January 2023

FEATURE Azure User Assigned Identity - 12:00 UTC

Description: Added support for Azure User Assigned Identity in compliance engine and protected assets.
Case ID: INT-2177
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE protectd assets fetchers

fixed AWS IAM Role, AWS IAM User and AWS IAM Group - 4:10 UTC

Description: Fixed bug in 'combinedPolicies' property in AWS IAM Role, AWS IAM User and AWS IAM Group in Compliance Engine & Protected Assets.
Case ID: DFT-1159
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets

IMPROVEMENT AWS ECS Cluster - 12:30 UTC

Description: Added "Tags" property to AWS ECS Cluster in Compliance Engine & Protected Assets.
Case ID: IN-6474, DFR-2559
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets FETCHERS

IMPROVEMENT AWS WAF Regional V2 - 12:30 UTC

Description: Added "Tags" property to AWS WAF Regional V2 in Compliance Engine & Protected Assets.
Case ID: IN-6474
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets FETCHERS

IMPROVEMENT AWS IAM Server Certificate - 12:30 UTC

Description: Added "Tags" property to AWS IAM Server Certificate in Compliance Engine & Protected Assets.
Case ID: IN-6474
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets FETCHERS

IMPROVEMENT AWS DMS Endpoint - 12:30 UTC

Description: Added "Tags" property to AWS DMS Endpoint in Compliance Engine & Protected Assets.
Case ID: IN-6474
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets FETCHERS

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: The first release of the AWS PCI-DSS v4.0 Ruleset. AWS and GCP rules improvements. AZURE rules deprecation (due to refactoring). A complete list can be found here.
Case ID: IN-6644
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: The first release of the GCP CIS v2.0 Ruleset. AWS and AZURE rules improvements. AWS rules deprecation (due to duplication). A complete list can be found here.
Case ID: IN-6530
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Intelligence Rulesets Update - 10:30 UTC

Description: Updating Severity to Intelligence rules. A list can be found here
Case ID: IN-4677
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

IMPROVEMENT Intelligence Rulesets Update - 15:00 UTC

Description: Updating Intelligence rules for Azure and Kubernetes. A list can be found here
Case ID: IN-6372
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

IMPROVEMENT AWS RDS DB Snapshot - 16:00 UTC

Description: Added "dbSnapshotAttributes" property to AWS RDS DB Snapshot in Compliance Engine & Protected Assets.
Case ID: DFR-2167
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets FETCHERS

IMPROVEMENT AWS RDS DB Cluster Snapshot - 16:00 UTC

Description: Added "dbClusterSnapshotAttributes" property to AWS RDS DB Cluster Snapshot in Compliance Engine & Protected Assets.
Case ID: DFR-2167
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets FETCHERS

FEATURE Azure Active Directory Access Reviews Schedule Definition - 13:00 UTC

Description: Added support for Azure Active Directory Access Reviews Schedule Definition in compliance engine and protected assets.
Case ID: IN-5927
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE protectd assets fetchers

IMPROVEMENT Compliance Rulesets Update - 12:00 UTC

Description: New Kubernetes rules; AWS and AZURE and Kubernetes rules improvements. 1 Azure rules was deprecated. A complete list can be found here.

D9.AZU.AKS.03 - The Pod security feature for Azure Kubernetes Service (AKS) service was deprecated
Case ID: IN-6479, DFT-2292
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Service Account Details - 17:00 UTC

Description: Fix Service Account’s ‘Last Used’ column change on details update in the UI.
Case ID: DFT-2243, PLAT-6628
Known limitations: N/A
Affected Components: service account

IMPROVEMENT AWS EBS Snapshot - 16:00 UTC

Description: Added "CreateVolumePermissions" property to AWS EBS Snapshot in Compliance Engine & Protected Assets.
Case ID: DFR-1644
Known limitations: The property is currently being updated once in 6 hours, due to performance issue.
Affected Components: COMPLIANCE ENGINE protectd assets FETCHERS

FEATURE Azure Active Directory Security Defaults - 13:30 UTC

Description: Added support for Azure Active Directory Security Defaults in compliance engine and protected assets.
Case ID: IN-5899
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE protectd assets fetchers

FEATURE Azure Active Directory Authorization Policy - 13:30 UTC

Description: Added support for Azure Active Directory Authorization Policy in compliance engine and protected assets.
Case ID: IN-5897
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE protectd assets fetchers

IMPROVEMENT Risk Management - IAM Sensitivity - 14:00 UTC

Description:

• Added CIEM 'IAM Sensitivity' score into the Risk Score calculation for AWS EC2 Instance, Lambda and IAM Role.

• IAM Sensitivity is a number from 0 - 100 and represents the potential damage caused to the cloud environment due to IAM permissions granted.

• This number will modify the asset's risk score as it relates to the impact of a potential attack on the asset.

Case ID: SEC-397
Known limitations: N/A 
Affected Components: ERM

IMPROVEMENT Compliance Rulesets Update - 11:00 UTC

Description: AWS and AZURE rules improvements. A complete list can be found here.
Case ID: IN-6408, DFT-2307
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS Security Group - 12:30 UTC

Description: Added "ownerId" property to AWS Security Group in Compliance Engine & Protected Assets.
Case ID: DFR-2574
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE protectd assets