March 2022

feature CloudGuard registration - 14:00 UTC

Description: Redirect to Portal registration for non Infinity Portal users when trying to register to CloudGuard.
Case ID: PLAT-2656
Known limitations: N/A 
Affected Components: registraion

feature Restrictions for new role creation - 14:00 UTC

Description: Enforcing inserting forbidden characters to role name.
Case ID: PLAT-3102
Known limitations: N/A 
Affected Components: roles

fixed CP new logo - 14:00 UTC

Description: Replace CP logo across CloudGuard
Case ID: PLAT-3268
Known limitations: N/A 
Affected Components: ui

fixed Protected assets export action fix - 14:00 UTC

Description: ProtectedAssets ExportToCsv - sort fields did not change.
Case ID: PLAT-2015
Known limitations: N/A 
Affected Components: Protected Assets

IMPROVEMENT Compliance Rulesets Update - 11:30 UTC

Description: The first release of CIS Kubernetes Benchmark v1.23 ruleset, new rules for AWS and AWS CFT. A complete list can be found here.
Case ID: IN-3312, DFT-1743, DFR-1488
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS

fixed Serverless - Fix scan lambda functions for opted-in regions - 16:00 UTC

Description: Support scan lambda function for opted-in regions
Case ID: PROT-1319
Known limitations: N/A 
Affected Components: serverless

feature CG licenses - 14:30 UTC

Description: Licensing Via CloudInfra Implementation
Case ID: PLAT-2032
Known limitations: N/A 
Affected Components: LICENSES

improvement IAM Safety - Policy update - 10:30 UTC

Description: Updated the Policy generator to contain all AWS new Actions
Known limitations: N/A
Affected Components: UI

Feature GCP Big Query Table - 9:30 UTC

Description: Added support for GCP Big Query Table in compliance engine and protected assets.
Case ID: IN-2955
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets

IMPROVEMENT Azure Event Hub Namespace - 9:30 UTC

Description: Added "networkRuleSetRule.publicNetworkAccess" property to Azure Event Hub Namespace in compliance engine and protected assets.
Case ID: DFR-2239
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets

IMPROVEMENT AWS RDS DB Snapshot - 9:30 UTC

Description: Added "tags" property to AWS RDS DB Snapshot in compliance engine and protected assets.
Case ID: DFR-2261
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets

improvement Protected Assets - 10:10 UTC

Description: Added a new tab OVERVIEW in Protected Assets. When opening the details page for a specific entity, the OVERVIEW tab will show high level statistics on findings and security events as well as activity trends when data form Intelligence Account Activity is available.
Known limitations: N/A
Affected Components: UI

FIXED Dashboard - 11:30 UTC

Description: Fix user cannot save dashboard
Case ID: DFT-1776
Known limitations: N/A
Affected Components: UI

improvement AWS Onboarding - 10:30 UTC

Description: Added new permissions to ‘CloudGuard-readonly-policy’ and to 'CloudGuard-write-policy' in AWS onboarding process: backup:ListTags
Case ID: DFR-2253
Known limitations: N/A
Affected Components: onboarding

improvement Intelligence Rulesets Update - 10:30 UTC

Description: Updating Intelligence rules
Case ID: IN-3302
Known limitations: N/A
Affected Components: Intelligence Rulesets

improvement Hide Users page for CloudInfra users - 22:45 UTC

Description: Fix environment filter show selection correctly.
Case ID: PLAT-2643
Known limitations: N/A 
Affected Components: ui

imporvement Protected Assets Improvements - 22:45 UTC

Description: Protected Assets Screen Improvements
Case ID: PLAT-2290
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

fixed Exclusions Fix Environment filter does not show selections correctly - 22:45 UTC

Description: Fix environment filter show selection correctly.
Case ID: PLAT-2854
Known limitations: N/A 
Affected Components: exclusion

fixed Serverless - Scan Lambda functions in all regions - 22:45 UTC

Description: Support scan lambda function in regions eu-north-1 and ap-northeast-3.
Case ID: PROT-1307
Known limitations: N/A 
Affected Components: serverless

IMPROVEMENT AWS Unified Onboarding - 17:45 UTC

Description: Added audit logs on all modules, and improve update permissions.
Case ID: PLAT-3157, PLAT-3138
Known limitations: N/A 
Affected Components: onboarding

IMPROVEMENT Google Onboarding - 16:30 UTC

Description: Improve Google onboarding instructions.
Case ID: PLAT-2620
Known limitations: N/A 
Affected Components: onboarding UI

IMPROVEMENT Aws Unified Onboarding - 16:30 UTC

Description: Improve Aws unified onboarding experience.
Case ID: PLAT-2903
Known limitations: N/A 
Affected Components: ONBOARDING UI

FIXED Events - 14:30 UTC

Description: Fixed a bug when grouping by entity type.
Case ID: PLAT-3317
Known limitations: N/A 
Affected Components: UI

FIXED Role- 12:10 UTC

Description: Fixed a bug with user creating role.
Case ID: DFT-1839
Known limitations: N/A
Affected Components: API

IMPROVEMENT Compliance Rulesets Update - 14:30 UTC

Description: New rules for AZURE TF, AWS and GCP. A complete list can be found here.
Case ID: IN-3241
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Cloud Volume API - 13:00 UTC

Description: Added the following properties to the response:

• region

• cloudAccountId

• externalAccountNumber

• id

Case ID: DFR-693
Known limitations: N/A
Affected Components: API

IMPROVEMENT AWS Elastic IP API - 13:00 UTC

Description: Added the following properties to the response:

• region

• cloudAccountId

• id

Case ID: DFR-602
Known limitations: N/A
Affected Components: API

Feature GCP Https Load Balancer Target Proxy - 13:00 UTC

Description: Added support for GCP Https Load Balancer Target Proxy in compliance engine and protected assets.
Case ID: DFR-2122
Known limitations: N/A
Affected Components: FETCHERS compliance engine protected assets

Feature GCP Load Balancer SSL policy - 13:00 UTC

Description: Added support for GCP Load Balancer SSL Policy in compliance engine and protected assets.
Case ID: DFR-2122
Known limitations: N/A
Affected Components: FETCHERS compliance engine protected assets

Feature GCP Backend Service - 13:00 UTC

Description: Added support for GCP Backend Service in compliance engine and protected assets.
Case ID: DFR-2122
Known limitations: N/A
Affected Components: FETCHERS compliance engine protected assets

Feature GCP SSL Load Balancer Target Proxy - 13:00 UTC

Description: Added support for GCP SSL Load Balancer Target Proxy in compliance engine and protected assets.
Case ID: DFR-2122
Known limitations: N/A
Affected Components: FETCHERS compliance engine protected assets

IMPROVEMENT API Improvement- 06:30 UTC

Description: Added new throttling mechanism.
Case ID: Hotfix
Known limitations: N/A
Affected Components: API

IMPROVEMENT Azure Onboarding - 14:45 UTC

Description: Add new Additional Permissions section (optional).
Case ID: PLAT-2821
Known limitations: N/A
Affected Components: Onboarding

FIXED AWS Onboarding - 14:45 UTC

Description: Fixed user can unselect onboarding type.
Case ID: PLAT-3131
Known limitations: N/A
Affected Components: Onboarding

FIXED MFA - 14:45 UTC

Description: Disable MFA for SSO users.
Case ID: PLAT-3387
Known limitations: N/A
Affected Components: MFA

FIXED Cloud bots parameter syntax fix - 13:30 UTC

Description: User can now enter character like * and others under cloud bots parameters.
Case ID: DFT-1824
Known limitations: N/A
Affected Components: cloud bots

FIXED Cloud bots in automated remediation fix - 13:30 UTC

Description: Fixed bug in automated remediation. Now when you add a cloud bot to a rule it will add to the rule itself and not to all rules in this ruleset
Case ID: DFT-1835
Known limitations: N/A
Affected Components: automated remediationcloud bots

improvement AWS IAM SAML Provider & AWS IAM Open ID Connect Provider - 14:30 UTC

Description: Added support for ‘Name’ property in AWS IAM SAML Provider & AWS IAM Open ID Connect Provider in Compliance engine & Protected Assets.
Case ID: DFT-1793
Known limitations: N/A
Affected Components: FETCHERS compliance engine protected assets

FIXED Events - 10:15 UTC

Description: Fixed a bug not all environments can be filtered in the Events page
Case ID: DFT-1823
Known limitations: N/A
Affected Components: UI

improvement Intelligence Rulesets Update - 9:30 UTC

Description: Updating Intelligence rules
Case ID: IN-3242
Known limitations: N/A
Affected Components: Intelligence Rulesets

FIXED Serverless - Node shim performance issue - 20:00 UTC

Description: Fixed performance issues nodejs shim.

FSP has been changed. the new version: 1.5.84
Case ID: PROT-1297
Known limitations: N/A 
Affected Components: serverless

FIXED AWS MQ Broker - 09:15 UTC

Description: Fixed bug in AWS MQ Broker which caused fetching data only once in a day and skipping Africa (Cape Town) af-south-1 region.
Case ID: DFT-1796
Known limitations: N/A 
Affected Components: fetchers

Improvement Serverless - Intercept AWS api calls using harmony - 12:00 UTC

Description:

• FSP instrumentation of the lambda functions will be supported using FSP layer and environment variable
  DOTNET_STARTUP_HOOKS only.

• FSP version should be updated to 1.5.83 or above.

• Older FSP versions won't be supported with new FSP plugin.

FSP has been changed. the new version: 1.5.83

Case ID: PROT-1152
Known limitations: N/A 
Affected Components: serverless

IMPROVEMENT Compliance Rulesets Update - 12:40 UTC

Description: New rules for AZURE TF and GCP. A complete list can be found here.
Case ID: IN-3191
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED Admin guide link- 15:30 UTC

Description: Fixed resources documentation admin guide link
Case ID: PLAT-3316
Known limitations: N/A
Affected Components: UI

improvement CP icon - 15:30 UTC

Description: Replace CP icon in the webapp
Case ID: PLAT-2816
Known limitations: N/A
Affected Components: UI

improvement ShiftLeft - 15:30 UTC

Description: Show Assessment id inside a specific assessment .
Case ID: PLAT-2278
Known limitations: N/A
Affected Components: UI

improvement ShiftLeft - 15:30 UTC

Description: Add Welcome Page ,Assets page and more.
Case ID: PLAT-1369
Known limitations: N/A
Affected Components: UI

FIXED AWS Environment Remove And Update - 15:30 UTC

Description: Fixed AWS environment remove and update model X button not closing modal.
Case ID: PLAT-3132
Known limitations: N/A
Affected Components: UI

improvement Assessment History - 15:30 UTC

Description: Added link to the environment, also for Workload assessments added link to the Image.
Case ID: PLAT-2831
Known limitations: N/A
Affected Components: UI

FIXED Continuous Posture - 15:30 UTC

Description: Fixed Ruleset link when open in new tab.
Case ID: PLAT-1952
Known limitations: N/A
Affected Components: UI

FIXED Protected Assets - 15:30 UTC

Description: Fixed a bug with the entities mapping in the Protected Assets table.
Case ID: PLAT-2899
Known limitations: N/A
Affected Components: UI

FIXED Agents Alerts - 15:30 UTC

Description: Fixed broken link to the Agents alerts.
Case ID: PLAT-91
Known limitations: N/A
Affected Components: UI

FIXED Roles - 10:00 UTC

Description: Fixed a bug when updating roles.
Case ID: PLAT-3176
Known limitations: N/A
Affected Components: API

improvement Sync Status new API - 11:30 UTC

Description: Added a new API that provides a “true” / “false” indication for sync issue by environment and platform.
Case ID: DFT-1782
Known limitations: N/A
Affected Components: API

improvement Intelligence Rulesets Update - 9:30 UTC

Description: Updating Intelligence rules
Case ID: IN-3188
Known limitations: N/A
Affected Components: Intelligence Rulesets

fixed Grid Widget - 19:50 UTC

Description: Fixed Compliance grid widget not loading with OU filter
Case ID: IN-3193
Known limitations: N/A
Affected Components: ui

FEATURE Container Security, Image Assurance - Live Images - 17:30 UTC

Description:
A new liveness status has been added to container images.
Running statuses description:

• A container image is considered to be in a “Running” state if there are running workloads associated with (e.g. created from) that image.

  The running status is represented in the protected assets tables by two columns, “Is Running” and “Last Running Date”.
  Images can be grouped by the running status and/or sortable by the last running date.

• “Is Running” column: representing if the image is ‘Running’ with a green icon, or ‘Not Running’ with a grey icon.

  “Last Running date” column: represent the last time this image was active (last time an associated running workload was observed).

Known limitations:
and will be handled in the next publish soon:

• Images might not be correctly associated to short-lived workloads (such as Jobs).

• In the near future we will push out an update which will delete images after a set (configurable) amount of time in a “Not Running” status.
  Affected Components: ui Kuberentes Image Assurance ShiftLeft

fixed "Close alert" button is broken - 17:10 UTC

Description: Fixed “Close alert” button appearance
Case ID: IN-3175
Known limitations: N/A
Affected Components: ui

fixed GCP URL Map - 10:10 UTC

Description: Fixed bug in GCP URL Map - used to fetch only global entities instead of both regional and global.
Case ID: IN-3118
Known limitations: N/A
Affected Components: FETCHERS

improvement GCP Big Query - 10:10 UTC

Description: Added ‘datasetAccess.iamMember’ property in GCP Big Query in compliance engine, protected assets and API.
Case ID: IN-3061
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets api

FEATURE GCP Log Sink - 10:10 UTC

Description: Added support for GCP Log Sink in compliance engine and protected assets.
Case ID: IN-1737
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets

fixed Assessment API - 10:00 UTC

Description: Fixed issue in OrganizationalUnitsLastAssessmentStatistics API, that environment organizationalUnitId wasn’t presented.
Case ID: DFT-1817
Known limitations: N/A
Affected Components: API

fixed Compliance GSL Builder - 16:30 UTC

Description: Preview Entity after GSL test was fixed.
Case ID: PLAT-3199
Known limitations: N/A
Affected Components: api

improvement Compliance Rulesets Update - 12:50 UTC

Description: New rules for AWS, AZURE TF and AWS CFT. A complete list can be found here.
Case ID: IN-3148, DFT-1746, DFT-2746
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Events page - Added multi selection - 16:00 UTC

Description: Added an ability to select multiple findings.
Case ID: PLAT-2386
Known limitations: Close action not supported on posture events.
Affected Components: Events page

FIXED MSP - Permissions assignment fix - 16:00 UTC

Description: Fixed an issue that prevented the user to assign permissions while assuming role.
Case ID: DFT-1805
Known limitations: N/A
Affected Components: ui msp

improvement Roles Page - Main table update - 16:00 UTC

Description: Added an improved table and action buttons, improved performance..
Case ID: PLAT-1231, PLAT-2852
Known limitations: N/A
Affected Components: ui

FEATURE CloudGuard Roles Management By CloudInfra - 13:20 UTC

Description: Sync CloudGuard roles into CloudInfra roles, so user can be assigned role from CloudInfra console.
Case ID: PLAT-2772, PLAT-1758
Known limitations: N/A
Affected Components: API

FEATURE AWS Unified Onboarding API - 10:00 UTC

Description: Added new API for the Aws Unified Onboarding, the API returns the config should be set to AWS cloud formation API.
Case ID: PLAT-3061
Known limitations: N/A
Affected Components: API

improvement Compliance GSL Builder - 16:30 UTC

Description: Remove "New" attribute in the GSL playground of the Compliance Engine for any entity older than two months.
Case ID: IN-2987
Known limitations: N/A
Affected Components: ui

FEATURE Intelligence - GCP Account Activity - 13:10 UTC

Description: Added ability to onboard and offboard GCP projects to Intelligence Account Activity logs enrichment and insights. In addition to best practices ruleset for it which we recommend to use.
Case ID: INT-92
Known limitations: N/A
Affected Components: UI INTELLIGENCE Rulesets ONBOARDING INTELLIGENCE

Documentation: https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Intelligence/Intelligence-Onboard-GCP.htm

FEATURE Azure MySQL DB Single Server & Azure MySQL DB Single Server - 10:40 UTC

Description: Added support for Azure MySQL DB Single Server & Azure MySQL DB Single Server in compliance engine and protected assets.
Case ID: DFR-1800
Known limitations: N/A 
Affected Components:  FETCHERS compliance engine protected assets

FIXED Azure Event Hub Namespace - 10:40 UTC

Description: Fixed a bug of false information in networkRuleSetRule.defaultAction field, and removed virtualNetworkRules redundant field (which is now in networkRuleSetRule.virtualNetworkRules) for Azure Event Hub Namespace in compliance engine and protected assets.
Case ID: DFR-2136
Known limitations: N/A 
Affected Components:  FETCHERS compliance engine protected assets

FIXED Aws Cloud Front - 10:40 UTC

Description: Fixed cacheBehaviors field to contain also defaultCacheBehavior data for Aws Cloud Front in compliance engine and protected assets, to comply with Rule ID: D9.AWS.CRY.42.
Case ID: DFT-1759
Known limitations: N/A
Affected Components:  FETCHERS

improvement Intelligence Rulesets Update - 10:00 UTC

Description: Updating Intelligence rules
Case ID: IN-3146
Known limitations: N/A
Affected Components: Intelligence Rulesets

feature MFA Enforcement - 23:00 UTC

Description: Added ability to enforce account users to enable login with MFA.
Case ID: PLAT-1829
Known limitations: N/A 
Affected Components: api

FIXED CIEM - 7:00 UTC

Description: Fixed issue with redirections from the CIEM Overview Alert trendline widget.
Known limitations: N/A 
Affected Components: CIEM UI

FIXED CIEM - 7:00 UTC

Description: Fixed issue with tooltips on the CIEM Overview.
Known limitations: N/A 
Affected Components: CIEM UI

improvement MSP - Switch Role - 13:00 UTC

Description: Added ability to switch role between child account to dependents.
Case ID: PLAT-2968
Known limitations: N/A 
Affected Components: MSP trust switch role

fixed AWS Security Group, Azure Security Group - 17:00 UTC

Description: Fixed a bug that caused AwsSecurityGroupPolicy & AzureSecurityGroupPolicy to not be indexed to protected assets while handled through the API.
Case ID: IN-3002
Known limitations: N/A 
Affected Components: api

improvement Sync Now - 17:00 UTC

Description: Performance improvement in Sync Now feature.
Case ID: DFT-1754
Known limitations: N/A 
Affected Components: api

fixed AWS Account Alternate Contact - 16:10 UTC

Description: Fixed AWS Account Alternate Contact to avoid fetching unsupported US-GOV clouds.
Case ID: IN-3077
Known limitations: N/A 
Affected Components: FETCHERS

FEATURE GCP TCP Load Balancer Target Proxy - 10:30 UTC

Description: Added support for GCP TCP Load Balancer Target Proxy in compliance engine and protected assets.
Case ID: IN-3091
Known limitations: N/A 
Affected Components:  FETCHERS compliance engine protected assets

FEATURE Unified OnBoarding - 15:45 UTC

Description: Remove Active feature from Unified OnBoarding
Case ID: PLAT-1238
Known limitations: N/A 
Affected Components: UI

FEATURE Tooltip - 15:45 UTC

Description: Add tooltip on icon hover - "Copy to clipboard"
Case ID: PLAT-2472
Known limitations: N/A 
Affected Components: UI

FEATURE OffBoarding- 15:45 UTC

Description: User managed Offboarding - Instruct the user with the AWS step
Case ID: PLAT-2857
Known limitations: N/A 
Affected Components: UI

FEATURE Text Change - 15:45 UTC

Description: Status bar: Change "Switch to the old experience" to "Switch to manual onboarding"
Case ID: PLAT-2981
Known limitations: N/A 
Affected Components: UI

FEATURE Role API - 15:45 UTC

Description: Added the Users and the ServiceAccounts to the Role/Roles GET api
Case ID: DFR-2224
Known limitations: N/A 
Affected Components: API

improvement Compliance Rulesets Update - 13:00 UTC

Description: New rules for GCP and AWS CFT. A complete list can be found here.
Case ID: IN-3073
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS