April 2023

IMPROVEMENT AWS Region - 14:00 UTC

Description: Added new property "SecurityHubEnabled" for AWS Region in compliance engine and protected assets.
Case ID: DFR-2413
Known limitations:
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

fixed Onboarding permission fixed on infinity portal - 10:50 UTC

Description: JIT(Just in time) User using CloudGuard SSO or coming from Infinity Portal are now allowed to onboard their Cloud Accounts to CloudGuard with the Onboarding Permission.
Case ID: DFT-2491, PLAT-8011
Known limitations: Onboarding Permission doesn't include View or Manage Permission to the onboarded Cloud Account.
Affected Components: INFINITY PORTAL

fixed Filter Panel race condition in updating data - 11:50 UTC

Description: Fix for 'Risk Score' filter in Protected Assets page under Risk Management
Case ID: PLAT-7895
Known limitations: N/A
Affected Components: UI

IMPROVEMENT AWS App Load balancer - 07:30 UTC

Description: Added "attributes" property to target group
Case ID: DFR-2662
Known limitations:
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE AWS Security Hub - 11:00 UTC

Description: Added support for "AWS Security Hub" in compliance engine and protected assets.
Case ID: DFR-2416
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE AWS S3 Glacier Vault - 11:00 UTC

Description: Added support for "AWS S3 Glacier Vault" in compliance engine and protected assets.
Case ID: DFR-442
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Open Vs. Closed Findings - New widget - 11:50 UTC

Description: Added dashboard structure under active feature
Case ID: PLAT-7397
Known limitations: N/A
Affected Components: UI

feature ERM Widget added to New Dashboard in React - 11:50 UTC

Description: Added ERM widgets with data to New Dashboard in React
Case ID: PLAT-7929
Known limitations: N/A
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 10:50 UTC

Description: A DFT on Oracle Cloud Ruleset was fixed. A complete list can be found here.
Case ID: IN-7585, DFT-2511
Known limitations: N/A 
Affected Components: Compliance RULESETS

IMPROVEMENT Helm 2.20.0 - 10:50 UTC

Description: Image Assurance, Runtime Protection. A complete list can be found here.
Case ID: CON-5149
Known limitations: N/A 
Affected Components: containers

IMPROVEMENT Intelligence Rulesets Update - 08:30 UTC

Description: Update for AWS rule. A list can be found here.
Case ID: IN-7211
Known limitations: N/A 
Affected Components: INTELLIGENCE RULESETS

IMPROVEMENT Compliance Rulesets Update - 11:20 UTC

Description: New Alibaba cloud rules, new OCI rule, new AWS rules; rule improvement. A complete list can be found here.
Case ID: IN-7365
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Replace Azure icon in all places - 11:50 UTC

Description: Replaced Azure icon to newer design in all pages
Case ID: PLAT-7793
Known limitations: N/A
Affected Components: UI

FEATURE AWS Glue Job - 13:00 UTC

Description: Added support for "AWS Glue Job" in compliance engine and protected assets.
Case ID: DFR-2486
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE AWS Glue Crawler - 13:00 UTC

Description: Added support for "AWS Glue Crawler" in compliance engine and protected assets.
Case ID: DFR-2487
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE AWS Glue Data Catalog Encryption Setting - 13:00 UTC

Description: Added support for "AWS Glue Data Catalog Encryption Setting" in compliance engine and protected assets.
Case ID: DFR-2488
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE AWS Glue Dev Endpoint - 13:00 UTC

Description: Added support for "AWS Glue Dev Endpoint" in compliance engine and protected assets.
Case ID: DFR-2489
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE AWS Glue ML Transform - 13:00 UTC

Description: Added support for "AWS Glue ML Transform" in compliance engine and protected assets.
Case ID: DFR-2490
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

fixed AWS IAM User - 10:30 UTC

Description: Fixed wrong classification of MFA devices where root user virtual MFA device was classified as physical.
Case ID: DFT-2450
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Risk Management - Network Exposure - 09:00 UTC

Description: Added Network Exposure support for Azure Virtual Machines in ERM. We currently identify publicly exposed Virtual Machines via direct access using public IPs. Additional use cases will be supported in later releases.
Case ID: SEC-871
Known limitations: N/A 
Affected Components: ERM

IMPROVEMENT Azure Front Door - 07:30 UTC

Description: Added support for Azure Global WAF connector for FrontDoor in compliance engine
Case ID: DFR-2544
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS & Azure - vendorIdentifier property - 7:30 UTC

Description: Added support for field 'vendorIdentifier' property in compliance engine and protected assets for all the AWS & Azure this data is available for (ARN for AWS, ResourceURI for Azure). Field will be missing if data is not available.
Case ID: DFT-2390
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS Region - 13:30 UTC

Description: AWS Region Dome9Id was changed to a unique value over different cloud accounts.
Case ID: DFR-2625
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Risk Management Assets Support - 13:50 UTC

Description: Added support for new assets in Risk Management: AWS KMS, AWS EKS Cluster, Azure WebApp.
Case ID: SEC-593, SEC-778, SEC-588
Known limitations: N/A
Affected Components: ERM

IMPROVEMENT Compliance Rulesets Update - 18:30 UTC

Description: The first release of the Azure CIS v2 ruleset;
Case ID: IN-7140
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Missing entities in the protected assets table - 13:10 UTC

Description: Added missing entities; Azure Postgre SQL Flexible Service, AWS IAM Policy, AWS Subnet and AWS Network Access Control List to new protected assets table
Case ID: DFT-2439
Known limitations: N/A
Affected Components: UI PROTECTED ASSETS

FEATURE Azure Front Door - 13:30 UTC

Description: Added support for "Azure Front Door" in Compliance Engine and Protected Assets.
Case ID: IN-6327
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE OCI Vault - 13:30 UTC

Description: Added support for "OCI Vault" in Compliance Engine and Protected Assets.
Case ID: IN-6592
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE Oracle Cloud Infrastructure (OCI) Support - 14:30 UTC

Description: Added support for Oracle Cloud Infrastructure (OCI) in CloudGuard.
Case ID:
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS UI

IMPROVEMENT Effective Risk Management - AWS RDS support - 17:00 UTC

Description: AWS RDS is now supported in Risk Management section. This includes the calculation of Network Exposure fields for all RDS types.
Case ID: SEC-637, SEC-638, SEC-640
Known limitations: An RDS may be marked as Public in case it is in a Public VPC but in a Private subnet.
Affected Components: Risk management UI

IMPROVEMENT Compliance Rulesets Update - 13:30 UTC

Description: The first release of the Oracle CIS v1.2 ruleset; The first release of the GCP MITRE ATT&CK v12.1 ruleset; rule improvement. A complete list can be found here.
Case ID: IN-7163, DFT-2420
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Navigation Search - 17:00 UTC

Description: Allow users to search menu items from the main page.
Case ID: PLAT-7130
Known limitations: Shiftleft and Spectral pages are not included in the search
Affected Components: UI

fixed Infinity portal timeout - 15:50 UTC

Description: Idle session timeout is reached while being active in CloudGuard Posture.
Case ID: DFT-2300, PLAT-6833
Known limitations: N/A
Affected Components: UI

fixed Posture Ruleset - 13:50 UTC

Description: Disable Terraform platform for new rulesets creation.
Case ID: PALT-7642, DFT-2417
Known limitations: Account with Classic shiftleft flow won’t be affected.
Affected Components: posture ruleset UI

IMPROVEMENT Azure Storage Account - 13:30 UTC

Description: Added support for “key1CreationTime” and "key2CreationTime" properties.
Case ID: DFR-2687
Known limitations: N/A 
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FIXED OCI Network Load Balancer - 10:30 UTC

Description: Changed "listeners" field structure for "OCI Network Load Balancer" in compliance engine.
Case ID: DFR-2618
Known limitations: N/A 
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FIXED GCP Security Group - 10:30 UTC

Description: Added support for "ServiceAccounts" target when building Firewall rules for GCP security group.
Case ID: DFT-2432
Known limitations: N/A 
Affected Components: UI fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Serverless - Add Dotnet6 support - 18:00 UTC

Description: Dotnet6 support has been added to the function scanning and proact tool,
Case ID: PROT-1510
CloudFormationTemplate version has been changed. the new version: 28
Known limitations: N/A 
Affected Components: SERVERLESS

IMPROVEMENT Serverless - update future 0.17.1 package - 18:00 UTC

Description: Update future 0.17.1 in order to fix CVE-2022-40899
Case ID: PROT-1092
Known limitations: N/A 
Affected Components: SERVERLESS

IMPROVEMENT Compliance Rulesets Update - 17:00 UTC

Description: The first release of the AWS default ruleset; severity change to 24 AWS rules, new rules and rules improvements. A complete list can be found here.
Case ID: IN-7112, DFT-2361, DFT-2403, DFT-2362
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED AWS ECS Cluster - 12:30 UTC

Description: Fixed a problem where "containerinstance" field shows non-existing instances.
Case ID: DFT-2405
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

FIXED AWS WAFRegional/WAFRegionalV2 - 12:30 UTC

Description: Improve running time of GSL's on both AWS WAFRegional and AWS WAFRegionalV2.
Case ID: DFT-2350
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

FIXED AWS KMS - 11:00 UTC

Description: Fixed the "kmsAssetsStats" attribute in AWS KMS entity to support the multi region keys.
Case ID: IN-5902
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

Fixed Tenable integration - 18:00 UTC

Description: Changed Tenable vulnerabilities ID to fix an issue that caused resolved vulnerabilities to stay open.
Case ID: SEC-573
Known limitations:
Affected Components: Tenable

IMPROVEMENT Main Menu - Moved “Risk Management” - 14:00 UTC

Description: The “Risk Management” main menu item was moved to the second position within the menu.
Case ID: SEC-785
Known limitations:
Affected Components: UI

IMPROVEMENT Risk Management - 14:00 UTC

Description: The “Unknown” network exposure value of protected assets will not be displayed in the filters and the protected assets table.
Case ID: SEC-751
Known limitations:
Affected Components: UI

IMPROVEMENT Scheduled Report Notification - 15:10 UTC

Description: The email content of a scheduled report notification (Summary, Detailed, CSV, Zipped CSV), will be also sent as an attachment to the email, as an html file for local usage. The file’s name is “Report.html”
Case ID: PLAT-5703, DFT-2090
Known limitations: Executive reports won’t be sent as attachment.
Affected Components: Notification

IMPROVEMENT Azure Blueprint Assignment - 16:30 UTC

Description: Added support for “Azure Blueprint Assignment” in Compliance engine and Protected Assets.
Case ID: INT-2178
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Containers Update - 10:30 UTC

Description: CloudGuard Terraform module version 1.28.6 has been released, adding support for Image Assurance rulesets in the Dome9_ruleset resource.
Case ID: DFT-2055
Known limitations: N/A 
Affected Components: Containers

IMPROVEMENT Intelligence Rulesets Update - 10:30 UTC

Description: New Intelligence rules for Azure & AWS. A list can be found here here.
Case ID: IN-6990
Known limitations: N/A 
Affected Components: INTELLIGENCE RULESETS

FIXED Risk Management - Network Exposure Filter - 13:00 UTC

Description: Changed Network Exposure filter string representation from “Partial“ to “Partially Public”, to match the actual value on the assets.
Case ID: SEC-670
Known limitations: N/A 
Affected Components: ERM UI

IMPROVEMENT Compliance Rulesets Update - 14:00 UTC

Description: The first release of the EKS CIS v1.2 ruleset. AWS Hi-Trust v11 and AWS SOC2 rulesets, rules improvements. A complete list can be found here.
Case ID: IN-7032, DFT-2348
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS