January 2024

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New AZURE and AWS rules. A complete list can be found here.

Case ID: CNAPP-6880, DFT-3234
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature Azure VMware Solution - 10:00 UTC
Description: Added support for the Azure VMware Solution entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5626
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Internet Gateway - 10:00 UTC
Description: Added support for AWS Internet Gateway in compliance engine and protected assets.
Case ID: IN-8428
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fix Azure fetching for China - 14:30 UTC

Description: Fix support for Azure China in Azure entities - Front Door (fixed), Policy Set Definition (fixed) & Postgre SQL Flexible Server (not supported).
Case ID: CNAPP-5775
Known limitations: N/A
Affected Components: fetchers

feature 2.27.0: Runtime Protection: K8s events on terminating container
Description: Runtime Protection daemon 1.14.0

• Added creating Kubernetes events when a container is terminated by CloudGuard Runtime Protection

• Changed ClusterRole permissions to enable Kubernetes events publishing
  Case ID: CON-8315
  Known limitations: N/A
  Affected Components: COntainers

fixed AWS Application Load Balancer - UTC 11:30
Description: Fixed “listeners.certificates” property, to work in AWS China accounts as well, for AWS Application Load Balancer in Compliance Engine and Protected Assets.
Case ID: DFT-3249
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

fixed Azure Storage Account - UTC 08:40
Description: Fixed data mismatch issue for “publicNetworkAccessAsDisplayedInPortal” property in Azure Storage Account.
Case ID: DFT-3340, DFT-3308
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

feature Azure Private Link Service - UTC 13:00
Description: Added support for the Azure Private Link Service entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5635
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Improvement Changes in the Risk Management Dashboard.
Description: Updated the look and feel of the “Riskiest entities” section with new widgets and changed the pie chart widgets to a list.
Case ID: CNAPP-6681
Known limitations: N/A
Affected Components: UIERM

Improvement Data Classification in protected assets.
Description: Added the ability to see the data classification of protected assets that have been scanned for data sensitivity.
Case ID: CNAPP-5370
Known limitations: N/A
Affected Components: UIERM

Improvement Monitored environments widget
Description: Added a capability to filter the monitored environments widget by OU's
Case ID: DFR-2938
Known limitations: N/A
Affected Components: UI

fixed Important: Update Kubernetes Agents to Resolve Image Assurance Failures - 9:00 UTC
Description: Due to recent changes introduced in containerd runtime and its adoption in EKS, AKS, and GKE, Image Assurance agents may fail to scan images (with 'Image export failure' errors).
Please upgrade your Kubernetes agents to a recent Helm chart version (2.26.0 or above).
Case ID:
Known limitations: N/A
Affected Components: containers

IMPROVEMENT AWS Workspace - 13:00 UTC
Description: Exposed the “ipAddress” property for the AWS Workspace entity in the Protected Assets report, under the “Public IPs” field.
Case ID: DFT-3254
Known limitations: N/A
Affected Components: PROTECTED ASSETS FETCHERS

feature AWS Bedrock - UTC 11:30

Description: Added support for the AWS Bedrock entities: AWS Bedrock Custom Model and AWS Bedrock Custom Model Job in Compliance Engine and Protected Assets.

Case ID: DFR-2948, CNAPP-5237
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 11:30 UTC

Description: New Ruleset NIST SP 800-171 rev2 for AWS; New Ruleset RMiT for AWS, Azure, and GCP; New Ruleset New Zealand ISM v3.6 for AWS; New Ruleset Workload Vulnerability Default 2.0 for K8s; New AZURE and GCP rules. A complete list can be found here.

Case ID: CNAPP-6718, DFR-2646, DFT-3244
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature Azure Confidential Ledger - UTC 09:00
Description: Added support for the Azure Confidential Ledger entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-5637
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

improvement Strengthened outbound rules for AWP scanner - UTC 08:20

Description:

• AWS: Allowing outbound rules for AWP S3 buckets only, using associated S3 endpoint.

• Azure: Allowing outbound rules for associated Azure services only, using Azure service tags.Including Storage account service for AWP results and relevant services that required for Function app scanning. 

Case ID: AL-1664, AL-1260
Known limitations:
Affected Components: AWP

feature Azure onboarding - UTC 08:20

Description: Support custom names on Azure onboarding

Case ID: AL-2026
Known limitations:
Affected Components: AWP

feature Azure Centralized account - UTC 08:20

Description: Allowing also centralized account to be associated to management group level and not only for all Azure tenant

Case ID: AL-2049
Known limitations:
Affected Components: AWP

feature AWP rescan - UTC 08:20

Description: On Demand Rescan

Case ID: AL-12
Known limitations:
Affected Components: AWP

feature Azure WAN - UTC 08:20

Description: Added support for the Azure WAN entities: VirtualWANVPNServer and VirtualWANP2sVPNGateway in Compliance Engine and Protected Assets.

Case ID: CNAPP-5636
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure DevTests Labs - UTC 08:20

Description: Added support for the Azure DevTestLab entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5631
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIXED CloudGuard Deny policy breaks Intelligence from unified-onboarding Release 5.07 - 10:00 UTC

Description: Fixed Intelligence unified-onboarding
Case ID: DFT-3317
Known limitations: N/A
Affected Components: onboard

FIXED Azure Storage Account - 07:00 UTC

Description: Fixed compliance for Azure Storage Account to get publicNetworkAccessAsDisplayedInPortal property with default (“Enabled to all networks”) value when publicNetworkAccess is null.
Case ID: DFT-3308
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Risk Management - Security Issues List - 14:00 UTC

Description: A new page that shows the Security Issues list was added to the Risk Management section. You can drill down into a particular issue by selecting it in the table.

Case ID: CNAPP-6597
Known limitations:
Affected Components: UI ERM

IMPROVEMENT Risk Management Dashboard as default - 14:00 UTC

Description: The Risk Management Dashboard will be the default dashboard if no other default is selected.

Case ID: CNAPP-1234
Known limitations:
Affected Components: UI ERM

FIXED UI | Protected assets - Asset page - Findings getting disappear - 09:00 UTC

Description: fixed the issue of disappearing findings
Case ID: DFT-3272
Known limitations: N/A
Affected Components: PROTECTED ASSETS UI

IMPROVEMENT AWS Network Interface - 11:50 UTC

Description: Exposed the “InterfaceType” property for AWS’ NetworkInterface entity in Protected Assets API, under “additionalFields”.

Case ID: DFR-1560
Known limitations:
Affected Components: PROTECTED ASSETS

IMPROVEMENT GCP Image & Machine Image - 11:50 UTC

Description: Exposed the “creationTimestamp” property for GCP’s Image & MachineImage entities in Protected Assets API, under “additionalFields”.

Case ID: DFR-2900
Known limitations:
Affected Components: PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New Ruleset CIS v2.0 for OCI; New AZURE rules. A complete list can be found here.

Case ID: CNAPP-6587, DFT-3275
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature Azure Video Indexer - 09:30 UTC

Description: Added support for Azure Video Indexer entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4906
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure DDoS Protection Plan - 09:30 UTC

Description: Added support for Azure DDoS Protection Plan entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5632
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Risk Management - Network Exposure - 11:00 UTC

Description: When calculating network exposure for Azure WebApp and FunctionApp, checking the existence of private endpoints to determine the Public Network Access status.
Case ID: CNAPP-5872
Known limitations: N/A
Affected Components: RISK MANAGEMENT COMPLIANCE ENGINE PROTECTED ASSETS

feature Workload Protection - UI changes - 13:40 UTC

Description: Menu changes, GSL builder and notifications. A complete list can be found here.

Case ID: CON-7141
Known limitations:
Affected Components: COntainers ui

feature Azure Virtual Desktop - 13:40 UTC

Description: Added support for Azure Virtual Desktop Application Group entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5592
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure Email Communication - 13:40 UTC

Description: Added support for Azure Email Communication entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5627
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure Managed Instance for Apache Cassandra - 12:00 UTC

Description: Added support for Azure Cassandra Cluster (Managed instance for Apache Cassandra) entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5630
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Exclusions Bulk Delete - 17:50 UTC

Description: Update API Documentation.
Case ID: CNAPP-3905
Known limitations:
Affected Components: ui

IMPROVEMENT AWS WAFRegionalV2 - 7:00 UTC

Description: Added support for ‘cognitoUserPools’, ‘appRunnerServices’, ‘appSyncs’ and ‘verifiedAccessInstances’ properties of AWS WAFRegionalV2 entity in compliance engine and protected assets.

Case ID: DFR-2869
Known limitations:
Affected Components: PROTECTED ASSETS COMPLIANCE ENGINE

feature New Region Support in AWS - Tel Aviv (il-central-1) - 11:00 UTC

Description: Added support for new region in AWS - Tel Aviv (il-central-1) in compliance engine and protected assets

Case ID: DFT-3158, CNAPP-4908, CNAPP-5525
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure VM Image Template - 09:30 UTC

Description: Added support for Azure VM Image Template entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5625
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure DNS Zone- 09:30 UTC

Description: Added support for Azure DNSZone entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5633
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: New Ruleset SOC2 for GCP; New Ruleset SOC2 for Azure; New Ruleset ENS 2022 for GCP; New AZURE rules. A complete list can be found here.

Case ID: CNAPP-6338, DFT-3218, DFT-3207
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED AWS Onboarding | Unified onboarding broke for customer because files were removed from CFT - 09:00 UTC

Description: Added link to CFT
Case ID: DFT-3282
Known limitations: N/A
Affected Components: onboarding

IMPROVEMENT AWS Auto Scaling Group - 3:30 UTC

Description: Added the AWS Auto scaling group entity to the protected assets table.

Case ID: DFR-3362
Known limitations:
Affected Components: PROTECTED ASSETS

FIXED UI | Wrong policy named and linked in under "Update Permissions" - 12:00 UTC

Description: Fix policy name that was presented after unified onboarding
Case ID: DFT-3027
Known limitations: N/A
Affected Components: ui onboarding

FIXED UI | Assets and Environment recently opened are shown cross-tenant - 12:00 UTC

Description: Fix handling of cache in order to show correct information
Case ID: DFT-3199
Known limitations: N/A
Affected Components: ui

FIXED AWS onboarding issue with AWS China accounts - 15:00 UTC

Description: Fix update of already onboarded account with user credentials in AWS China region
Case ID: DFT-3221
Known limitations: N/A
Affected Components: onboarding

FIXED Online documentation description of Organizational Units includes important but factually incorrect statement, needs to be fixed (or OUs need to be fixed) - 11:00 UTC

Description: Documentation was updated
Case ID: DFT-2797
Known limitations: N/A
Affected Components: ui

FIXED Invalid permissions removal - AWS onboarding - 08:00 UTC

Description: Some invalid permissions that was included in the AWS Onboarding CFT was removed.
Case ID: DFT-3209
Known limitations: N/A
Affected Components: onboarding

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: Rulesets enrichments; New AZURE rules. A complete list can be found here.

Case ID: CNAPP-6214, DFT-3235, DFT-3249, DFT-3259
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature Azure Storage Mover - 09:00 UTC

Description: Added support for Azure StorageMover entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4904
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure HPC Cache - 09:00 UTC

Description: Added support for Azure HPCCache entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4235
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure Elastic SAN - 09:00 UTC

Description: Added support for Azure ElasticSAN entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-4234
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature Azure Elastic Monitor - 09:00 UTC

Description: Added support for Azure ElasticMonitor entity in Compliance Engine and Protected Assets.

Case ID: CNAPP-5628
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE Exclusion Bulk Delete - 00:30 UTC

Description: Add support for bulk delete of multiple exclusions by exclusion ids. POST : v2/compliance/Exclusion/BulkDelete.
Case ID: DFR-3095, CNAPP-3905
Known limitations: N/A
Affected Components: exclusion compliance engine