October 2024
Deployment October 30, 2024
status:IMPROVEMENT Compliance Rulesets Update - 10:00 UTC
Description: New rules for AWS, Azure and GCP. A complete list can be found here.
Case ID: CNAPP-13100, DFT-4224
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS
Deployment October 29, 2024
status:IMPROVEMENT Improvements and bug fixes in the Risk Management area - 11:30 UTC
Description:
Excluding a Toxic Combination issue now allows selecting the entity name manually.
Excluding a Toxic Combination issue now allows adding multiple package names manually.
Fix an issue where IAM Sensitivity was not displayed if it was 0.
Numerous other minor bug fixes and improvements.
Case ID: CNAPP-11781, CNAPP-11865, CNAPP-13073
Known limitations: N/A
Affected Components: status:ERM status:UI
status:IMPROVEMENT New entities support in CIEM UI - 11:30 UTC
Description:
Added support for Azure Kubernetes Cluster in CIEM entitlement map and CIEM events - over permissive events.
Added support for Azure Virtual Machine in CIEM events.
Case ID: CNAPP-13060
Known limitations: N/A
Affected Components: status:CIEM status:UI
Deployment October 28, 2024
status:Feature Azure Hybrid Network Network Function Manager entity - 09:30 UTC
Description: Added support for Azure Hybrid Network Network Function Manager entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12214
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
Deployment October 27, 2024
status:Feature Alibaba Cloud DNS Domain Entity - 14:00 UTC
Description: Added support for Alibaba Cloud DNS Domain entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12120
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature Azure Web Pub Sub Entity - 15:00 UTC
Description: Added support for Azure Web Pub Sub Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11747
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature AWS Mainframe Modernization Entities - 15:00 UTC
Description: Added support for Aws Mainframe Modernization Environment & Application in Compliance Engine and Protected Assets.
Case ID: CNAPP-12065
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature Alibaba ApsaraDB for Redis Instance Entity - 15:00 UTC
Description: Added support for Alibaba ApsaraDB for Redis Instance entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12122
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature GCP Sensitive Data Protection Dlp Job entity - 15:00 UTC
Description: Added support for GCP Sensitive Data Protection Dlp Job entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12220
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature GCP Vertex AI Search For Retail Catalog entity - 15:00 UTC
Description: Added support for GCP Vertex AI Search For Retail Catalog entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12216
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature Azure Resource Mover Move Resource entity - 15:00 UTC
Description: Added support for Azure Resource Mover Move Resource entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12577
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature GCP Vertex AI Agent Builder DataStore entity - 15:00 UTC
Description: Added support for GCP Vertex AI Agent Builder DataStore entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12140
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT AWS EC2 Instance new property - 15:00 UTC
Description: Added support for a new property in Aws EC2 Instance - “InstancePatchState” in Compliance Engine.
Case ID: DFR-3888
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature AWS Billing Conductor Billing Group entity - 15:00 UTC
Description: Added support for AWS Billing Conductor Billing Group entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-13104
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature Azure Traffic Manager Profile entity - 15:00 UTC
Description: Added support for Azure Traffic Manager Profile entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-13106
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT Azure Container Instance new properties - 15:00 UTC
Description: Added support for new properties in AZURE Container Instance - “imageRegistryCredentials” & “securityContext“ in Compliance Engine.
Case ID: DFR-3500
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:fixed Fixed ‘Entity Type’ Resources Mismatch - 16:00 UTC
Description: Fixed AWS Entity Type Resources Mismatched with Alibaba Resources In ‘All Events' Page.
Case ID: DFT-4285
Known limitations: N/A
Affected Components: status:aLL events status:COMPLIANCE ENGINE status:UI
Deployment October 23, 2024
status:IMPROVEMENT Compliance Rulesets Update - 08:00 UTC
Description: New rules for AWS and Azure. A complete list can be found here
Case ID: CNAPP-13012, DFT-4281, DFT-4292
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS
Deployment October 22, 2024
status:Feature Azure Managed Grafana entity - 11:40 UTC
Description: Added support for Azure Managed Grafana entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12229
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature AWS Direct Connect entities - 11:40 UTC
Description: Added support for AWS Direct Connect Connection && Direct Connect Gateways & Virtual Interface entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-12570
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FEATURE Helm 2.33.0: Image Assurance 2.37.0: Quay Registry scanning support
Description:
Image Assurance 2.37.0
Quay Container Registry scanning support
By default scan more images in base image repositories of Container Registries
Affected Components: CloudGuard Workload Protection agents
Case ID: CON-10296
Known limitations: N/A
Affected Components: status:COntainers
Deployment October 21, 2024
status:IMPROVEMENT Azure AppRegistration new property - 11:30 UTC
Description: Added support for a new property in AZURE AppRegistration - “assignmentRoles” in Compliance Engine.
Case ID: DFR-3635
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT Toxic Combination Update - 16:30 UTC
Description: New Rules
Critical severity malware was detected on a virtual machine
Critical severity malware was detected on a serverless function.
Critical severity malware was detected on a container workload.
High severity malware was detected on a virtual machine.
High severity malware was detected on a container workload.
High severity malware was detected on a serverless function.
Case ID: CNAPP-12349
Known limitations: N/A
Affected Components: status:Toxic Combination Rules
Deployment October 20, 2024
status:IMPROVEMENT Azure Network Security Groups - 11:30 UTC
Description: Azure SDK upgrade for data fetcher and APIs related to Network Security Groups management.
Case ID: CNAPP-2134
Known limitations: N/A
Affected Components: status:network security status:api status:FETCHERS
status:IMPROVEMENT AWS S3 Bucket default region - 10:00 UTC
Description: Enabled a default region (“Global”) for AWS S3 buckets in cases the region is not yet supported in CloudGuard, or in cases there is no permission to retrieve the region to CloudGuard.
Case ID: DFR-3470
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature GCP Firebase Hosting Site entity - 13:10 UTC
Description: Added support for GCP Firebase Hosting Site entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12208
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature Azure Health Data Services Deid Service entity - 13:10 UTC
Description: Added support for AZURE Health Data Services Deid Service entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12160
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature GCP Translation AI entities - 13:10 UTC
Description: Added support for GCP Translation AI Model & Glossary & Dataset in Compliance Engine and Protected Assets.
Case ID: CNAPP-12106
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature GCP Migrate to Virtual Machines Source entity - 13:10 UTC
Description: Added support for GCP Migrate to Virtual Machines Source entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12102
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature Azure Managed Applications Application entity - 13:10 UTC
Description: Added support for Azure Managed Applications Application entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12206
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:Feature AWS Fault Injection Simulator entities - 13:10 UTC
Description: Added support for Aws Fault Injection Simulator Experiment && ExperimentTemplate in Compliance Engine and Protected Assets.
Case ID: CNAPP-12226
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:fixed Assessment History Export CSV for OCI & Kubernetes environments - 16:00 UTC
Description: Fix Assessment History Report Export for OCI & Alibaba Environments
Case ID: DFT-12818
Known limitations: N/A
Affected Components: status:COMPLIANCE Assessment History status:UI
status:fixed Multiple Ruleset Assessment History - Copying Request ID - 16:00 UTC
Description: Enable copying request Id from the Success Toast.
Case ID: DFT-4223
Known limitations: N/A
Affected Components: status:multiple Assessment History status:UI
status:fixed Enable Run Multiple Ruleset Assessment History From Infinity Portal - 18:00 UTC
Description: Enable Run Multiple Ruleset Assessment History By Infinity Portal User.
Case ID: DFT-4223
Known limitations: N/A
Affected Components: status:multiple Assessment History status:UI
Deployment October 16, 2024
status:IMPROVEMENT Compliance Rulesets Update - 9:00 UTC
Description: New rules for AWS, Azure and GCP. A complete list can be found here.
Case ID: CNAPP-12806, DFT-4118, DFT-4209, DFT-4280
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS
status:IMPROVEMENT Intelligence Rulesets Update - 05:00 UTC
Description: Updating Intelligence rules. A complete list can be found here.
Case ID: DFT - 4162
Known limitations: N/A
Affected Components: status:INTELLIGENCE RULESETS
Deployment October 15, 2024
status:fixed CIEM App Registration not found issue - 13:00 UTC
Description: Fixed an issue where App Registration entity related findings were sometimes not found.
Case ID: CNAPP-12992
Known limitations: N/A
Affected Components: status:CIEM
status:Improvement Toxic Combinations Action Hub visibility - 13:00 UTC
Description: The TC Actions hub will be visible in read-only mode for users without the required permission to create new actions.
Case ID: DFT-4248, CNAPP-12350
Known limitations: N/A
Affected Components: status:Toxic Combinations
Deployment October 13, 2024
status:IMPROVEMENT Azure Aks Cluster new properties - 10:10 UTC
Description: AAdded support for new properties in Azure Aks Cluster - “powerState” in Compliance Engine, “nodeOSUpgradeChannel” in Compliance Engine.
Case ID: DFR-3638, DFR-3559
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT Azure Aks Cluster new properties - 10:10 UTC
Description: AAdded support for new properties in Azure Aks Cluster - “powerState” in Compliance Engine, “nodeOSUpgradeChannel” in Compliance Engine.
Case ID: DFR-3638, DFR-3559
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureAzure CodeDeploy Deploy Entity - 10:10 UTC
Description: Added support for AWS CodeDeployDeploy entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12204
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureGCP Cloud Interconnect Entity - 10:10 UTC
Description: Added support for GCP Cloud Interconnect entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11699
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
Deployment October 10, 2024
status:FeatureAzure Data Collection Endpoint Entity - 10:30 UTC
Description: Added support for Azure Data Collection Endpoint Entity in Compliance Engine and Protected Assets.
Case ID: DFR-3636
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT Azure Data Explorer Cluster new property - 12:00 UTC
Description: Added support for a new property in Azure Data Explorer Cluster - “publicNetworkAccess” in Compliance Engine.
Case ID: DFR-12432
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:fixed Azure Application Gateway - 13:00 UTC
Description: Resolved an issue with the ‘ApplicationGateway’ entity that was causing assessment failures.
Case ID: DFT-4253
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE
status:IMPROVEMENT AWS S3 Bucket new property - 13:30 UTC
Description: Added support for a new property in AWS S3 Bucket - “isObjectOwnershipACL” in Compliance Engine.
Case ID: DFR-3745
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:fixed Assessment History Export CSV for OCI environments - 16:00 UTC
Description: Fix Assessment History Report Export for OCI Environments
Case ID: DFT-4356
Known limitations: N/A
Affected Components: status:COMPLIANCE Assessment History status:UI
status:fixed Bug fixes in the area of Toxic Combinations - 17:00 UTC
Description: Fixed numerous display issues in the table and dashboard.
Case ID: DFT-4315, DFT-4332, DFT-4335, DFT-4337, DFT-4338, DFT-4340
Known limitations: N/A
Affected Components: status:ui
Deployment October 09, 2024
status:IMPROVEMENT OCI StorageBucket properties - 4:00 UTC
Description: Added support for “kmsKeyId” property in “OCI StorageBucket” entity.
Case ID: DFT-4118
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureAzure Cloud Service entity - 09:00 UTC
Description: Added support for Azure Cloud Service entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11623
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureAWS Health Omics Annotation Store entity - 09:00 UTC
Description: Added support for AWS Health Omics Annotation Store entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11726
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureGCP Blockchain Node Engine Node entity - 09:00 UTC
Description: Added support for GCP Blockchain Node Engine Node entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11998
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT AWS S3 Bucket new property - 09:00 UTC
Description: Added support for a new property in AWS S3 Bucket - “Creation Date Attribute” in Compliance Engine.
Case ID: DFR-3824
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureGCP Dataform Repository entity - 09:00 UTC
Description: Added support for GCP Dataform Repository entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12070
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT AWS AMI New property - 12:00 UTC
Description: Added support for a new property in AWS AMI - “KmsKeyId” in Compliance Engine.
Case ID: DFR-3577
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:fixed Masking of Pasted Secret Keys with Toggle Visibility Icon - 15:00 UTC
Description: Fixed Input to mask Secret Keys when editing credentials for Azure & Alibaba
Case ID: DFT-4279
Known limitations: N/A
Affected Components: status:ui
status:fixed Improved Filter Integration for Selection Buttons on Environment Page - 15:30 UTC
Description: Resolved an issue where selection buttons on the Environments page did not honor applied filters .
Case ID: DFT-4238
Known limitations: N/A
Affected Components: status:ui
status:fixed Enhanced Data Accuracy in GSL Entity Inspector Dialog - 15:30 UTC
Description: Fix data logic in Entity Inspector Dialog, ensuring accurate representation of entities results in GSL Editor page.
Case ID: DFT-4057
Known limitations: N/A
Affected Components: status:ui status:COMPLIANCE ENGINE
Deployment October 07, 2024
status:IMPROVEMENT Intelligence Rulesets Update - 06:30 UTC
Description: New CDR rules for AWS. A complete list can be found here.
Case ID: CNAPP-12554, DFT-4212
Known limitations: N/A
Affected Components: status:INTELLIGENCE RULESETS
status:IMPROVEMENT Toxic Combination Update - 16:30 UTC
Description: New Rules
Microsoft Exchange Server ProxyShell Vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) was detected on a Virtual Machine.
Microsoft Exchange Server ProxyShell Vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) detected on a container workload.
Case ID: CNAPP-11925
Known limitations: N/A
Affected Components: status:Toxic Combination Rules
Deployment October 06, 2024
status:FeatureGCP Live Stream API entities - 12:30 UTC
Description: Added support for GCP Live Stream API Channel & Input Entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-11693
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureAzure Notification Hubs Namespace entity - 12:30 UTC
Description: Added support for Azure Notification Hubs Namespace entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11982
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureGCP Cloud Backup and DR Management Server entity - 12:30 UTC
Description: Added support for GCP Cloud Backup and DR Management Server entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11979
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:FeatureAzure Log Analytics Workspace entity - 12:30 UTC
Description: Added Support for Azure Log Analytics Workspace in Compliance Engine and Protected Assets.
Case ID: DFR-2755
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
status:IMPROVEMENT AWS EKS Cluster new property - 12:30 UTC
Description: Added the field “Addons” containing network policy for EKS cluster.
Case ID: DFR-2991
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS
Deployment October 01, 2024
status:fixed Exporting/Downloading "Assessment History" failing - 400 Error - 15:00 UTC
Description: Fixed exporting and downloading assessment history for K8s
Case ID: DFT-4300
Known limitations: N/A
Affected Components: status:ui
status:IMPROVEMENT Toxic Combination Update - 16:00 UTC
Description: New Rules
Cups-browsed Vulnerability (CVE-2024-47176) was detected on a virtual machine exposed to the public internet
Cups-browsed Vulnerability (CVE-2024-47176) was detected on a container workload exposed to the public internet
Libcupsfilters vulnerability (CVE-2024-47076) was detected on a virtual machine exposed to the public internet
Libcupsfilters vulnerability (CVE-2024-47076) was detected on a container workload exposed to the public internet
Libppd Vulnerability (CVE-2024-47175) was detected on a virtual machine exposed to the public internet
Libppd Vulnerability (CVE-2024-47175) was detected on a container workload exposed to the public internet
Cups-filters Vulnerability (CVE-2024-47177) was detected on a virtual machine exposed to the public internet
Cups-filters Vulnerability (CVE-2024-47177) was detected on a container workload exposed to the public internet
Publicly exposed virtual machine with PII data
Publicly exposed virtual machine with PHI data
Publicly exposed virtual machine with PCI data
Publicly exposed virtual machine with credentials data
Case ID: CNAPP-12525, CNAPP-12267
Known limitations: N/A
Affected Components: status:Toxic Combination Rules
status:IMPROVEMENT Compliance Rulesets Update - 9:30 UTC
Description: New rules for AWS, Azure, and GCP. A complete list can be found here.
Case ID: CNAPP-12363, DFR-3771, DFT-4224
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS
status:IMPROVEMENT Assessment History Stability Improvements - 00:00 UTC
Description: Improve Assessment History export to CSV (notice, tags format changed) and UI representation of big assessments.
Case ID: DFR-3674, DFT-3710
Known limitations: N/A
Affected Components: status:COMPLIANCE Assessment History status:UI