July 2022

improvement Update the dependencies in FrontEnd to latest versions - 12:30 UTC

Description: Updated dependencies by criticality
Case ID: PLAT-4585
Known limitations: N/A
Affected Components: FRONTEND

Fixed Incorrect Posture Findings table - 12:30 UTC

Description: GCP Virtual Machine Instance - "Posture Findings" tab showed findings of other assets
Case ID: PLAT-4987
Known limitations: N/A
Affected Components: PROTECTED ASSETS

Fixed Protected assets table not restoring user's last column state - 12:30 UTC

Description: Load the last grouping state that the user selected.
Case ID: PLAT-5075
Known limitations: N/A
Affected Components: PROTECTED ASSETS

Fixed Status page UI warning close button - 12:30 UTC

Description: Created snoozing mechanism to not show this alert for 2 hours if close button clicked
Case ID: PLAT-4350
Known limitations: N/A
Affected Components: status page

IMPROVEMENT React Filter Panel Improvements - 12:30 UTC

Description: Filter panel improvements

• Responsiveness

• “Edit Filter” → ”Filter”

• Remove “Favorite” label, keep only star

• Organization: expand only first level

• Favorites: remove the ‘x’ and delete only on hover

• Auto scroll happens only when expanding sections

• Fixed when clicking in between the checkbox incorrect search

• Fixed filtering inside the box incorrectly marks found text

• Fixed incorrect z-order of the favorites box

Case ID: PLAT-4953
Known limitations: N/A
Affected Components: ERM dashboard

Fixed Status page UI warning close button - 12:30 UTC

Description: Created snoozing mechanism to not show this alert for 2 hours if close button clicked
Case ID: PLAT-4350
Known limitations: N/A
Affected Components: status page

IMPROVEMENT Intelligence Rulesets Update - 12:30 UTC

Description: Updating Intelligence rules
Case ID: IN-4792
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

IMPROVEMENT Azure PostgreSQL - 10:00 UTC

Description: Fix 'region’ property which had wrong value in Azure PostgreSQL.
Case ID: IN-4950
Known limitations: N/A 
Affected Components: FETCHERS

IMPROVEMENT Compliance Rulesets Update - 17:15 UTC

Description: Deprecated 221 CSPM Network rules for Azure and replaced them with 4 new rules. A list can be found here.
Case ID: IN-4910
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Azure PostgreSQL - 12:00 UTC

Description: Added support for ‘firewallRules’ property in Azure PostgreSQL in Compliance Engine and Protected Assets.
Case ID: IN-1857
Known limitations: N/A 
Affected Components: FETCHERS compliance engine protected assets api

IMPROVEMENT Compliance engine - 12:00 UTC

Description: Clear “New” mark for older entities in Compliance engine.
Case ID: IN-4808
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT API Documentation - 11:40 UTC

Description: New API reference website lunch - change CloudGuard portal API resources link, to new website, which accessible from: Resources → API → API Reference, from CG portal.
Case ID: PLAT-4573
Known limitations: N/A 
Affected Components: API Documentation

IMPROVEMENT Intelligence - 10:15 UTC

Description: Protocol number is now shown in Traffic Explorer map for Azure.
Case ID: INT-803
Known limitations: N/A 
Affected Components: UI INTELLIGENCE

IMPROVEMENT Admission Control - Add support for Global Exclusions- 16:00 UTC

Description:

• Add support for Admission Control Global Exclusions, which allows applying an exclusion on all rulesets. You can also apply the exclusion on a subset of Kubernetes clusters, or on all clusters at once.

• The new Admission Control Exclusions API support all CRUD operation ( see documentation at https://api-v2-docs.dome9.com/#dome9-api-KubernetesAdmissionControl )

Known limitations: N/A 
Affected Components: Kubernetes Admission Control API

IMPROVEMENT API Documentation - 16:00 UTC

Description: Remove redundant API documentations.
Case ID: PLAT-5060
Known limitations: N/A 
Affected Components: API

IMPROVEMENT AWS App Load Balancer Target Group - 14:00 UTC

Description: Remove redundant API documentations.
Case ID: PLAT-5060
Known limitations: N/A 
Affected Components: API

IMPROVEMENT Compliance Rulesets Update - 15:30 UTC

Description: The first release of the Amazon Elastic Kubernetes service (EKS) benchmark v1.1.0 ruleset, the first Openshift 3 Ruleset, adding new AWS LGPD rules. A complete list can be found here.
Case ID: IN-4806
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED Cloud Security Group API - 11:15 UTC

Description: Added Cloud Account ID as optional parameter to GET CloudSecurityGroup API.
Case ID: IN-4843
Known limitations: N/A 
Affected Components: api

IMPROVEMENT GCP Project - 09:30 UTC

Description: Added support to AccessApprovalSettings property in GCP Project entity in Compliance Engine and API.
Case ID: IN-4476
Known limitations: N/A 
Affected Components: compliance engine api FETCHERS

feature Events - 16:30 UTC

Description: Remove events that were created by deleted policy.
Case ID: PLAT-4686
Known limitations: N/A 
Affected Components: compliance engine

Fixed Notification - 13:00 UTC

Description: Added tooltip for disabled notification type.
Case ID: PLAT-4761
Known limitations: N/A 
Affected Components: UI

Fixed Protected Assets - 13:00 UTC

Description: Fixed a when grouping by OU.
Case ID: PLAT-4964
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

IMPROVEMENT Protected Assets - AWS EC2 Instance - 05:00 UTC

Description: Setting Instance Name as its ID in case of missing name.
Case ID: IN-4773
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 16:30 UTC

Description: Adding new rules for Azure CIS rulesets, updating EKS K8S rules. A complete list can be found here.
Case ID: IN-4740, DFR-2353
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Posture Management - 12:40 UTC

Description: Fix issue of service account accessing Compliance/Ruleset and ContinuousCompliancePolicyV2 APIs.
Case ID: PLAT-4926, DFR-1994
Known limitations: N/A 
Affected Components: api

Feature AWS FSx - 12:00 UTC

Description: Added support for Amazon FSx in compliance engine and protected assets.
Case ID: DFR-2258
Known limitations: N/A
Affected Components: FETCHERS compliance engine PROTECTED ASSETS

Feature AWS FSx Backup - 12:00 UTC

Description: Added support for Amazon FSx Backup in compliance engine and protected assets.
Case ID: DFR-2319
Known limitations: N/A
Affected Components: FETCHERS compliance engine PROTECTED ASSETS

IMPROVEMENT AWS S3 Bucket - 11:00 UTC

Description: Added support for "macieFindings" property in AWS S3 Bucket in Compliance Engine and Entity Viewer under protected assets.
Case ID: DFR-1320
Known limitations: N/A
Affected Components: FETCHERS compliance engine PROTECTED ASSETS

PERFORMANCE Azure SQL DB - 11:00 UTC

Description: Improved display time for Azure SQL Database service in the Compliance Engine.
Case ID: IN-4229
Known limitations: N/A
Affected Components: compliance engine

fix GSL Builder - 15:30 UTC

Description: Fixed bug in GSL builder, when using generic lists.
Case ID: PLAT-4863
Known limitations: N/A
Affected Components: Rule engine

IMPROVEMENT Posture Internal Improvement - 14:00 UTC

Description: Internal improvement of Posture (policies) API: /ContinuousCompliancePolicyV2.
Case ID: PLAT-4283, PLAT-4577
Known limitations: N/A
Affected Components: api

Feature Helm Chart 2.13 released- 10:00 UTC

Description: 2.13.0: image admission, registry scan ACR and ECR GA, ECS scan

• Admission Control policy 1.2.0, enforcer 1.5.0:

  • Image Admission; A new feature that integrates Admission Control and Image Assurance allowing users to block the deployment of workloads based on the Image Assurance policy.

  • Currently only supported via API

    • Configure the cluster policy (/v2/kubernetes/imageAssurance/policy) with an action of 'Prevention' or 'Detection'

    • Different actions granularity for scanned vs. unscanned images

    • Configure exclusions (/api/kubernetes/imageAssurance/admissionExclusion)

• Image Assurance 2.13.0:

  • Registry Scanning for ACR and ECR GA

  • Registry listing functionality has been split from engine agent into a separate 'imagescan-list' deployment

  • Support for scanner scaling.

• All features:

  • improving telemetry infrastructure

  • fluentbit container has been removed from all agents except for Admission Control enforcer & gsl, Runtime Protection daemon.

• Resources reduced for:

  • Admission Control enforcer and policy

  • Image Assurance engine

  • Runtime Protection policy

Known limitations: N/A
Affected Components: KubernetesImage AssuranceAdmission controlImage admission

IMPROVEMENT Intelligence Rulesets Update - 8:30 UTC

Description: Updating Intelligence rules
Case ID: IN-4727
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

IMPROVEMENT AWS Lambda Function - 11:45 UTC

Description: Added support for ‘UrlConfigs’ property in AWS Lambda Function in Compliance engine, Protected Assets & API.
Case ID: DFR-2295
Known limitations: N/A 
Affected Components: FETCHERS compliance engine PROTECTED ASSETS API

IMPROVEMENT Azure Web App - 11:00 UTC

Description: Added support for "ftpState" property in Azure Web App in Compliance Engine and Entity Viewer under protected assets.
Case ID: IN-1849
Known limitations: N/A 
Affected Components: FETCHERS compliance engine PROTECTED ASSETS

IMPROVEMENT Azure Function App - 11:00 UTC

Description: Added support for "ftpState" property in Azure Function App in Compliance Engine and Entity Viewer under protected assets.
Case ID: IN-1849
Known limitations: N/A 
Affected Components: FETCHERS compliance engine PROTECTED ASSETS

IMPROVEMENT Azure Role Assignment - 11:00 UTC

Description: Added support for "properties.principalType" property in Azure Role Assignment in Compliance Engine and Entity Viewer under protected assets.
Case ID: IN-4485
Known limitations: N/A 
Affected Components: FETCHERS compliance enginePROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 11:15 UTC

Description: Adding new rules for K8S, DFTs fixes. A complete list can be found here.
Case ID: IN-4692, DFT-1407, DFT-1974, DFT-1942
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Azure AKS Cluster - 11:00 UTC

Description: Added support for "privateEndpoints" property in Azure Kubernetes (AKS) Cluster in Compliance Engine and Entity Viewer under protected assets.
Case ID: DFR-1747
Known limitations: N/A
Affected Components: compliance engine

IMPROVEMENT AWS DynamoDb Table - 11:00 UTC

Description: Added support for "sseDescription.kmsMasterKeyArn" property in AWS DynamoDb Table in Compliance Engine .
Case ID: DFR-2380
Known limitations: N/A
Affected Components: FETCHERS compliance engine

IMPROVEMENT Intelligence Rulesets Update - 11:30 UTC

Description: Updating Intelligence rules
Case ID: IN-4377
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS