July 2023

IMPROVEMENT Azure Risk Modifiers - 11:00 UTC

Description: Added risk modifiers for Azure Virtual Machine and Storage Account entities in the Compliance engine.
Case ID: SEC-1120
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

fixd Azure NSG Flow Log - 14:00 UTC

Description: Fixed protected asset page for Azure NSG Flow Log from Compliance engine and Protected Assets.
Case ID: DFT-2672
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS TranslationJob - 11:20 UTC

Description: Added support for ‘outputDataConfig.encryptionKey’ and ‘kms’ properties in AWS TranslationJob entity in Compliance engine and Protected Assets.
Case ID: DFR-2701
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Onboarding - 11:30 UTC

Description: Add new route: AzureCloudAccount/OnboardingExecutionCommand
Case ID: CNAPP-1192
Known limitations: N/A 
Affected Components: Azure onboarding

feature Azure Recovery Services Vault- 18:00 UTC

Description: Added "Azure Recovery Services Vault" support in the compliance engine and protected assets.
Case ID: DFR-683, CNAPP-259
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature OCI Detector Recipe and Responder Recipe - 14:00 UTC

Description: Added support for "OCI Detector Recipe” and “OCI Responder Recipe" in compliance engine and protected assets.
Case ID: DFR-2718
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Moved CloudGuardConfiguration entity to category "OCI Cloud Guard" - 14:00 UTC

Description: Moved CloudGuardConfiguration entity to the new category "OCI Cloud Guard"

Case ID: IN-8073
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: The first Release of the GCP CIS Control v8 Ruleset; Rulesets enrichment; Rules improvement. A complete list can be found here.

Case ID: CNAPP-1300, DFT-2608
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixED Azure Function Apps 14:00 UTC

Description: Fixed an issue where certain Azure Logic Apps were shown under the “FunctionApp” entity.
Case ID: DFT-2674
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

feature AWS RDS DB Cluster Parameters Group 14:00 UTC

Description: Added support for AWS RDS DB Cluster Parameters Group entity in compliance engine and Protected Assets.
A correlated property was added to the “RDSDBCluster” entity: dbClusterParameterGroupDetails.
Case ID: DFR-2907
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS Workspaces 14:00 UTC

Description: Added support for ‘volumeKms’ property in AWS Workspace entity in Compliance engine and Protected Assets.
Case ID: DFR-2702
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixED AWS RDS Event Subscriptions - 14:00 UTC

Description: Now the entity is viewable under the protected assets
Case ID: DFR-2592
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

fixED AWS Amazon Prometheus Workspace - 14:00 UTC

Description: Now the entity is viewable under the protected assets
Case ID: DFR-2415
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

IMPROVEMENT Risk Management Assets Support - 13:00 UTC

Description: Added support for new assets in Risk Management:

• AWS SecretManager

• Azure SQLServer

• Azure CosmosDbAccount

• Azure User

• GCP CloudFunction

• GCP StorageBucket

Case ID: CNAPP-167
Known limitations: N/A
Affected Components: EFFECTIVE RISK MANAGEMENT

IMPROVEMENT Azure Onboarding - 10:45 UTC

Description: Add new route: AzureCloudAccount/OnboardingExecutionPreview
Case ID: CNAPP-1019
Known limitations: N/A 
Affected Components: Azure onboarding

IMPROVEMENT It is now possible to filter the ERM Dashboard widgets by platform - 14:30 UTC

Description: The “Platform” filter was added to the ERM Dashboard
Case ID: CNAPP-615
Known limitations: N/A 
Affected Components: ERM UI

IMPROVEMENT GCP Network 9:30 UTC

Description: Added support for ‘Peerings’ property in GCP Network entity in Compliance engine and Protected Assets.
Case ID: DFR-2566
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS RDS Event Subscriptions 09:30 UTC

Description: Added support for AWS RDS Event Subscriptions entity in compliance engine.
Case ID: DFR-2592
Known limitations: Temporarily the entity is not viewable under the protected assets
Affected Components: COMPLIANCE ENGINE FETCHERS

IMPROVEMENT AWS API Gateway 9:30 UTC

Description: Added support for ‘Stages’ property in ApiGateway entity in Compliance engine and Protected Assets.
Case ID: DFR-2799, IN-7856, IN-7858
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Amazon Prometheus Workspace 09:30 UTC

Description: Added support for AWS Prometheus Workspace entity in compliance engine.
Case ID: DFR-2415
Known limitations: Temporarily the entity is not viewable under the protected assets
Affected Components: COMPLIANCE ENGINE FETCHERS

IMPROVEMENT Compliance Rulesets Update - 09:00 UTC

Description: AWS CSA CCM and GCP NIST rulesets enrichment; New AWS and Azure rules. A complete list can be found here.

Case ID: CNAPP-1041, DFT-2650
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixED Tenable Integration - 14:30 UTC

Description: Fixed and internal issue that caused vulnerabilities sync to fail in some scenarios.
Case ID: CNAPP-1221
Known limitations: N/A 
Affected Components: TENABLE

fixED AWS Workspaces- 10:00 UTC

Description: Added regions that were not supported for this service.
Case ID: DFT-2641
Known limitations: N/A 
Affected Components: api COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixED AWS Account - 10:00 UTC

Description: Fixed wrong data shown in alternate contact field for the Account entity.
Case ID: DFT-2658
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS EMR Cluster Security Configuration - 11:15 UTC

Description: Added support for ‘securityConfigurationData’ property in AWS EMR Cluster in Compliance engine & Protected Assets.
Case ID: DFR-2587
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: The first Release of the AWS, Azure, GCP, Alibaba and Oracle All rules Ruleset; New Azure rules. A complete list can be found here.

Case ID: IN-8039, DFT-2581
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT The ECS Service asset now supports IAM Sensitivity - 14:30 UTC

Description: Added support for the IAM sensitivity measurement on the AWS ECS Service asset.
Case ID: SEC-835
Known limitations: N/A 
Affected Components: ERM

IMPROVEMENT AWS VPC Endpoint - 14:30 UTC

Description: Added support for ‘endpointServices’ property in AWS VpcEndpoint in Compliance Engine & Protected Assets.
Case ID: DFR-2692
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS Inspector - 12:45 UTC

Description: Added support for AWS GovCloud regions.
Case ID: SEC-1084
Known limitations: N/A 
Affected Components: EFFECTIVE RISK MANAGEMENT

IMPROVEMENT AWS Inspector - 14:30 UTC

Description: Added update time filter when fetching vulnerabilities data to reduce API calls load.
Case ID: SEC-1026
Known limitations: N/A 
Affected Components: EFFECTIVE RISK MANAGEMENT

Feature Risk Management - Asset Context Graph - 11:00 UTC

Description: Support multiple exposure paths for Azure Virtual Machines.
Case ID: SEC-1050
Known limitations: N/A 
Affected Components: Effective Risk Management

feature Missing Permissions 15:00 UTC

Description: Added functionality to ignore\restore missing permissions of cloud accounts.
Case ID: PLAT-7575, DFR-2360
Known limitations: N/A 
Affected Components: assets environment missing permissions

fixED Dashboard Gauge Not Carrying Filters and Drilling Down - 15:00 UTC

Description: Dashboard Gauge Not Carrying Filters and Drilling Down
Case ID: DFT-2594
Known limitations: N/A 
Affected Components: UI

fixED Deploy The Missing Deployment components for Account Created using MSP - 12:00 UTC

Description: CloudGuard Emails Changes for Account Created using MSP
Updated Emails domain to use CheckPoint domain (@checkpoint.com), and display name to "CheckPoint CloudGuard"
Case ID: PLAT-8475
Known limitations: N/A 
Affected Components: API

feature GCP Secret 11:00 UTC

Description: Added support for "GCP Secret" in compliance engine and protected assets.
Case ID: DFR-2567
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS FETCHERS

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: The first Release of the EKS CIS v1.3.0 Ruleset; The first release of the AWS CIS v2.0 Ruleset; New GCP and Azure rules. Align AWS CIS rules' names; A complete list can be found here.

Case ID: IN-8004
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixED Deploy The Missing Deployment components for the Email domain change - 18:00 UTC

Description: CloudGuard Emails Changes for User gets Locked
Updated Emails domain to use CheckPoint domain (@checkpoint.com), and display name to "CheckPoint CloudGuard"
Case ID: PLAT-8475
Known limitations: N/A 
Affected Components: API