May 2023

FEATURE Azure Subscription Policy - 14:30 UTC

Description: Added support for "Azure Subscription Policy" in compliance engine and protected assets.
Case ID: IN-7480
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

fix Enable AWS Unified onboarding in China region - 12:30 UTC

Description: Unable to use Unified Onboarding in AWS China

Case ID: DFT-2409
Known limitations: N/A 
Affected Components: Unified onboarding

IMPROVEMENT Compliance Rulesets Update - 08:00 UTC

Description: New GCP rules; DFT fix. A complete list can be found here.

Case ID: IN-7774, DFT-7498
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Risk Management - Risk Score calculation - 11:00 UTC

Description: Including "Data Sensitivity" information as part of the risk score calculation for AWS S3 Buckets.
Case ID: SEC-912
Known limitations: N/A
Affected Components: ERM

FEATURE Risk Management - Network Exposure - 11:00 UTC

Description: Added Network Exposure support for Azure Virtual Machines via Load Balancer.
Case ID: SEC-762
Known limitations: N/A 
Affected Components: ERM

FEATURE Internal Findings API - 9:00 UTC

Description: Added a new flag for filtering findings based on customer policies that allows filter findings based on policy types
Case ID: PLAT-7819
Known limitations: N/A
Affected Components: FINDING api COMPLIANCE ENGINE

fixed AWS Application Load Balancer - 8:30 UTC

Description: Initializations for the “createdTime” and “updatedTime” properties were fixed for the AWS' Application Load Balancer entity.
In addition, support for 6 listener rule’s header values were added: HostHeaderConfig, PathPatternConfig, HttpHeaderConfig, QueryStringConfig, HttpRequestMethodConfig and SourceIpConfig in ‘listeners.rules.conditions’.
Case ID: DFT-2503
Known limitations: N/A
Affected Components: Fechers COMPLIANCE ENGINE

FEATURE Internal Findings API - 9:00 UTC

Description: Added a new flag for filtering findings based on customer policies that allows filter findings based on policy types
Case ID: PLAT-7819
Known limitations: N/A
Affected Components: FINDING api COMPLIANCE ENGINE

FEATURE Azure Application Insights - 11:00 UTC

Description: Added support for "Azure Application Insights" in compliance engine and protected assets.
Case ID: IN-7748
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

fixed OCI permissions show entities broken - Bug Fix - 9:00 UTC

Description: Added a new flag for filtering findings based on customer policies that allows filter findings based on policy types
Case ID: PLAT-8118
Known limitations: N/A
Affected Components: UI COMPLIANCE ENGINE

FEATURE Risk Management integration with AWS Macie - 13:30 UTC

Description: New integration with AWS Macie for S3 Buckets sensitive data discovery. Added "Data Sensitivity" information in Risk Management protected assets page.
Case ID: SEC-913
Known limitations: N/A
Affected Components: ERM PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 11:30 UTC

Description: AWS New EKS Rules, AWS Rules Removal, and 2 DFTs were fixed. A complete list can be found here.

D9.AWS.IAM.42 - deprecated due to redundancy

D9.AWS.IAM.70 - can’t be triggered anymore (AWS fix)
Case ID: IN-7719, DFT-2513,DFT-2559
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE Azure Defender Server Vulnerability Assessment - 11:00 UTC

Description: Added support for "Azure Defender Server Vulnerability Assessment" in compliance engine and protected assets.
Case ID: IN-7477
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE New Region Support in AWS - UAE (me-central-1) - 11:00 UTC

Description: Added support for new region in AWS - UAE (me-central-1) in compliance engine and protected assets.
Case ID: DFT-2536
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS S3 Bucket - 06:00 UTC

Description: Added new property "replication.rules.destination.accountId" for AWS S3Bucket in compliance engine.
Case ID: DFR-2641
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS ElastiCache - 13:00 UTC

Description: Added new property "ReplicationGroup" for AWS ElastiCache in compliance engine and protected assets.
Case ID: DFR-2590
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

FEATURE Azure Virtual Machine Protected Assets Risk Management - 12:30 UTC

Description: Added a Context Graph to the Azure Virtual Machine's Protected Asset Page. The Context Graph will display the asset exposure to the Internet.
Case ID: SEC-931
Known limitations: N/A
Affected Components: ERM PROTECTED ASSETS

IMPROVEMENT Risk Management Assets Support - 12:30 UTC

Description: Added support for new assets in Risk Management: AWS SQS, AWS DynamoDB Table, AWS Redshift, AWS SNS Topic, AWS ECR Repository, Azure FunctionApp, Azure Storage Account.
Case ID: SEC-875, SEC-802
Known limitations: N/A
Affected Components: ERM

fixed Compliance Engine GSL Bug Fix - 11:15 UTC

Description: Fix a bug with a certain GSL for the Compliance Engine.
Case ID: IN-7673
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed Events page - group by category show irrelevant events under category with empty value - 13:15 UTC

Description: Events page - group by category show irrelevant events under category with empty value
Case ID: PLAT-7661
Known limitations: N/A
Affected Components: UI

fixed CloudInfra Registration lambda fail because TaskCanceledException Bug Fix - 14:15 UTC

Description: Fixed edit role page loading stuck when user with millions of records
Case ID: PLAT-7365
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed Compliance Engine Bug Fix - 14:15 UTC

Description: Fixed edit role page loading stuck when user with millions of records
Case ID: DFT-2449, PLAT-7846
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

feature AWS CodeBuild Project - 13:00 UTC

Description: Added support for "AWS CodeBuild Project" in compliance engine and protected assets.
Case ID: DFR-2479
Known limitations:
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New AWS and Azure rules; AWS CIS v1.5 ruleset enrichment; Azure CIS v2 ruleset enrichment; A complete list can be found here.
Case ID: IN-7682, DFT-2534, DFT-2286, DFT-2499
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Alibaba RdsDbInstance - 07:00 UTC

Description: Added new property "dbInstanceParameter" for Alibaba RdsDbInstance in compliance engine and protected assets.
Case ID: IN-7590
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

fixed OCI onboarding doesn't work if only "root" OrganizationUnit exists- 11:00 UTC

Description: OCI onboarding doesn't work if only "root" OrganizationUnit exists
Case ID: DFT-2521
Known limitations: N/A
Affected Components: UI onboarding

IMPROVEMENT Azure Virtual Machine Scale Set - 15:00 UTC

Description: Added new properties to Azure VirtualMachineScaleSet Entity, “OrchestrationMode”, “Instances.SecurityProfile“, “VirtualMachineProfile.SecurityProfile“.
Case ID: DFR-2671, IN-7156
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Azure Virtual Machine - 15:00 UTC

Description: Added new properties to Azure VM entity “SecurityProfile“, “StorageProfile”.
Case ID: DFR-2671, IN-7156
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS MSK Cluster - 14:00 UTC

Description: Added “Serverless” cluster type support the AWS “MskCluster” entity.
Case ID: IN-7626
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE

feature Protected Asset page and Risk Management Protected Assets table redesign - 09:00 UTC

Description: A new look and feel for Protected Asset details page. The new Protected Asset page includes a new Overview tab that displays Risk Management information in a much clearer way. The new area includes the Context Graph (for selected assets) that provides insights into the asset exposure to the Internet as well as the potential blast radius in case of exploit, both from an IAM and network perspective.

Case ID: SEC-900
Known limitations: N/A 
Affected Components: UI

fixed Add new button was missing in case the user delete all his environments- 10:00 UTC

Description: Add new button was missing in case the user delete all his environments
Case ID: DFT-2545
Known limitations: N/A
Affected Components: UI

fixed Third party label was missing in protected asset details page- 13:30 UTC

Description: Third party label was missing in protected asset details page
Case ID: DFT-2550
Known limitations: N/A
Affected Components: UI protected assets

fixed New tenant not getting landing page on Infinity Portal Bug Fix - 14:15 UTC

Description: New tenant not getting landing page on Infinity Portal
Case ID: PLAT-8131
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE UI

feature Helm 2.20.1 EA branch: GKE Autopilot Support, priority class enhancements - 14:00 UTC

Description: Support GKE Autopilot clusters (version 1.25 and above), Allow specifying priority class per agent, Autopilot Supported Blades: Inventory, Compliance, Image Assurance, Admission Controller and Threat Intelligence. A complete list can be found here.
Case ID: CON-5622
Known limitations: N/A 
Affected Components: COntainers

feature Alibaba Security Center Edition Center Config - 17:00 UTC

Description: Added support for Alibaba Security Center Edition Center Config in compliance engine and protected assets.
Case ID: IN-7595
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Webshell Config - 17:00 UTC

Description: Added support for Alibaba Security Center Webshell Config in compliance engine and protected assets.
Case ID: IN-7593
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Notification Config - 17:00 UTC

Description: Added support for Alibaba Security Center Notification Config in compliance engine and protected assets.
Case ID: IN-7597
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Log Analysis Config - 17:00 UTC

Description: Added support for Alibaba Security Center Log Analysis Config in compliance engine and protected assets.
Case ID: IN-7596
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Linux Vulnerability - 17:00 UTC

Description: Added support for Alibaba Security Center Linux Vulnerability in compliance engine and protected assets.
Case ID: IN-7598
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Linked Role Status - 17:00 UTC

Description: Added support for Alibaba Security Center Linked Role Status in compliance engine and protected assets.
Case ID: IN-7592
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Asset Security Info - 17:00 UTC

Description: Added support for Alibaba Security Center Asset Security Info in compliance engine and protected assets.
Case ID: IN-7599
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Vulnerability Scan Config - 17:00 UTC

Description: Added support for Alibaba Security Center Vulnerability Scan Config in compliance engine and protected assets.
Case ID: IN-7591
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature Alibaba Security Center Anti Virus Config - 17:00 UTC

Description: Added support for Alibaba Security Center Anti Virus Config in compliance engine and protected assets.
Case ID: IN-7594
Known limitations: Currently the icon is missing from the GSL playground and protected assets
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

feature AWS Guard Duty Detector - 12:00 UTC

Description: Added support for new entity in AWS GuardDutyDetector in compliance engine and protected assets.
Case ID: DFR-2573
Known limitations: N/A 
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS Instance - 12:00 UTC

Description: Added support for "terminationProtectionEnabled" property for AWS “Instance” entity in compliance engine.
Case ID: DFR-2228, DFR-248
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE

IMPROVEMENT Alibaba VPC - 12:00 UTC

Description: Added new property "FlowLogs" for Alibaba VPC in compliance engine and protected assets.
Case ID: IN-7345
Known limitations: N/A
Affected Components: fetchers COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New AWS rules; AWS PCI-DSS ruleset enrichment; AWS rules deprecation. A complete list can be found here.
Case ID: IN-7640
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature Add "External" field to entity view in playground - 14:00 UTC

Description: Some asset properties have the indication External, for example, ExternalObject, ExternalArray. These properties are brought by GloudGuard from another entity to help you write GSL rules easier.
Case ID: IN-6677
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Azure Key Vault - 12:00 UTC

Description: New infrastructure for future configuration of key vaults onboarding: Azure Key vault data will now be fetch from specific IP.
Case ID: IN-7643
Known limitations: N/A 
Affected Components: fetchers

feature Add "AssetLables" field to entity view in playground - 12:00 UTC

Description: Add "AssetLables" field to entity view in playground
Case ID: IN-4859
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Risk Management - Network Exposure - 12:00 UTC

Description: Added Network Exposure support for Azure Virtual Machines via Application Gateway.
Case ID: SEC-760
Known limitations: N/A 
Affected Components: ERM

fixed Azure Network Security Group - 13:40 UTC

Description: Removed the following redundant properties from Azure Network Security Group entity, as they are not in use anymore - "InboundRules" "OutboundRules" "DefaultInboundRules" "DefaultOutboundRules"
Case ID: DFT-2396
Known limitations:
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Removed the "new" label next to the entities under the GSL builder page - 06:00 UTC

Description: Removed "new" label for entities that are supported for more than a month
Case ID: IN-6995
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 14:00 UTC

Description: The first release of the Admission Control default ruleset; New AWS encryption rules, new Azure CIS rules; rule improvement; ERM rulesets update. A complete list can be found here.
Case ID: IN-7365
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Alibaba NAS - 13:40 UTC

Description: Fixed compliance for Alibaba NAS entity.
Case ID: DFT-2435
Known limitations:
Affected Components: COMPLIANCE ENGINE

improvement Risk Management - 10:00 UTC

Description: Risk Management dashboard is now available in the Overview menu as “Risk Management”. The Risk Management welcome page was removed.
Case ID: SEC-945
Known limitations: N/A
Affected Components: UI

improvement Posture Findings - VendorIdentifer Field - 07:10 UTC

Description: Add VendorIdentifier field to posture fidnings, this data is available for (ARN for AWS, ResourceURI for Azure). Field will be missing if data is not available
Case ID: DFT-2390, PLAT-7909
Known limitations: N/A
Affected Components: compliance engine

IMPROVEMENT AWS ECS Service network exposure - 15:00 UTC

Description: Network exposure for AWS ECS Service is now more accurate and includes the “Private” classification.
Case ID: SEC-841
Known limitations: N/A
Affected Components: Risk Management

IMPROVEMENT AWS S3 Bucket - 08:00 UTC

Description: Added S3 Bucket policy status enrichment in the data fetcher. Using GetBucketPolicyStatus API.
Case ID: SEC-468
Known limitations: N/A
Affected Components: fetchers

fixed Fixed inconsistence AWS EC2 - 13:00 UTC

Description: Fixed inconsistence of "IsOwnedByUserFlag" field in EC2 Image entity, this issue also caused inconsistence response of CloudAmi API where some Images ami where missing randomly
Case ID: DFT-2342
Known limitations:
Affected Components: fetchers COMPLIANCE ENGINE