August 2023

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New AWS, Azure, GCP, OCI, and Alibaba rules. A complete list can be found here.

Case ID: CNAPP-2281
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature AWS Media Package - 09:30 UTC

Description: Added AWS Media Package support as 3 new entities: MediaPackageChannel, MediaPackageHarvestJob, MediaPackageOriginEndpoint in Compliance Engine and Protected Assets.
Case ID: CNAPP-1453
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Resource Access Manager - 09:30 UTC

Description: Added AWS Resource Access Manager (RAM) support as 4 new entities: RamResource, RamPrincipal, RamPermission, RamResourceShare in Compliance Engine and Protected Assets.
Case ID: CNAPP-1456
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Managed Grafana Workspace - 09:30 UTC

Description: Added support for AWS Managed Grafana Workspace in Compliance Engine and Protected Assets.
Case ID: CNAPP-1450
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Global Accelerator - 09:30 UTC

Description: Added AWS Global Accelerator support as 2 new entities: GlobalAccelerator and GlobalCustomAccelerator in Compliance Engine and Protected Assets.
Case ID: DFR-1840
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed Azure SQL Managed Instance - 07:00 UTC

Description: Fixed protected asset page for Azure SQL Managed Instance from Compliance engine and Protected Assets.
Case ID: IN-DFT-2705
Known limitations: N/A 
Affected Components: PROTECTED ASSETS COMPLIANCE ENGINE

feature AWS SimSpace Weaver Simulation - 11:00 UTC

Description: Added support for AWS SimSpace Weaver Simulation in Compliance Engine and Protected Assets.
Case ID: CNAPP-1440
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS AppFlow - 11:00 UTC

Description: Added support for AWS AppFlow in Compliance Engine and Protected Assets.
Case ID: CNAPP-1432
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS EventBridge Connection- 11:00 UTC

Description: Added support for AWS Event Bridge Connection in Compliance Engine and Protected Assets.
Case ID: CNAPP-1436
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Serverless Application Repository - 11:00 UTC

Description: Added support for AWS Serverless Application Repository in Compliance Engine and Protected Assets.
Case ID: CNAPP-1442
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Compliance Engine - CVEs Details - 10:45 UTC

Description: Support for CVEs details in 'additionalInfo' property for the following entities:

• AWS: Instance

• Azure: VirtualMachine

• Kubernetes: KubernetesDaemonSet, KubernetesDeployment, KubernetesCronJob, KubernetesStatefulSet, KubernetesPod, KubernetesReplicaSet

Case ID: CNAPP-1590
Known limitations: N/A 
Affected Components: Risk Management COMPLIANCE ENGINE

fixed GCP Storage Bucket - 10:00 UTC

Description: Fixed support for GCP Storage Bucket labels in Protected Assets.
Case ID: IN-8152
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

feature AWS ECR Registry Scanning Configuration - 13:30 UTC

Description: Added support for AWS EcrRegistryScanningConfig entity in Compliance Engine and Protected Assets.
Case ID: IN-8127
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Amplify App - 13:30 UTC

Description: Added support for AWS Amplify App entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1435
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS EventBridge Endpoint - 13:30 UTC

Description: Added support for AWS Event Bridge Endpoint entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1437
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS AppFlow Connector - 13:30 UTC

Description: Added support for AWS AppFlow Connector entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1431
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Storage Account - 12:30 UTC

Description: Added support for ‘isSftpEnabled’ and 'localUsers' property in Azure Storage Account in Compliance Engine and Protected Assets.
Case ID: DFR-2843
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 09:00 UTC

Description: New Ruleset CSA CCM v4 RuleSet for Azure; New Ruleset CloudGuard Security Alerts for SG ports - Alibaba Cloud; New AWS, Azure, GCP and Alibaba rules. A complete list can be found here.

Case ID: CNAPP-2102
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS ECS Task Definition - 08:00 UTC

Description: Added support for ‘runtimePlatform’ property in AWS ECS Task Definition in Compliance Engine and Protected Assets.
Case ID: CNAPP-219
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS ECS Task - 08:00 UTC

Description: Added support for ‘platformFamily’ property in AWS ECS Task in Compliance Engine and Protected Assets.
Case ID: DFR-2585
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS QuickSight Entities - 13:00 UTC

Description: Added support for AWS QuickSight service, including 4 new entities: QuickSightAccount, QuickSightUser, QuickSightGroup and QuickSightVpcConnections.
The service is supported in Compliance Engine, protected assets and API.
Case ID: DFR-2166
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS API

feature AWS Cloud Formation Hooks - 13:00 UTC

Description: Added support for AWS Cloud Formation Hook in compliance engine and protected assets.
Case ID: DFR-2734
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS ElasticSearch Domain - 13:00 UTC

Description: Added support for ‘advancedSecurityOptions’ and ‘domainEndpointOptions’ properties in AWS Elastic Search Domain in Compliance Engine and Protected Assets.
Case ID: DFR-2478
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Remove option to unset event console for notification - 8:00 UTC - REVERT THE CHANGE!!!!

Description: Event console will always be set for notification in both UI and API. There is no option to disable it.
This means findings will always be available in the event console and in API (i.e. search API)
Existing notification for which event console was unset will not be changed UNLESS the user opens an old notification for which event console was unset and saves the notification then event console will be automatically set.
Case ID: CNAPP-1792, CNAPP-1697
Affected Components: COMPLIANCE ENGINE

fixed GCP IAM User - 14:00 UTC

Description: Fixed a bug opening a gsuite user in the protected assets.
Case ID: CNAPP-250
Known limitations: N/A 
Affected Components: PROTECTED ASSETS

IMPROVEMENT GCP IAM User - 14:00 UTC

Description: Added support for GCP IAM User under protected assets page for non gsuite users.
Case ID: DFR-2595
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Virtual Machine - 9:30 UTC

Description: Added support for “timeCreated” in Azure VirtualMachine in Compliance Engine, Protected Assets and API.
Case ID: DFR-2546
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS api

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: New Ruleset CIS OpenShift Container Platform v4 Benchmark v1.4.0; New AWS and Azure rules. A complete list can be found here.

Case ID: CNAPP-1915, DFT-2692
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT GCP Storage Bucket - 6:45 UTC

Description: Added support for ‘labels’ property in GCP StorageBucket entity in Compliance engine.
Case ID: DFR-2042
Known limitations: Currently, labels are not reflected as tags in Protected Assets.
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed Protected Assets - 6:30 UTC

Description: Fixed an issue where some icons were missing in the Protected Assets view.
Case ID: IN-8102
Known limitations: N/A 
Affected Components: ui

IMPROVEMENT Remove option to unset event console for notification - 6:45 UTC

Description: Event console will always be set for notification in both UI and API. There is no option to disable it.
This means findings will always be available in the event console and in API (i.e. search API)
Existing notification for which event console was unset will not be changed UNLESS the user opens an old notification for which event console was unset and saves the notification then event console will be automatically set.
Case ID: CNAPP-1792, CNAPP-1697
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Support China regions - 15:00 UTC

Description: Added support for fetching China regions (cn-north-1 & cn-northwest-1) in all AWS fetching entities.
Case ID: CNAPP-845
Known limitations: N/A 
Affected Components: FETCHERS

IMPROVEMENT Azure AKSCluster - 14:30 UTC

Description: Added support for many properties in Azure AKSCluster entity for example: ‘disableLocalAccounts’, ‘agentPoolProfiles’ properties, ‘apiServerAccessProfile’, ‘aadProfile’, ‘networkProfile’, ‘securityProfile’, ‘fqdnSubdomain’, ‘diskEncryptionSetID’, ‘currentKubernetesVersion’, ‘azurePortalFQDN’, ‘autoUpgradeProfile’, ‘autoScalerProfile’ in Compliance engine and Protected Assets.
Case ID: DFR-2785, DFR-2842
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: New Ruleset ISO 27001:2022 for AWS; Rules and ruleset enrichment. A complete list can be found here.

Case ID: CNAPP-1699, DFT-2681, DFT-2670, DFT-2684
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS TranscribeMedicalJob - 8:00 UTC

Description: Added support for ‘tags’ property in AWS TranscribeMedicalJob entity in Compliance engine and Protected Assets.
Case ID: DFR-2695
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS TranscribeJob - 8:00 UTC

Description: Added support for ‘tags’ property in AWS TranscribeJob entity in Compliance engine and Protected Assets.
Case ID: DFR-2695
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS ElastiCache - 8:00 UTC

Description: Added support for ‘replicationGroupKms’ property in AWS ElastiCache entity in Compliance engine and Protected Assets.
Case ID: DFR-2697
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS EMR - 8:00 UTC

Description: Added support for ‘localDiskEncryptionKey’ and ‘s3DiskEncryptionKey’ properties in AWS EmrCluster entity in Compliance engine and Protected Assets.
Added support for ‘encryptionKey’ property in AWS FSx entity in Compliance engine and Protected Assets.
Case ID: DFR-2699
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Context graph for ECS Service and RDS entities - 10:00 UTC

Description: You can now see the context of an ECS Service entity and the RDS entity in the protected asset view.
Case ID: CNAPP-185, CNAPP-519
Known limitations:
Affected Components: UI ERM PROTECTED ASSETS

feature AWS SES Active Receipt Ruleset - 13:00 UTC

Description: Added support for AWS SES Active Receipt Ruleset in compliance engine and protected assets.
Case ID: DFR-2698
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT GSL Builder UI - 7:30 UTC

Description: “New” labels were removed from the GSL builder UI, for 30 days old entities.
Case ID: IN-7964
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT Workload Protection for Kubernetes: helm 2.22.0 - 08:00 UTC

Description: Runtime Protection daemon 1.8.8 * added some security enhancements

Case ID: CON-6434
Known limitations: N/A 
Affected Components: COntainers

IMPROVEMENT Compliance Rulesets Update - 08:00 UTC

Description: Rules and ruleset improvements. A complete list can be found here.

Case ID: CNAPP-1429, DFT-2678
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS