January 2022

MSP Portal - 15:00 UTC

Type: Bug Fix
Case ID: DFT-1607
Description: Fixing session handling to prevent redirection to logout.
Known limitations: N/A
Affected Components: msp portal

Assessment API - 10:31 UTC

Type: Improvement
Description: Added new API to get Assessment Executive Summery Report CSV.
Known limitations: N/A
Affected Components: API

Protected Assets API - 08:31 UTC

Type: Improvement
Description: Added ability to sort and group K8S images by InsecureContent and Malware.
Known limitations: N/A
Affected Components: PROTECTED ASSETS API

Compliance Improvement - 19:30 UTC

Type: Improvement
Description: Internal improvement.
Known limitations: N/A
Affected Components: assessment history

Azure Virtual Machine API - 19:00 UTC
Type: Improvement
Description: AzureVirtualMachine API performance improvement.
Known limitations: N/A
Affected Components:  API

Environments Page - Additional columns - 19:00 UTC

Type: Improvement
Description: Added Onboarding time and Platform columns.
Known limitations: N/A 
Affected Components: Environments page

Users Page - New Table - 19:00 UTC

Type: Improvement
Description: Converted the table to the new concept.
Known limitations: N/A 
Affected Components: users page

Protected Assets and Events Page - Groups - 19:00 UTC

Type: Improvement
Description: Added support of expanding more than one group.
Known limitations: N/A 
Affected Components: events page protected assets page

GCP KMS - 11:20 UTC

Type: Improvement
Description: Added ‘iamPolicy’ and ‘cryptoKeys.iamPolicy’ properties in GCP KMS in compliance engine, protected assets and API.
Known limitations: N/A 
Affected Components: DATA FETCHERS GCP  Compliance Engine PROTECTED ASSETS

AWS EFS - 11:20 UTC

Type: Improvement
Description: Added ‘encryptionKeyArn’ property in AWS EFS in compliance engine and protected assets.
Case ID: DFT-1543
Known limitations: N/A 
Affected Components: Compliance Engine PROTECTED ASSETS

Azure Application Security Group and Azure Application Gateway - 11:20 UTC

Type: Improvement
Description: Added paging support for Azure Application Security Group and Azure Application Gateway.
Case ID: DFT-1585
Known limitations: N/A 
Affected Components: DATA FETCHERS azure

Azure SQL Server - 11:20 UTC

Type: Improvement
Description: Added ‘kind’ property in Azure SQL Server in compliance engine, protected assets and API.
Case ID: DFR-2085
Known limitations: N/A 
Affected Components: Compliance Engine PROTECTED ASSETS

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description: AWS CIS and GCP CIS rulesets enrichment. A complete list can be found here.
Case ID: N/A
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

Billable Assets Report API - 19:00 UTC

Type: Improvement
Description: improve the performance of the Billable Assets Report API.
Known limitations: N/A .
Affected Components: API

Shift Left Bug Fix - 18:00 UTC

Type: Bug Fix
Description: Going forward, Kubernetes Image Assurance alerts of type ImageScan will have the Entity Name updated to include the Image name instead of the Image SHA.
Known limitations: This fix will only affect new alerts.
Affected Components: Kubernetes image assurance alerts

Shift Left Improvement - 13:40 UTC

Type: Improvement
Description: Each failed entity, in Terraform or CFT assessment run, will be enriched with its location in the file.
Known limitations: N/A 
Affected Components: shift left

Compliance Improvement - 07:00 UTC

Type: Improvement
Description: Internal Improvement.
Case ID: N/A
Known limitations: N/A 
Affected Components: Compliance Engine

AWS IAM Role, AWS IAM User, AWS ECS Instance & AWS ECS Task - 17:30 UTC

Type: Improvement
Description: Internal improvement.
Known limitations: N/A 
Affected Components: DATA FETCHERS aws

AWS IAM User - 17:30 UTC

Type: Bug Fix
Description: Fixed a bug in ‘relationType’ property in AWS IAM User in protected assets and compliance engine.
Known limitations: N/A 
Affected Components: Compliance Engine PROTECTED ASSETS

AWS ECS Task Definition - 17:30 UTC

Type: New Entities
Description: Added support for AWS ECS Task Definition in protected assets and compliance engine.
Known limitations: N/A 
Affected Components: Compliance Engine PROTECTED ASSETS

Compliance Rulesets Update - 13:00 UTC

Type: Improvement
Description: AWS CIS and GCP CIS rulesets enrichment. A complete list can be found here.
Case ID: N/A
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

Compliance Improvement- 12:20 UTC

Type: Improvement
Description: Improvement of Database for HTTP Endpoint notifications.
Case ID: N/A
Known limitations: N/A 
Affected Components: notifications HTTP Endpoint notification

GCP Log Bucket - 12:00 UTC

Type: New Entities
Description: Added support for GCP Log Bucket in protected assets and compliance engine.
Known limitations: N/A 
Affected Components: DATA FETCHERS GCP  Compliance Engine PROTECTED ASSETS

GCP Network - 12:00 UTC

Type: Improvement
Description: Added ‘DnsPolicy’ property in GCP Network in compliance and protected assets.
Known limitations: N/A 
Affected Components: DATA FETCHERS GCP  Compliance Engine PROTECTED ASSETS

AWS Cloud Trail - Lookup Events - 15:00 UTC
Type: Improvement
Description: Internal improvement of the data fetcher.
Known limitations: N/A
Affected Components:  DATA FETCHERS aWS

AWS Onboarding - 12:30 UTC

Type: Improvement
Description:

• Modified AWS Inspector read permissions of ‘CloudGuard-readonly-policy’ in AWS onboarding process.

• Will support future integration with the new AWS Inspector.

• Changed to:

  • inspector2:ListFindings

  • inspector2:BatchGetAccountStatus

Known limitations: N/A 
Affected Components: API

ServiceNOW Application - 9:00 UTC

Type: Improvement
Description: Added SNOW Rome version support.
Known limitations: N/A 
Affected Components: ServiceNOW application

Intelligence - 20:30 UTC

Type: Improvement
Description: Enrichment is now available for Azure assets without NSG directly attached to them.
Known limitations: N/A 
Affected Components: INTELLIGENCE

Events Export API - 18:00 UTC

Type: Improvement
Description: Improve Events CSV Email
Known limitations: N/A 
Affected Components: API

Assessment Report - 17:00 UTC

Type: Bug Fix
Case ID: DFT-1656
Description: Fixed failed report content on export to CSV
Known limitations: N/A 
Affected Components: reports export

Events Page - Export - Direct Download 17:00 UTC

Type: Improvement
Description: Added direct download support for exporting content less then 10,000 items
Known limitations: N/A 
Affected Components: Events export

Events page - 17:00 UTC

Type: Improvement
Case ID: DFR-1866
Description: Added action field column to show detect / Prevent
Known limitations: N/A 
Affected Components: Events

API - 11:50 UTC

Type: Improvement
Description: Improved security layer of email report links - Export Findings to CSV + Notification of Scheduled Report
Known limitations: Previous links to this day, won’t be valid any more. 
Affected Components: Events Notification scheduled report

API - 14:50 UTC

Type: Improvement
Description: Improve Organizational Unit API performance.
Known limitations: N/A 
Affected Components: API

Intelligence - 12:30 UTC

Type: Bug Fix
Description: Fixed a bug where errors were displayed in several views for accounts newly onboarded to Intelligence.
Known limitations: N/A 
Affected Components: INTELLIGENCE

Compliance API - 9:00 UTC

Type: Bug Fix
Description: Fix a bug when filtering events on platform and entityType.
Case ID: DFT-1673
Known limitations: N/A 
Affected Components: COMPLIANCE API

Compliance Engine - 9:00 UTC

Type: Improvement
Description: Improve Compliance Engine performance.
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

Web Application Update - 08:40 UTC

Type: Improvement
Description: Major improvement in the GUI for the following pages: User, Role and Service Account.
Known limitations: N/A 
Affected Components: Application

Azure Api Management Service - 14:10 UTC

Type: Improvement
Description: Added ‘Sku’ property in Azure Api Management Service model in compliance and protected assets.
Case ID: DFR-2134
Known limitations: N/A 
Affected Components: DATA FETCHERS azure  Compliance Engine PROTECTED ASSETS

Azure Virtual Machine - 14:10 UTC

Type: Improvement
Description: Added ‘Extensions.Status’ property and fixed 'Extensions.TypeHandlerVersion' property in Azure Virtual Machine model in compliance and protected assets.
Case ID: DFT-1629
Known limitations: N/A 
Affected Components: DATA FETCHERS azure  Compliance Engine PROTECTED ASSETS

GCP Network - 14:10 UTC

Type: Improvement
Description: Added ‘FirewallRules’ property in GCP Network model in compliance and protected assets.
Known limitations: N/A 
Affected Components: DATA FETCHERS GCP  Compliance Engine PROTECTED ASSETS

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description: New AWS CFT and GCP rules, rules fixes. A complete list can be found here.
Case ID: N/A
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

Kubernetes - Image Assurance Retrospect - 17:30 UTC

Type: Bug Fix
Description:

• Fixed a bug where the Retrospect failed to generate a new alert on newly discovered exploits, updated severity, and updated remediation.

• Image Assurance Retrospect Mechanism, updates and generates new alerts when there is new information discovered on existing images. New information such as new exploits, updated severity, or updated remediation.

  • If a new vulnerability is discovered on existing images that have already been scanned, a new alert with the updated information will replace the old alert.

Known limitations: N/A 
Affected Components: Kubernetes Image Assurance

Billing Report - 12:30 UTC

Type: Bug Fix
Description:

• Error message will be displayed when user with role lower then Auditor is trying to export to csv an Asset Billing Report.

• Bug fixed - User with Auditor permissions can view the same asset billing report information as user with Manage permission, instead of getting Internal Error in the CSV Report

Case ID: DFT-1685
Known limitations: N/A 
Affected Components: billing Report permissions

Protected Assets - 21:30 UTC

Type: Bug Fix
Description: Fixed an issue with the format of Created Date for AWS IAM users in Protected Assets.
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

Intelligence - 21:30 UTC

Type: Internal release
Description: Internal release of features for upcoming CIEM solution.
Known limitations: N/A 
Affected Components: CIEM

Intelligence - 21:30 UTC

Type: Internal release
Description: Internal release of features for upcoming GCP account activity support in Intelligence.
Known limitations: N/A 
Affected Components: INTELLIGENCE

Compliance Engine - 08:50 UTC

Type: Improvement
Description: Internal improvement of the Compliance engine
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

API - 06:40 UTC

Type: Improvement
Description: Internal improvement
Known limitations: N/A 
Affected Components: API

GCP Storage Bucket - 12:00 UTC

Type: Improvement
Description: Added ‘iamConfiguration’ and ‘retentionPolicy’ properties in GCP StorageBucket model in compliance and protected assets.
Known limitations: N/A 
Affected Components: DATA FETCHERS GCP  Compliance Engine PROTECTED ASSETS

Intelligence Rulesets Update - 13:00 UTC

Type: Improvement
Description: Rules fixes
Case ID: N/A
Known limitations: N/A 
Affected Components: Intelligence RULESETS

Kubernetes - Runtime Protection Network profiling - 16:30 UTC

Type: New Feature
Description:

• The Runtime Protection agents will now also be able to monitor and enforce a workload’s network activities

• This new feature is automatically added to new agents

• Existing agents need to be upgraded to the latest version for the feature to become active

Known limitations: Once the network profiling feature is enabled all existing profiles will be reset and a new 24 hours learning period will commence.
Affected Components: Kubernetes runtime protection

Kubernetes - Helm Chart 2.9.0 & New Agent versions - 08:30 UTC

Type: New Feature
Description:

• New Image Assurance agent, version 2.4.0

  • Including ACR Conatiner Registry scan

• New Inventory agent , version 1.4.0

  • Improvements

  • Support for OpenShift compliance

• New Runtime daemon, version 0.0.666

  • CRIO support

  • Performance improvements

• New Runtime policy, version 1.0.0

  • Improvements

  • Build using scratch image

• New Flowlogs daemon, version 0.5.2

  • Improvements

• New Admission-enforcer, version 1.3.0

  • GSL engine update

  • Prevention policy will now alert on all rules (previously it was stopped on the first hit)

Known limitations: N/A 
Affected Components: Kubernetes Helm

AWS CloudFront - 13:00 UTC

Type: Bug fix
Description: Fixed bug in indexing tags of AWS CloudFront in protected assets.
Case ID: DFT-1615
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

Azure Locks - 13:00 UTC

Type: Bug fix
Description: Fixed bug in logic of Azure entities' locks list in compliance and protected assets.
Known limitations: N/A 
Affected Components: Compliance Engine PROTECTED ASSETS

Azure PostgreSQL - 13:00 UTC

Type: Improvement
Description: Added the following property in Azure PostgreSQL model in compliance and protected assets:
minimalTlsVersion, byokEnforcement, infrastructureEncryption, userVisibleState, replicationRole, masterServerId, replicaCapacity, publicNetworkAccess, privateEndpointConnections.
Case ID: DFR-2135
Known limitations: N/A 
Affected Components: DATA FETCHERS azure  Compliance Engine PROTECTED ASSETS

Compliance Rulesets Update - 12:00 UTC

Type: Improvement
Description: New AWS CFT rules. A complete list can be found here.
Case ID: N/A
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

Compliance API - 19:00 UTC

Type: Bug fix
Description: fix a bug when exporting csv findings of Shiftleft, Alibaba and K8S accounts
Known limitations: N/A 
Affected Components: COMPLIANCE API

Compliance API - 15:50 UTC

Type: Improvement
Description: Create new API for getting assessments executive report
Known limitations: N/A 
Case ID: DFR-2000
Affected Components: COMPLIANCE API

Compliance API - 10:00 UTC

Type: Improvement
Description: Create new API for exporting findings to CSV

• Direct download

• Getting download link

Known limitations: N/A 
Affected Components: COMPLIANCE API

Kubernetes - VMWare Tanzu is now supported - 08:35 UTC

Type: New Feature
Description: VMWare Tanzu is now supported
Known limitations:

• TKG v1.2 and up

• TKGI v1.10 and up

Affected Components: Kuberentes tanzu

Kubernetes - RedHat OpenShift Container Platform is now supported - 08:35 UTC

Type: New Feature
Description:
RedHat OpenShift Container Platform can now be onboarded
CIS OpenShift Container Platform v4 Benchmark v1.1.0 ruleset has been added A complete list can be found here.
Known limitations:

• Version v4.6 and up

• For the Runtime Protection blade, the worker nodes running on RHCOS.

Affected Components: Kuberentes OpenShift

Kubernetes - New Admission Control use cases have been added - 08:35 UTC

Type: Improvement
Description:
The following use cases have been added to Kubernetes Admission Control

• Services should not expose SSH port

• All capabilities are dropped in a Security Context

• CVE-2020-8554:Services should not use "externalIPs"

• Readiness Probe Not Configured

• Liveness probe not configured

• SELinux options should not be configured on containers

• Custom hosts (/etc/hosts) configuration should be avoided

• Containers should run using updated images

• Do not use shared mount propagation

• Host device path mounts should not be used

• Ingress should restrict sources to avoid permissive access to services

• Disable automounting API credentials

• CVE-2021-25742: Ingress should not use unsafe annotations

• CVE-2021-25742: Ingress Nginx ConfigMap should not use allow-snippet-annotations

Known limitations: N/A 
Affected Components: Kuberentes Admission Control

Compliance Engine - 08:20 UTC

Type: Improvement
Description: Internal improvement of the Compliance engine
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

CloudSecurityGroup API - 07:45 UTC

Type: Bug Fix
Description: Fixed an issue in Security Group creation API that caused it to fail in some conditions.
Case ID: DFT-1663
Known limitations: N/A 
Affected Components: API

Dashboard - 21:00 UTC

Type: Bug
Description: 

• DFT-1650, DFT-1651 - Fixed an issue where some users could not duplicate or update dashboards that contain charts.

Known limitations: N/A 
Affected Components: Dashboard

Intelligence Rulesets Update - 14:00 UTC

Type: Improvement
Description: Rules fixes
Case ID: N/A
Known limitations: N/A 
Affected Components: Intelligence RULESETS

Compliance Rulesets Update - 06:30 UTC

Type: Improvement
Description: New AWS rules. A complete list can be found here.
Case ID: N/A
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

AWS Onboarding - 11:00 UTC

Type: Improvement
Description:

• Added AWS Inspector read permissions to ‘CloudGuard-readonly-policy’ in AWS onboarding process.

• Will support future integration with the new AWS Inspector.

• Added the following:

  • inspector2:List*

  • inspector2:Read*

Known limitations: N/A 
Affected Components: API

Dashboard - 7:00 UTC

Type: Bug
Description: 

• DFT-1605 - Trend widget throws an exception not loading data

Known limitations: N/A 
Affected Components: Dashboard

Application - 7:00 UTC

Type: Bug Fixes
Description: 

• Fixed an issue where some users were not able to download the events report coming from the Infinity Portal.

• Fixed an issue where the user was redirected to the dashboard page instead of their requested page upon login.

Known limitations: N/A 
Affected Components: Infinity portal