April 2022

FIXED AWS Network Firewall - 14:00 UTC

Description: Fixed bug in AWS Network Firewall when “vpc.id” property is not unique over regions in Compliance Engine.
Case ID: IN-3213
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FIXED Azure Storage Account - 14:00 UTC

Description: Fixed bug in Azure Storage Account in Table Storage service.
Case ID: IN-2958
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT AWS ACM Certificate - 13:00 UTC

Description: Added support for ‘certificateOptions.certificateTransparencyLoggingPreference’ property in AWS ACM Certificate in Compliance Engine and Protected Assets.
Case ID: DFR-2107
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE protected assets

IMPROVEMENT AWS ECR Repository - 13:00 UTC

Description: Added support for ‘Tag’ property in AWS ECR Repository in Compliance Engine and Protected Assets.
Case ID: DFR-2260
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE protected assets

IMPROVEMENT Compliance Rulesets Update - 12:00 UTC

Description: The first release of the LGPD regulation for AWS ruleset, K8S rule deprecation. A complete list can be found here.
Case ID: IN-3881, DFR-2302
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Serverless - remove ReadOnlyAccess permission from CloudFormation Template - 09:30 UTC

Description: remove ReadOnlyAccess permission from serverless CloudFormation Template, and replace it with strict permissions

cloud_formation template has been changed. the new version: 24
Case ID: PROT-1293
Known limitations: N/A 
Affected Components: serverless

IMPROVEMENT Serverless - Fixed FSP issue - 09:30 UTC

Description: Fixed an internal FSP python issue

FSP has been changed. the new version: 1.5.87
Case ID: PROT-1206
Known limitations: N/A 
Affected Components: serverless

IMPROVEMENT Compliance Integrations Improvement - 16:00 UTC

Description: Improve findings email and SNS integrations

• change email sender to do-not-reply@checkpoint.com

• change subject to the following format: CloudGuard Finding Detected - {Finding source} : {Rule title} . for example: CloudGuard Finding Detected - Compliance Engine: Avoid the use of the 'root' account

Case ID: DFT-1864
Known limitations: N/A 
Affected Components: Compliance Integrations

ANNOUNCMENT AWS Unified Onboarding Terraform Provider - 15:00 UTC

Description: Added Support for AWS Unified Onboarding as a Terraform provider resource.
Case ID: PLAT-2998
Known limitations: N/A 
Affected Components: Terraform provider

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New GCP rules. A complete list can be found here.
Case ID: IN-3774, DFT-1797
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED AWS Generic Builder for Compliance Engine - 09:00 UTC

Description: Fixed bug in AWS generic builder for Compliance engine. Couldn't run GSL assessment on two entities with the same id in different regions.
Case ID: IN-3806
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS Kinesis Firehose - 09:00 UTC

Description: Added support for ‘Tags’ property in AWS Kinesis Firehose in Compliance engine & Protected Assets.
Case ID: DFR-2262
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Azure MySQL DB Flexible Server - 09:00 UTC

Description: Added support for 'Parameters' property in Azure MySQL DB Flexible Server in compliance engine and protected assets.
Case ID: DFR-1800
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Azure Network Security Group - 09:00 UTC

Description: Extended the compliance engine model of Azure Network Security Group:

• Added the following properties: inboundSecurityRules, defaultInboundSecurityRules, outboundSecurityRules, defaultOutboundSecurityRules

• Contains the network security rules information in a new model.

• Will be used to reduce the entity size in future releases.

Case ID: IN-3136
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

FIXED AWS RDS DB Snapshot - 13:30 UTC

Description: Fixed an issue with tags data fetching.
Case ID: DFT-1871
Known limitations: N/A
Affected Components: FETCHERS

FIXED Protected Assets - 13:30 UTC

Description: Fixed an issue with ‘IsProtected’ value in AWS Security Group and Azure Network Security Group entities.
Case ID: IN-1429
Known limitations: N/A
Affected Components: PROTECTED ASSETS

IMPROVEMENT Intelligence Rulesets Update - 9:30 UTC

Description: Updating Intelligence rules
Case ID: IN-3749
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

Container Registry Scanning - 15:00 UTC

Description: Fixed an issue where known registry images would sometimes show the wrong repo URL.
Known limitations: N/A 
Affected Components: Container Registry Image Assurance

IMPROVEMENT Compliance API- 13:15 UTC

Description: Upgrading our API throttling mechanism.
Case ID: DFT-1859, PLAT-3734
Known limitations: N/A 
Affected Components: API

IMPROVEMENT Compliance Rulesets Update - 11:30 UTC

Description: The first release of the Azure CIS v1.4 ruleset, new GCP rules. A complete list can be found here.
Case ID: IN-3687
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT GCP Network - 11:00 UTC

Description: Added "isLegacy" property to GCP Network in compliance engine and protected assets.
Case ID: IN-3615
Known limitations: N/A 
Affected Components:  compliance engine protected assets

IMPROVEMENT AWS Backup Vault - 11:00 UTC

Description: Added "tags" property to AWS Backup Vault in compliance engine and protected assets.
Case ID: DFR-2253
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets

IMPROVEMENT AWS S3 Bucket - 11:00 UTC

Description: Added support for “macieInformation” property in AWS S3 Bucket in compliance engine and protected assets.
Case ID: IN-1966
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets

FIXED Compliance Integrations- 12:00 UTC

Description: Fixed an issue that integrations didn’t take the notification filter into account.
Case ID: DFT-1821
Known limitations: N/A
Affected Components: Compliance inegrations

FIXED Dashboards - 12:00 UTC

Description: Fixed an issue with dashboards when redirecting to events page the time range ignored
Case ID: DFT-1858, PLAT-3733
Known limitations: N/A
Affected Components: UI

improvement MFA - 12:00 UTC

Description: Added a popup when enabling and disabling MFA for all users
Case ID: PLAT-3356
Known limitations: N/A
Affected Components: UI

improvement Security Groups Page - 12:00 UTC

Description: Remove old Security Groups Page
Case ID: PLAT-3358
Known limitations: N/A
Affected Components: UI

improvement Intelligence Rulesets Update - 14:00 UTC

Description: Updating Intelligence rules
Case ID: IN-3733
Known limitations: N/A
Affected Components: Intelligence Rulesets

fixed Magellan dashboard widget fix- 01:45 UTC

Description: Fix dasboard Trend Lines/Widgets not working
Case ID: PROT-3403
Known limitations: N/A 
Affected Components: magellan

fixed Serverless - Fix FSP IO reports - 01:45 UTC

Description: Fix false negative IO attack in FSP.

FSP has been changed. the new version: 1.5.85
Case ID: PROT-1326
Known limitations: N/A 
Affected Components: serveerless

improvement Compliance Rulesets Update - 19:00 UTC

Description: Three CSPM rules for the Spring Cloud Function Vulnerability (CVE-2022-22963).
Case ID: IN-3680
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

improvement Compliance Rulesets Update - 16:00 UTC

Description: The first release of GCP CIS v1.3 ruleset, new GCP CloudBots. A complete list can be found here.
Case ID: IN-3362
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

Feature Azure Spring Cloud - 12:30 UTC

Description: Added support for Azure Spring Cloud in compliance engine and protected assets.
Case ID: IN-3663
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets

fixed GSL Builder - 17:30 UTC

Description: Fixed an issue when showing passed entities.
Case ID: DFT-1855
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT AWS Onboarding - 10:30 UTC - 11:00 UTC

Description: Added new permissions to ‘CloudGuard-readonly-policy’ in AWS onboarding process: macie2:DescribeBuckets
Case ID: IN-1966
Known limitations: N/A
Affected Components: ONBOARDING

fixed Kubernetes AC Audit Logs - 14:00 UTC

Description: Kubernetes Admission Control Audit Logs - Fix Description.
Case ID: PLAT-622
Known limitations: N/A 
Affected Components: kubernetes admission control audit logs