February 2024

feature 2.28.0: GitHub Registry, reduce URLs for Image Assurance - 10:00 UTC

Description: Image Assurance 2.29.0:

• Release Github Container Registry Scanning support

• Reduced the number of URLs that need to be accessed by the agents (relevant for Scan Engine Version 2.0.0 only). CloudGuard agents must have connectivity to these region-specific URLs.

Security enhancements - all agents:

• Image Assurance 2.29.0

  • Admission Control: Enforcer 2.11.0 & Policy 1.8.0

  • Inventory 1.14.0

  • Flow-logs 0.14.0

  • Runtime Policy 1.8.0

Case ID: CON-8312
Known limitations: N/A 
Affected Components: COntainers

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New Ruleset SOX for AWS, Azure and GCP; New Ruleset CITSG-33 for GCP; New AWS, Azure, and GCP rules. A complete list can be found here.

Case ID: CNAPP-7373, DFT-3436, DFT-3427
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature GCP Firebase App Distribution Tester - 12:30 UTC
Description: Added support for GCP Firebase App Distribution Tester entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1464
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Service Bus - 07:35 UTC
Description: Added support for ‘MinimumTlsVersion’ property in Azure Service Bus.
Case ID: DFR-2869
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed Exclusion with expired date will not allow to create new one - 14:00 UTC

Description: Bug fix in case a new exclusion is created while the same one exists but it is expired

Case ID: DFT-3047
Known limitations: N/A 
Affected Components: COMPLIANCE engineui

fixed UI | duplicate add policy in ruleset - 12:45 UTC
Description: UI duplicate add policy in ruleset, removed the additional option button from the Ruleset Card.
Case ID: DFT-3354
Known limitations: N/A
Affected Components: ui

feature GCP Firestore Dataset - 09:40 UTC
Description: Added support for GCP Firestore Dataset entity in Compliance Engine and Protected Assets.
Case ID: DFR-2967
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed UI | Assessment history page stuck after clicking on rule details - 12:45 UTC
Description: Fix the issue that sub menu in “Posture Management” were stuck after clicking on rule details
Case ID: DFT-3355
Known limitations: N/A
Affected Components: ui

fixed GCP IAM Group - 12:30 UTC
Description: Fix GCP IAM Group to enable updates in data.
Case ID: IN-8603
Known limitations: N/A
Affected Components: fetchers

IMPROVEMENT Compliance Rulesets Update - 9:00 UTC

Description: New Ruleset CIS Foundations Benchmark v2.1 for Azure; New Ruleset CIS Foundations Benchmark v3 for AWS; New Rulesets ACSC (ISM) for AWS, Azure & GCP; New Rulesets FFIEC for AWS, Azure & GCP;New Rulesets ISO27002 for AWS, Azure & GCP; New Rulesets  PIPEDA for AWS, Azure & GCP; New Rulesets  NIST 800-172 for AWS, Azure & GCP; New Rulesets  SCF for AWS, Azure & GCP; New Rulesets  SWIFT for AWS, Azure & GCP; New Rulesets  ISO27017 for AWS, Azure & GCP; New Ruleset  NIST 800-171 for GCP; New Ruleset  HITRUST Latest for GCP; New Rulesets  New Zealand ISMv3.6 for Azure & GCP; New Ruleset  ASD Essential Eight for GCP; New Ruleset  CMMC2.0 for GCP; New Ruleset  CRI Profile for GCP; New Ruleset  NY DFS Part 500 23 CRR for GCP, New AWS rule. A complete list can be found here.

Case ID: CNAPP-7240, DFT-3330, DFT-3398, DFT-3409, DFT-3410, DFT-3349
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Azure MySQLDBFlexibleServer - 08:10 UTC
Description: Fixed an issue in Azure MySQLDBFlexibleServer fetching mechanism.
Case ID: DFT-3437
Known limitations: N/A
Affected Components: fetchers

feature GCP Vertex AI Notebook - 15:30 UTC
Description: Added support in Compliance Engine and Protected Assets for the following entities:

• GcpVertexAINotebookRuntimeEntity

• GcpVertexAINotebookInstanceEntity

• GcpVertexAINotebookEnvironment

Case ID: CNAPP-1462
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed AWS SQS CryptoKey in AWS China region - 15:00 UTC
Description: Fixed a bug in which KMS keys in AWS China region were not shown in the SQS entity in CloudGuard.
Case ID: DFT-3413
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE fetchers

feature AWS Shield Subscription - 15:30 UTC
Description: Added support for the AWS MSK Connect Connector entity in Compliance Engine and Protected Assets.
Case ID: DFR-3270
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed AWS IAM User - 13:30 UTC
Description: Fixed an issue where the ‘sslPolicy.minProtocolVersion’ property was not set for Application Gateways that are using predefined policies.
Case ID: DFT-3328
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE fetchers

fixed GCP Disk Region - 12:00 UTC
Description: Fixed a bug in which some regions were specified as global, which affected the dome9 id as well.
The fix included a deletion and recreation for the affected entities.
Case ID: DFT-3243
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE fetchers

fixed Agents | Windows download link is broken - 08:30 UTC
Description: Fixed an issue for downloading windows and linux agents scripts
Case ID: DFT-3327
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Compliance Rulesets Update - 9:00 UTC

Description: New Ruleset CIS Controls v8 for Azure; New Ruleset FedRAMP (moderate) for AWS, Azure, and GCP; New AWS, and Azure. A complete list can be found here.

Case ID: CNAPP-7156, DFT-3165, DFT-3357, DFT-3392
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS API Gateway V2 - 09:00 UTC
Description: Added support for ‘Stages’ property in AWS API Gateway V2 in Compliance engine & Protected Assets.
Case ID: DFR-2678
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT GCP Disk - 07:40 UTC
Description: Added new API for GCP Disk entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components: api

IMPROVEMENT GCP Image - 07:40 UTC
Description: Added new API for GCP Image entity.
Case ID: DFR-3132, DFR-2930
Known limitations: N/A
Affected Components: api

FEATURE CDR (Intelligence) - Azure Centralized storage onboarding - 9:35 UTC
Description: Azure onboarding enhancements and options for Account Activity and Network Traffic including Azure centralized storage support & auto-onboarding.
Case ID: CNAPP-105, DFR-2562, DFR-2304, DFR-3414
Known limitations: N/A
Affected Components: CDR INTELLIGENCE ONBOARDING

fixed AWS IAM User - 7:35 UTC
Description: Fixed an issue in the AWS’ ‘IamUser’ entity that caused the ‘secondAccessKey’ property sometimes to appear as the ‘firstAccessKey’ property.
Case ID: DFT-3405
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed UI | Protected assets - Asset page - Findings getting disappear - 7:35 UTC
Description: Fixed an issue in protected assets where findings were disappearing or appearing and then being refreshed with the correct data
Case ID: DFT-3272
Known limitations: N/A
Affected Components: ui

fix OCI Compliance Engine - 9:45 UTC

Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Compliance Rulesets Update - 15:00 UTC

Description: New Ruleset CIS Foundations Benchmark for AWS v3; New AWS, Azure, GCP, and OCI rules. A complete list can be found here.

Case ID: CNAPP-7018
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fix OCI Compliance Engine - 13:15 UTC

Description: Fix Compliance Engine failure for case of similar IDs in different regions in OCI.
Case ID: DFT-3351
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT GCP Virtual Machine Instance - 15:00 UTC
Description: The “sourceMachineImage” was exposed in Protected Assets API under “additionalFields” for GCP’s “VMInstance” entity.
Case ID: DFR-3134
Known limitations: N/A
Affected Components: api

IMPROVEMENT Azure Virtual Machine Image - 13:05 UTC
Description: A new API was added for Azure’s “VirtualMachineImage” entity: https://api.dome9.com/v2/AzureVirtualMachineImage.
Case ID: DFR-3156
Known limitations: N/A
Affected Components: api

fix GCP IAM User - 13:15 UTC

Description: Fix GCP IAM User to enable updates in data.
Case ID: DFT-3290, DFT-3266
Known limitations: N/A
Affected Components: fetchers

fix UI | Dashboard | Cannot filter for security groups, missing entity types - 09:30 UTC

Description: Added support for filterering by AWS SecurityGroups Entity Type
Case ID: DFT-3125
Known limitations: N/A
Affected Components: UI

IMPROVEMENT AWS Workspace - 9:15 UTC
Description: Exposed the “ipAddress” property for the AWS Workspace entity in the Protected Assets report, under the “PrivateIPs” field.
Case ID: DFT-3254
Known limitations: N/A
Affected Components: PROTECTED ASSETS FETCHERS

fix Terraform provider | Need to add regions support - missing Israel - 09:00 UTC

Description: Added Tel Aviv region to terraform provider
Case ID: DFT-3323
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

feature AWS Shield Subscription - 10:40 UTC
Description: Added support for the AWS Shield Subscription in Compliance Engine and Protected Assets.
Case ID: CNAPP-5587
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Send security event notification per occurrence - 11:00 UTC
Description: Added the option to send notification each time occurrence is logged for “Threat & Security events” supported sources.
Case ID: CNAPP-499
Known limitations: N/A
Affected Components: NOTIFICATIONS

IMPROVEMENT Azure Virtual Machine - 7:30 UTC
Description: Added new property for the “VirtualMachine” entity: disks[].sseType. This enrichment reflects disk’s encryption-at-rest type.
Case ID: DFT-3319, DFT-3334, DFT-3330
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

FEATURE Risk Management - AWP integration for Azure FunctionApp - 12:00 UTC

Description: Risk Management support for Azure FunctionApp CVEs and Secrets information generated by AWP.
Case ID: CNAPP-1336
Known limitations: N/A
Affected Components: RISK MANAGEMENT PROTECTED ASSETS