March 2024

IMPROVEMENT CG API Keys - Last used info - 2:00 UTC
Description: CG now displays API keys with the information about when were they last been used.
Case ID: DFR-2953
Known limitations: N/A
Affected Components: Api Keys

IMPROVEMENT AWS Code Build Project - 10:00 UTC
Description: Reduced fetching frequency for Aws Code Build Project to once a day to avoid throttling.
Case ID: DFT-3574
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now fetched with a new mechanism and containing more fields (fields that are not configured will contain null). Relevant to Singapore, Mumbai and Canada DCs only.

Case ID: CNAPP-7749, CNAPP-7750, CNAPP-7751
Known limitations: Relevant to Singapore, Mumbai, Canada DC only
Affected Components: FETCHERS

IMPROVEMENT AWS Organization Account - 15:30 UTC
Description: Add SCP account policies that are inherited from OU.
Case ID: DFR-2256
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

FIXED Risk Management - Azure SQL Server Network Exposure - 11:30 UTC

Description: Treating the build it firewall rule that allows traffic from Azure services as partially public.
Case ID: CNAPP-7702
Known limitations: N/A 
Affected Components: RISK MANAGEMENT PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: General maintenance and content updates. A complete list can be found here.

Case ID: CNAPP-7825, DFT-3536
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature CIEM label can be added to CSPM rules - 11:00 UTC
Description: Adding support for adding CIEM label to custom CPSM rule, findings with that label will show up under CIEM\Findings.
Case ID: DFR-3257
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE CIEM

feature Multi entities selection on CSPM exclusions - 10:00 UTC
Description: Added support for multi entities selection on CSPM exclusion, entities can be selected from a list or by using a wildcard
Case ID: DFR-3422, DFR-2327
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS Region - 11:00 UTC
Description: Added support for Organization Access Analyzers Type under the “accessAnalyzers” field.
Case ID: DFR-3185
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

feature AWS Organization Unit - 10:00 UTC
Description: Added support for AWS Organization Unit in compliance engine and protected assets.
Case ID: DFR-2914
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED Risk Management - Azure SQL Server Network Exposure - 13:25 UTC

Description: Ignoring firewall rule that allows traffic from Azure services when calculating external public exposure.
Case ID: CNAPP-7702
Known limitations: N/A 
Affected Components: RISK MANAGEMENT PROTECTED ASSETS

IMPROVEMENT Azure Load Balancer 11:00
Description: Added outbound rules support for the ‘LoadBalancer’ entity as a new property: ‘outboundRules’.
Case ID: DFR-2352
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

IMPROVEMENT AWS CloudWatch Events - 11:10 UTC
Description: Added support for ECS parameters as new property 'targets[].ecsParameters' for the ‘CloudWatchEventsRule’ entity.
Case ID: DFR-3372
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

IMPROVEMENT AWS Security Group - 11:10 UTC
Description: Added support in the ‘SecurityGroup’ entity for ‘EcsSchduledTask’ under the ‘networkAssetsStats’ property.
Case ID: DFR-3372
Known limitations: N/A
Affected Components: FETCHERS COMPLIANCE ENGINE

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New Ruleset CIS Amazon EKS Benchmark v1.4.0, New Ruleset CIS GKE Benchmark v1.5.0, New Ruleset CIS Microsoft Kubernetes Engine (AKS) Benchmark v1.4.0; New AWS,OCI, Alibaba ,GCP and Kubernetes rules. A complete list can be found here.

Case ID: CNAPP-7660, DFT-3455
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS S3 Bucket - 12:00 UTC
Description: Avoid deleting previous data of AWS S3 Bucket when not receiving new data (due to missing permissions or other reasons).
Case ID: DFR-2952
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT AWS Account - 10:30 UTC
Description: Added support for ‘Contact Information’ property in AWS Account in Compliance engine & Protected Assets.
Case ID: DFR-2383
Known limitations: N/A
Affected Components: FETCHERS

IMPROVEMENT OCI VNIC - 9:30 UTC
Description: Expose public & private IP in OCI VNIC in Protected Assets page
Case ID: DFT-3217
Known limitations: N/A
Affected Components: FETCHERS PROTECTED ASSETS

IMPROVEMENT Sydney - GCP BigQueryTable, GCP DataprocCluster - 10:00 UTC
Description: GCP BigQueryTable and GCP DataprocCluster are now containing more fields (fields that are not configured will contain null). Relevant to Sydney DC only.
Case ID: CNAPP-7553
Known limitations: N/A
Affected Components: FETCHERS

fixed AWS Credential Report API - 9:00 UTC

Description: Fixed an issue that caused the presentation of old data in the 'CloudIamCredentialReport' API.

Case ID: DFT-3454
Known limitations: N/A 
Affected Components: fetchers

fixed GSL Builder Export | OU Path set to N/A while running a GSL rule - 15:00 UTC

Description: Fixed missing OU path when exporting from GSL builder

Case ID: DFT-3339
Known limitations: N/A 
Affected Components: ui

fixed UI | Unable to associate Ali baba cloud to another OU - 11:00 UTC

Description: Fixed failure to associate Ali baba cloud to OU

Case ID: DFT-3496
Known limitations: N/A 
Affected Components: ui

fixed Azure PostgreSQL - 10:50 UTC

Description: Fixed an issue that caused partial fetching for ‘PostgreSQL’ entities.

Case ID: DFT-3466
Known limitations: N/A 
Affected Components: fetchers

feature GCP Identity Platform - 13:00 UTC
Description: Added support for GCP Identity Platform Entities: IdentityPlatformTenant and IdentityPlatformUser.
Case ID: CNAPP-1463
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Network Security Groups Management - 11:30 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7585
Known limitations: N/A
Affected Components: FETCHERS API

FEATURE Risk Management - Network Exposure - 11:30 UTC

Description: Network Exposure support for Azure SQL Server. Available in Protected Assets and as part of the risk score calculation.
Case ID: CNAPP-7064
Known limitations: N/A 
Affected Components: RISK MANAGEMENT PROTECTED ASSETS

fixed AWS VPC\KMS\Route table shown incorrectly in Protected Assets - 10:00 UTC

Description: Fixed a bug where AWS VPC\KMS was shown as Alibaba VPC\KMS in the protected assets table, and AWS route table was shown as Azure route table in the protected assets table.

Case ID: DFT-3458, DFT-3510, DFT-3452, DFT-3508
Known limitations: N/A 
Affected Components: ui

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New AWS, OCI, Alibaba, and GCP rules; DFTs fixes. A complete list can be found here.

Case ID: CNAPP-7557, DFT-3484, DFT-3447
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed UI | Missing permissions | Key vault seems to be duplicated on the amount of entities that have an issue- 10:00 UTC

Description: Remove duplication of key vault

Case ID: DFT-3408
Known limitations: N/A 
Affected Components: ui

fixed UI | Reporting | when we download the report from CIEM somehow don't get the label column on the export file- 14:00 UTC

Description: Lable was added to CIEM findings

Case ID: DFT-2551
Known limitations: N/A 
Affected Components: ui

feature GCP Cloud Source Repository 13:00 UTC
Description: Added support for GCP Cloud Source Repository entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-1467
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Network Security Groups Management - 13:25 UTC
Description: Internal change in the way we generate tokens to access Azure APIs. The change affects services that manage the network security groups in Azure.
Case ID: CNAPP-7491
Known limitations: N/A
Affected Components: FETCHERS API

IMPROVEMENT Azure User - 12:30 UTC
Description: Added support for ‘assignmentRoles’ property in Azure User in Compliance Engine and Protected Assets.
Case ID: DFT-3348
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Azure Cosmos DB Account - 11:15 UTC
Description: Added support for ‘minimalTlsVersion’ property in Azure Cosmos DB Account in Compliance Engine and Protected Assets.
Case ID: DFR-2932
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed UI | MSP | Cannot switch roles on FireFox - 14:00 UTC

Description: Fixed issue of switching logs in MSP in Firefox

Case ID: DFT-3430
Known limitations: N/A 
Affected Components: ui

IMPROVEMENT Compliance Rulesets Update - 11:00 UTC

Description: DFTs fixes. A complete list can be found here.

Case ID: CNAPP-7453, DFT-3455, DFT-3381
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT GCP GKE Cluster - 10:00 UTC
Description: Added support for ‘networkConfig’ property in GCP GkeCluster.
Case ID: DFR-2663
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE fetchers

fixed AWS Kinesis Firehose - 06:00 UTC

Description: Fixed rate limit issue in AWS Kinesis Firehose.

Case ID: DFT-3432
Known limitations: N/A 
Affected Components: fetchers

feature GCP Cloud Armor Security Policy entity - 13:00 UTC
Description: Added support for GCP Cloud Armor Security Policy entity in Compliance Engine and Protected Assets.
Case ID: DFR-2968
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed UI | Typo in Role Creation Screen - 18:00 UTC

Description: Fix typo in role creation screen

Case ID: DFT-3483
Known limitations: N/A 
Affected Components: ui

fixed Slack and Teams Notification - 18:00 UTC

Description: Bug fix in Slack and Teams Notifications.

Case ID: CNAPP-8613
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT AWS S3 Bucket - 17:30 UTC
Description: Added support for ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.isCrossAccountKey’ and ‘encryption.serverSideEncryptionRules.serverSideEncryptionByDefault.kmsKey' properties in AWS S3 Bucket in Compliance engine & Protected Assets.
Case ID: DFR-2482
Known limitations: Keys which are cross account will be seen in the 'kmsKey’ property - only if belongs to a cloud account which was on boarded to the same CloudGuard account as the S3Bucket’s cloud account, and only if the client has approved account data sharing.
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

fixed Slack and Teams Notification - 23:00 UTC

Description: Bug fix in Slack and Teams Notifications.

Case ID: CNAPP-8613
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS