September 2023

FEATURE New “External Exposure” dashboard - 14:00 UTC

Description: A new dashboard that gives insights to exposed assets from both the network and IAM aspects.
Case ID: CNAPP-3586
Known limitations: N/A
Affected Components: RISK MANAGEMENT UI

FEATURE GSL rules can be created on IAM Sensitivity of select Azure entities - 10:00 UTC

Description: You can now create GSL rules on the IAM Sensitivity parameter of several Azure entities by using the additionalInfo.IamSensitivity property.
Case ID: CNAPP-3586
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS GSL

fixed AWS Inspector - 06:30 UTC

Description: Fixed an issue with missing CVE Vector for AWS EC2 Instance vulnerabilities.
Case ID: CNAPP-1897
Known limitations: N/A
Affected Components: FETCHERS

FEATURE Azure WebApp in Protected Assets' Context Graph - 13:00 UTC

Description: Added a Context Graph to Azure WebApp Protected Asset Page. The Context Graph will display the asset’s exposure to the Internet.
Case ID: CNAPP-373
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS UI

fixed Findings filter was not read from the URL - 10:00 UTC

Description: Fixed an issue where findings in the findings table were not correctly filtered when coming from another page (such as Home Dashboard).

Case ID:
Known limitations: N/A 
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: AWS Foundational Security Best Practices (FSBP) standard update; AWS Risk Management ruleset enrichment; New AWS, Azure, GCP, and OCI rules. A complete list can be found here.

Case ID: CNAPP-3517, DFT-2702
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature Azure Automation Accounts - 10:00 UTC

Description: Added support for Azure Automation Accounts entity in Compliance Engine and Protected Assets.
Case ID: DFR-2244
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure Data Factory - 10:00 UTC

Description: Added support for Azure Data Factory entity in Compliance Engine and Protected Assets.
Case ID: DFR-503
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS Storage Gateway - 8:45 UTC

Description: Added encryption key enrichment support for file shares, as two new properties: nfsFileShareEncryptionKeyList and smbFileShareEncryptionKeyList.
Case ID: DFR-2703
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed Cloud Account Missing Permissions- 19:15 UTC

Description: Fix update of ignored status of cloud account’s missing permissions
Case ID: DFT-2667, CNAPP-1821, CNAPP-2173
Known limitations: N/A 
Affected Components: Missing permissions ui

feature Azure VM IAM Impact in Context Graph - 13:00 UTC

Description: Azure Virtual Machine in the Protected Assets' Context Graph now shows the IAM impact of the permissions the VM has.
Case ID: CNAPP-201
Known limitations: N/A 
Affected Components: Risk Management PROTECTED ASSETS UI

feature IAM Sensitivity for Azure entities - 16:00 UTC

Description: Added IAM Sensitivity score for select entities of the Azure platform
Case ID: CNAPP-1369
Known limitations:
Affected Components: ERM

feature AWS CodeBuild Build- 13:30 UTC

Description: Added support for AWS CodeBuildBuild entity.
Case ID: CNAPP-1445
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS CodeStar - 13:30 UTC

Description: Added support for 2 AWS CodeStar entities in Compliance Engine and Protected Assets: CodeStarProject and CodeStarUserProfile.
Case ID: CNAPP-2148
Known limitations: Currently, entity view via protected assets is not supported for CodeStarProject.
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Elemental MediaLive - 13:30 UTC

Description: Added support for 5 AWS Elemental MediaLive entities in Compliance Engine and Protected Assets: MediaLiveChannel, MediaLiveInput, MediaLiveMultiplex, MediaLiveReservation and MediaLiveInputSecurityGroup.
Case ID: CNAPP-2157
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Chime Account - 13:30 UTC

Description: Added support for AWS ChimeAccount entity.
Case ID: CNAPP-2152
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Elastic Transcoder Pipeline- 13:30 UTC

Description: Added support for AWS ElasticTranscoderPipeline entity.
Case ID: CNAPP-2154
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS ElastiCache - 13:30 UTC

Description: Added support for 4 AWS ElastiCache entities in Compliance Engine and Protected Assets: ElastiCacheUser, ElastiCacheUserGroup, ElastiCacheParameterGroup and ElastiCacheSnapshot.
Case ID: CNAPP-2141
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS HealthLake Datastore - 13:00 UTC

Description: Added support for AWS HealthLakeDatastore entity.
Case ID: CNAPP-2146
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS Storage Gateway - 13:00 UTC

Description: Added a new property to AWS “StorageGateway” entity, the new property is “fileShares” and it contains the file shares associated with the storage gateway.
Case ID: DFR-2331
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 9:00 UTC

Description: New Ruleset CIS Microsoft Azure Compute Services Benchmark v1.0.0; AWS Foundational Security Best Practices (FSBP) standard update; New AWS, Azure, GCP, Alibaba and OCI rules. A complete list can be found here.

Case ID: CNAPP-3290, DFT-2837, DFT-2874, DFT-2867, DFT-2881, DFT-2860, DFT-2861, DFT-2876, DFT-2868, DFT-2862, DFT-2835, DFT-2871
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed AWS Account - 08:30 UTC

Description: Fixed a bug in the AWS Account protected assets page.
Case ID: DFT-2788
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

feature Risk Management Assets Support - 08:30 UTC

Description: Added support for new asset types in Risk Management:

• AWS AppSync

• AWS ApiGateway

• AWS ApiGatewayV2

• Azure UserAssignedIdentity

• Azure AppRegistration

• Azure Group

• GCP GcpIamUser

Case ID: CNAPP-3042
Known limitations: N/A
Affected Components: EFFECTIVE RISK MANAGEMENT

fixed Azure KeyVault Onboarding - 15:00 UTC

Description: Automation instructions for Azure key vault were changed as Azure has announced that the "run-as-account" automation method will be retired Septmber 30th 2023
Case ID: DFT-2436
Known limitations: N/A 
Affected Components: fetchers

feature "Export All Agents Statuses" Feature - 13:30 UTC

Description: "Export All Agents Statuses" option has been added under the Workload Protection → Environment menu. With this feature, you can easily export the status of all agents in your environment.

Known Limitations: There are no known limitations associated with this feature at this time.

Affected Components:

• Workload Protection

• Environment Menu
  Case ID: CON-6979
  Known limitations:
  Affected Components: COntainers

feature AWS Timestream Entities - 13:30 UTC

Description: Added support for 3 AWS Timestream entities in Compliance Engine and Protected Assets: TimestreamDatabase, TimestreamTable and TimestreamBatchLoadTask.
Case ID: CNAPP-2142
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Elastic Disaster Recovery Entities - 13:30 UTC

Description: Added support for 6 AWS Elastic Disaster Recovery entities in Compliance Engine and Protected Assets: DrsJob, DrsSourceServer, DrsSourceNetwork, DrsRecoveryInstances, DrsReplicationConfigurationTemplate and DrsLaunchConfigurationTemplate.
Case ID: CNAPP-2140
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Data Sync - 12:00 UTC

Description: Added support for 3 AWS DataSync in Compliance Engine and Protected Assets: DataSyncAgent, DataSyncStorage and DataSyncTask.
Case ID: CNAPP-1454
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT GSL Builder - 12:00 UTC

Description: “New” labels were removed from the GSL builder UI, for 30 days old entities.

Case ID: IN-7965
Known limitations: N/A 
Affected Components: UI

feature GCP Private Service Connect Entities - 12:00 UTC

Description: Added support for 4 GCP Private Service Connect entities in Compliance Engine and Protected Assets: GcpConnectionPolicy, GcpServiceAttachment, GcpNetworkAttachment, and GcpNetworkEndpointGroup .
Case ID: DFR-2565
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New Ruleset OCI CloudGuard Security Alerts for SG ports; New AWS, Azure, GCP, and OCI rules. A complete list can be found here.

Case ID: CNAPP-2826, DFT-2701, DFT-2849, DFT-2847, DFT-2854
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT ERM API Performance - 8:45 UTC

Description: Performance improvement for ‘/v2/erm/remediation/top-actions' API.
Case ID: CNAPP-3088
Known limitations: N/A
Affected Components: API

IMPROVEMENT AWS Region - 9:00 UTC

Description: Added support of two new properties “inspector2LambdaEnabled“ “inspector2LambdaCodeEnabled” for Region entity in AWS.
Case ID: DFR-2681
Known limitations:
Affected Components: COMPLIANCE ENGINE

feature New assessment widget - findings per asset - 15:00 UTC

Description: New entity type pass vs. failed widget available on the assessment result page, navigate to Posture Management à Assessment History and open a result to view it.
Case ID: PLAT-6033, CNAPP-3133
Known limitations:
Affected Components: COMPLIANCE ENGINE

fixed Azure RecoveryServicesVault - 09:00 UTC

Description: Fixed a bug in Azure RecoveryServicesVault GSL structure
Case ID: IN-DFT-2806
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

feature Risk Management - IAM Exposure - 09:30 UTC

Description: Support for IAM Exposure in Protected Assets and Compliance Engine for the following entities:

• AWS: IamRole, Lambda, Sqs, SnsTopic, EcrRepository

Case ID: CNAPP-170
Known limitations: N/A 
Affected Components: Risk Management COMPLIANCE ENGINE PROTECTED ASSETS

feature Risk Management - Network Exposure - 09:30 UTC

Description: Azure WebApp Support for Network Exposure in Protected Assets and Compliance Engine.
Case ID: CNAPP-381
Known limitations: N/A 
Affected Components: Risk Management COMPLIANCE ENGINE PROTECTED ASSETS

feature AWS Inspector2 Lambda - 09:00 UTC

Description: Added support for 3 AWS Inspector2Lambda entities in Compliance Engine and Protected Assets: Inspector2LambdaCodeCoverage, Inspector2LambdaCoverage and Inspector2LambdaFindinggsAggregation.
Case ID: DFR-2682
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Detective Graph - 09:00 UTC

Description: Added support for AWS DetectiveGraph entity in Compliance Engine and Protected Assets.
Case ID: DFR-2538
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Event Bridge - 09:00 UTC

Description: Added support for 2 AWS Event Bridge entities in Compliance Engine and Protected Assets: EventBridgeArchive and EventBridgeEventBus.
Case ID: CNAPP-1438
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Data Exchange - 09:00 UTC

Description: Added support for 3 AWS Data Exchange entities in Compliance Engine and Protected Assets: DataExchangeDataSet, DataExchangeEventAction and DataExchangeJob.
Case ID: CNAPP-2144
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS MediaStore Container - 09:00 UTC

Description: Added AWS Media Store Container entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1451
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New Ruleset Azure Default Ruleset; New Ruleset AWS Foundational Security Best Practices Ruleset; New AWS, Azure, GCP, OCI, and Alibaba rules. A complete list can be found here.

Case ID: CNAPP-2541, DFT-2694
Known limitations: N/A 
Affected Components: UI

fixed AWS Route53HostedZone entity - 08:30 UTC

Description: Fixed a bug in AWS Route53HostedZone entity in which protectedByShield property was showing wrong value.
Case ID: IN-DFT-2710
Known limitations: N/A