change in the UI style.
Known limitations: N/A
Affected ComponentsUI

Cloud Security Groups API - 12:45 UTC

Type: Bug Fix
Case ID: DOME-13323
Description: Fixed an internal error in CloudSecurityGroup API which caused the call to fail in some scenarios.
Known limitations: N/A
Affected ComponentsAPI

Deployment February 04, 2020

Compliance Rulesets Update 

Type: Improvement
DescriptionFirst release of the GCP Dome9 Network Security Ruleset. In addition we have made bug fixes to existing rules.

5 new rules have been added as part of AWS, Azure and GCP Best Practices rulesets. Click here for details.

Case ID : 

DFT-674 - Logic fix - D9.AZU.NET.27 - Ensure that SSH access is restricted from the internet


Known limitations: N/A 
Affected ComponentsCOMPLIANCE RULESETS

Deployment February 4, 2020

Protected Assets - AWS EC2 Instances - 17:05 UTC

Type: Bug Fix
Case ID: DFT-624
Description: Fixed an issue which caused an error to be thrown while getting an Instance details.
Known limitations: N/A
Affected Components   UI PROTECTED ASSETS

Cloud Security Groups API - 17:05 UTC

Type: Bug Fix
Case ID: DFT-624
Description: API Access for non-superuser.
Known limitations: N/A
Affected Components   UI CLARITY API

Exposed Security And Authentication Menu Item for Auditor role - 16:20 UTC

Type: Bug Fix
Case ID: DFT-714
Description: Exposed the Security And Authentication menu item for Auditor role based users.
Known limitations: N/A
Affected Components   UI 

RDS Asset Page Fix - 14:00 UTC

Type: Bug Fix
Case ID: DOME-13315
Description: Fix exception which preventing the page to load for some customers.
Known limitations: N/A
Affected Components   UI 

Deployment February 3, 2020

Compliance Engine Scale Improvements - 13:00 UTC

Type: Improvement
Description: Changed some logic to increase the engine's scale abilities.
Known limitations: N/A
Affected Components   COMPLIANCE INTEGRATIONS  COMPLIANCE CORE

HTTP Endpoint Integration - 09:48 UTC

Type: Improvement
Description: Improve error handling.
Known limitations: N/A
Affected Components   COMPLIANCE INTEGRATIONS 

Deployment February 2, 2020

Fixed missing IP Address for Login - 14:15 UTC

Type: Bug Fix
Case ID: DFT-690
Description: Fixed the missing IP for Login events on Audit trail.
Known limitations: N/A
Affected Components UI  

Azure Application Security Groups - 11:00 UTC

Type: New Feature
Description: Adding support for Azure ASG across system.
Known limitations: Clarity - Not supported Yet.
Affected Components AZURE FETCHING SYSTEM  COMPLIANCE UI

Deployment January 30, 2020

MFA Fix Disable Action - 13:11 UTC

Type: Bug Fix
Case ID: DFT-712 and DFT-110
Description: Security and authentication - Cannot disable MFA.
Known limitations: N/A
Affected Components UI  MFA

Deployment January 29, 2020

Email Template Change - 18:28 UTC

Type: Improvement
Description: Email template design improvements to have the same look and feel as Checkpoint design.
Known limitations: N/A
Affected Components EMAIL NOTIFICATION SCHEDULED REPORT

Deployment January 28, 2020

Azure Virtual Machine Scale Set - 15:50 UTC

Type: New Feature
Description

Added Azure Virtual Machine Scale Set entity support:

  • New compliance entity called VirtualMachineScaleSet.
  • Azure Virtual Machine compliance entity will now reflect Scale Set virtual machines as well.
  • Two additional fields were added to Azure Virtual Machine compliance entity:
    • IsScaleSetVm - To indicate if the Virtual Machine is part of a scale set.
    • InstanceId - In case the Virtual Machine is part of a Scale Set, this field will specify the instance ID.

Known limitations: N/A
Affected Components DATA FETCHERS AZURE

Deployment January 27, 2020

AWS Regions Data Fetcher - 10:20 UTC

Type: Improvement
Description: New data fetcher to get a list of enabled regions for AWS cloud accounts.
Known limitations: Data fetching for optional regions will be supported on later release.
Affected Components DATA FETCHERS AWS

Deployment January 24, 2020

Azure Virtual Machine Scale Set - 00:05 UTC

Type: Revert
Description: Reverting this feature due to errors on assessment reports
Known limitations: N/A
Affected Components DATA FETCHERS AZURE

Deployment January 22, 2020

Azure Cloud Account API - 13:30 UTC

Type: Improvement
Description: Modification of Azure regions description to reflect Azure convention.
Known limitations: N/A
Affected ComponentsAZURE CLOUD ACCOUNT API

Cloud Security Group API - 13:30 UTC

Type: Bug fix
Description: API Access for non-superuser.
Known limitations: N/A.
Affected ComponentsAPI

Deployment January 21, 2020

Protected Assets - Internal pages cosmetic improvements 16:35 UTC

Type: Improvement
Description: Some UI improvements for internal tabs representation for several entities for example: EC2 Instances, Lambda functions, ELB, ALB and RDS.
Known limitations: N/A 
Affected Components: UI PROTECTED ASSETS

Compliance Engine 13:25 UTC

Type: Improvement
Description: Adjust some logic for handling with large entities.
Known limitations: N/A 
Affected Components      COMPLIANCE ENGINE

Deployment January 20, 2020

Azure Virtual Machine Scale Set - 10:40 UTC

Type: New Feature
Description

Added Azure Virtual Machine Scale Set entity support:

  • New compliance entity called VirtualMachineScaleSet.
  • Azure Virtual Machine compliance entity will now reflect Scale Set virtual machines as well.
  • Two additional fields were added to Azure Virtual Machine compliance entity:
    • IsScaleSetVm - To indicate if the Virtual Machine is part of a scale set.
    • InstanceId - In case the Virtual Machine is part of a Scale Set, this field will specify the instance ID.

Known limitations: N/A
Affected Components DATA FETCHERS AZURE

Logic - a new model for account activity - 10:00 UTC

Type: Improvment
Description

The model of account activity has changed for a better investigation experience.

Known limitations: N/A
Affected Components LOG.IC

Deployment January 19, 2020

Logic - Support multi-vendor 13:00 UTC

Type: Improvement
Description: Support switching between vendors.
Known limitations: N/A 
Affected Components  LOG.IC  

Deployment January 15, 2020

Security Groups - Cloud Account Vendor Icon 15:00 UTC

Type: Bug fix
Description: Missing icons for AWS/AZURE China/Gov accounts.
Known limitations: N/A 
Affected Components  FILTERS  

Resources Page - Open Support Ticket 15:00 UTC

Type: Bug fix
Description: Resources page was missing open support ticket link
Known limitations: N/A 
Affected Components  RESOURCES  

Kubernetes On Boarding 15:00 UTC

Type: New Feature
Description: Kubernetes Clusters support is now GA.
Known limitations: N/A 
Affected Components  KUBERNETES COMPLIANCE PROTECTED ASSETS

Deployment January 14, 2020

Rollback - Azure Virtual Machine Scale Set - 14:00 UTC

Type: Deployment Revert
Description: Reverted the support for Azure Virtual Machine Scale Set entity after discovering an issue with the entity data fetcher.

Known limitations: N/A
Affected Components DATA FETCHERS AZURE

Azure Virtual Machine Scale Set - 12:30 UTC

Type: New Feature
Description

Added Azure Virtual Machine Scale Set entity support:

  • New compliance entity called VirtualMachineScaleSet.
  • Azure Virtual Machine compliance entity will now reflect Scale Set virtual machines as well.
  • Two additional fields were added to Azure Virtual Machine compliance entity:
    • IsScaleSetVm - To indicate if the Virtual Machine is part of a scale set.
    • InstanceId - In case the Virtual Machine is part of a Scale Set, this field will specify the instance ID.

Known limitations: N/A
Affected Components DATA FETCHERS AZURE


Deployment January 13, 2020

AWS Security Groups 12:30 UTC

Type: Bug fix
Case ID: DFT-657, DFT-624
Description: Under some scenarios, Security Groups are not presented in the Security Groups page and Clarity.
Known limitations: N/A 
Affected Components  API CLARITY UI

Deployment January 12, 2020

Compliance Engine 16:54 UTC

Type: Improvement
Description: Adjust some logic for handling with large entities.
Known limitations: N/A 
Affected Components    COMPLIANCE SCHEDULED REPORT  COMPLIANCE INTEGRATION

Alerts & Protected Assets Page Sticky Header 15:15 UTC

Type: Bug Fix
Description: Sticky header on table scroll
Known limitations: N/A 
Affected Components  ALERTS    PROTECTED ASSETS

Compliance Ruleset 12:00 UTC

Type: Bug fix
Case ID: DFT-683
Description: Fix returned error status code and message for invalid/bad requests.
Known limitations: N/A 
Affected Components  API   COMPLIANCE RULESET

Compliance Engine 11:50 UTC

Type: Improvement
Description: Minor engine improvement for handling with large entities.
Known limitations: N/A 
Affected Components  API  COMPLIANCE CORE  COMPLIANCE INTEGRATION

Compliance Engine 09:07 UTC

Type: Improvement
Description: Minor engine improvement for handling with large entities.
Known limitations: N/A 
Affected Components  API  COMPLIANCE CORE  

Deployment January 09, 2020

Exclusion Cloud Account Broken Dropdown 18:57 UTC

Type: Bug fix
Case ID: DOME-19193
Description: Fixed an issue where the Cloud Account dropdown selection was broken for some users.
Known limitations: N/A 
Affected Components  UI    

Protected Assets 16:10 UTC

Type: Improvement
Description: Minor improvement to protected assets engine.
Known limitations: N/A 
Affected Components  PROTECTED ASSETS    

Compliance Engine 15:05 UTC

Type: Improvement
Description: Minor engine improvement.
Known limitations: N/A 
Affected Components  API  COMPLIANCE CORE  

Deployment January 08, 2020

Compliance Engine 16:45 UTC

Type: Improvement
Description: Error handling improvement.
Known limitations: N/A 
Affected Components  API  COMPLIANCE INTEGRATION COMPLIANCE REPORT 

Deployment January 07, 2020

AWS IAM Policy 14:05 UTC

Type: Improvement
Description: Optimizing AWS IAM policy fetching mechanism to reduce the number of API calls.
Known limitations: N/A 
Affected Components  DATA FETCHING AWS  

Deployment January 06, 2020

Filter Panel Cross Browser Support  12:12 UTC

Type: Bug Fix
Description: Pages with filter option are now working in FireFox
Known limitations: N/A 
Affected Components  FILTERS  

Main Menu - Typo fix  12:12 UTC

Type: Bug Fix
Description: Fixing IP Addresses typo
Known limitations: N/A 
Affected Components  TYPO  

Deployment January 05, 2020

Alerts Page 13:38 UTC

Type: Bug Fix
Description: In some specific cases alerts page is displaying 'ALL' alerts in the time range filter, but last 24H alerts is marked.
Known limitations: N/A 
Affected Components  ALERTS  

Documentation - 13:38 UTC

Type: Improvements
Description: Added status Circuit Breaker documentation link.
Known limitations: N/A 
Affected Components  DOCUMENTATION  

Range Filter 13:38 UTC

Type: Improvement
Description: Removed state load/save option from range filter.
Known limitations: N/A 
Affected Components  FILTERS 

Deployment January 1, 2020

Filter Panel - UX improvements 21:05 UTC

Type: Improvement
Description: New filters, some UX improvements after customer feedback
Known limitations: N/A 
Affected ComponentsFILTERS 

New CloudGuard Dome9 Menu - 21:05 UTC

Type: New Feature
Description

We’ve been working hard to add many new features recently including Alerts, Remediation Support with CloudBots, Dashboards  and others.
Now it’s time to get our menus a little bit more organized to help you secure your cloud journey.

The CloudGuard Dome9 Menus are being reorganized for a better user experience. The new menu options are now organized based on our different steps of your cloud journey

  • Asset Management
  • Posture Management
  • Network Security
  • IAM Protection
  • Log.ic
  • Alerting and notification
  • Settings
  • Resources

We also have added sub menus to help you find things faster. This is only a face lift, it is not affecting any functionality within the product. 

Known limitations: N/A
Affected Components UI

Network Security - Azure Application Security Groups - 11:00 UTC

Type: New Feature
Description: Adding support for Azure ASG on Network Security, Now you can manage your ASG, get tamper protection and change detection.
Known limitations: Compliance engine - Not supported Yet.
Affected ComponentsNETWORK SECURITY  UI