September 2024

September 2024

Deployment September 30, 2024

IMPROVEMENT Intelligence Rulesets Update - 09:30 UTC

Description: Updating Intelligence rules.

Case ID: CNAPP-11903, DFT-4242
Known limitations: N/A 
Affected Components: Intelligence RULESETS

Deployment September 29, 2024

IMPROVEMENT AWS AppSync - 07:30 UTC
Description: Added new fields support for AWS AppSync entity:
ApiType , Dns, EnhancedMetricsConfig, IntrospectionConfig, MergedApiExecutionRoleArn, Owner, OwnerContact,QueryDepthLimit , ResolverCountLimit , Visibility
Case ID: DFT-4203
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature GCP Cloud tasks Queue entity - 9:40 UTC
Description: Added support for GCP Cloud Tasks Queue entity in compliance and protected assets.
Case ID: CNAPP-11583
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed GSL Entities incorrect time issue - 11:00 UTC
Description: Resolved an issue that resulted in incorrect time value assignments.
Case ID: CNAPP-12246
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS

Deployment September 26, 2024

Feature CDR Events tab in Protected Asset page - 08:00 UTC
Description: The CDR Events list for a particular protected asset is now visible within that protected asset’s page as a new tab.
Case ID: CNAPP-11413
Known limitations:
Affected Components: UI PROTECTED ASSETS

Deployment September 25, 2024

Feature AWS Network Manager Core Network Entity - 13:00 UTC
Description: Added support for AWS Network Manager Core Network in Compliance Engine and Protected Assets.
Case ID: CNAPP-11191
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature AWS Comprehend Medical Detection V2 Job Entity - 13:00 UTC
Description: Added support for AWS Comprehend Medical Detection V2 Job entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11596
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature AWS Rekognition Project Entity - 13:00 UTC
Description: Added support for AWS Rekognition Project entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11223
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature AWS Lex V2 Bot Entity - 13:00 UTC
Description: Added support for AWS Lex V2 Bot entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10960
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature GCP Transcoder entities - 13:00 UTC
Description: Added support for GCP Transcoder Job & Job Template entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-11257
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature AWS Clean Room Membership Entity - 13:00 UTC
Description: Added support for AWS Clean Room Membership entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10899
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature Azure Red Hat Open Shift Cluster Entity - 13:30 UTC
Description: Added support for Azure Red Hat Open Shift Cluster Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10956
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Toxic Combination Update - 17:00 UTC

Description: New Rules

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability (CVE-2023-3519) was detected on a virtual machine

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability (CVE-2023-3519) was detected on a container workload

VMware ESXi OpenSLP Heap Overflow Vulnerability (CVE-2021-21974) was detected on a virtual machine

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (CVE-2021-38647) was detected on a virtual machine

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (CVE-2021-38647) was detected on a container workload

HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) was detected on a virtual machine

HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) was detected on a container workload

HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) was detected on a serverless function

Case ID: CNAPP-11475, CNAPP-11476, CNAPP-11692, CNAPP-11956
Known limitations: N/A 
Affected Components: Toxic Combination Rules

Deployment September 24, 2024

IMPROVEMENT Compliance Rulesets Update - 9:00 UTC

Description: New rules for AWS and Azure. A complete list can be found here.

Case ID: CNAPP-12129, DFR-3772, DFT-4220
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed UI | Notification page - 403 toasters from Serverless policies - 18:25 UTC
Description: notification page permission validation for serverless was updated to take into account the new permission
Case ID: DFT-4241
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed UI | Exclusions : Rules are not ticked in the Edit Exclusion - 13:00 UTC
Description: Fix the issue the rules weren’t ticked when editing an exclusion
Case ID: DFT-3926
Known limitations: N/A
Affected Components: ui

fixed GSL Buider : Search box dissapears when searching passed entities. - 13:00 UTC
Description: Fix the issue that search box disappears in GSL builder
Case ID: DFT-4092
Known limitations: N/A
Affected Components: ui

Deployment September 23, 2024

 

fixed Notifications | Cannot delete notifications get 403 - 14:25 UTC
Description: v2/serverless/policy was updated with the correct permissions, added view and manage permissions CloudGuard Resources.
Case ID: DFT-4244
Known limitations: N/A
Affected Components: ui COMPLIANCE ENGINE

fixed Bug Fix - Notification Jira test button disabled - 13:05 UTC
Description: Test button under the Jira selection was appearing as disabled with an incorrect message.
Case ID: CNAPP-12266
Known limitations: N/A
Affected Components: ui

fixed CloudGuard SSO/JIT authentication | No linked role/group – No existing user | able to authenticate on CloudGuard instead of having a permission denied message - 13:05 UTC
Description: Users without permission will see a permission denied page when trying to access CloudGuard UI
Case ID: DFT-2535, DFT-3786
Known limitations: N/A
Affected Components: ui

Deployment September 22, 2024

IMPROVEMENT Azure Subnet new property - 13:00 UTC
Description: Added the ‘Address Ranges’ field to support subnets that have both IPV4 and IPv6 ranges in Azure Subnet entity.
Case ID: DFT-4147
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS api

IMPROVEMENT Azure Service Bus new properties - 13:00 UTC
Description: Added support for the following fields in Azure Service Bus - privateEndpointConnections and publicNetworkAccess.
Case ID: DFR-3676 & DFR-3685
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature AWS Cloud Map Entities - 13:00 UTC
Description: Added support for AWS Cloud Map Namespace and Cloud Map Service in Compliance Engine and Protected Assets.
Case ID: CNAPP-11545
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature AWS SSM Association Entity - 13:00 UTC
Description: Added support for AWS SSM Association Entity in Compliance Engine and Protected Assets.
Case ID: DFR-3771
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature AWS Kendra Index Entity - 13:00 UTC
Description: Added support for AWS Kendra Index Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10954
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT GCP Subnet new property - 13:00 UTC
Description: Added the ‘Purpose’ field to GCP Subnet entity.
Case ID: DFR-3588
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS api

Feature GCP ReCAPTCHA Key Entity - 13:00 UTC
Description: Added support for GCP ReCAPTCHA Key Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11229
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS CodeStarProject & CodeStarUserProfile Deprecated Entities - 13:00 UTC
Description: Remove support for CodeStarProject & CodeStarUserProfile Deprecated Entities.
Case ID: CNAPP-11382
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature GCP Backup for GKE entities - 13:00 UTC
Description: Added support for GCP Backup for GKE Backup & Backup Plan & Restore in Compliance Engine and Protected Assets.
Case ID: CNAPP-11470
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Feature GCP Certificate Manager entities - 13:00 UTC
Description: Added support for GCP Certificate Manager Certificate & Certificate Issuance Config & Certificate Map & Dns Authorization & Trust Config in Compliance Engine and Protected Assets.
Case ID: CNAPP-11972
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Deployment September 19, 2024

Feature Helm 2.32.0- 8:05 UTC
Description: ARM64 support, credentials update improvement

  • ARM64 support: ARM64 support is now available for all agents, except Runtime Protection blade and Shiftleft environment

  • ECS scanner: supporting customer certificates for Container Registries scan from ECS via CG_REG_CA_CERTIFICATE environment variable

  • Labels Unification: standardized labeling across all components

  • Agents restart on credential change: all agents will be restarted when credentials or cluster ID is updated

  • Telemetry Enhancements

Agents versions

  • Inventory 1.15.0

  • Image Assurance 2.36.0

  • Admission Control: Enforcer 2.13.0, Policy 1.9.0

  • Runtime Policy 1.9.0

  • Flow Logs (Intelligence) 0.15.0

Affected Components: CloudGuard Workload Protection agents
Case ID: CON-9935
Known limitations: N/A
Affected Components: COntainers

Deployment September 19, 2024

IMPROVEMENT New “Toxic Combinations” section in Risk Management - 8:00 UTC
Description: Risk Management Toxic Combinations feature is now available for all the customers.

The feature includes four main areas:

  1. Issues - Where you can see the list of all the toxic combinations in your account.

  2. Exclusions - Where you can manage the exclusions for the toxic combinations list

  3. Security Controls - Similar to “Rules” but for Toxic Combination issues

  4. Actions Hub - Where you can add notification for Toxic Combinations.

Affected Components: UI

IMPROVEMENT Bug fixes and UI improvements - 16:00 UTC
Description: Various bug fixes and improvements throughout the system such as:

  • Fixed issue where Protected Assets table in Risk Management would revert to original column order when filter was applied

  • Numerous adjustments to the Reports template creating dialog

  • Various UI adjustments

  • etc…

Affected Components: UI

Deployment September 18, 2024

fixed AWS IAM User - 8:05 UTC
Description: Fixed root account’s ‘passwordEnabled' property value for cloud accounts with inactive fetching.
Case ID: DFT-4148
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT New “All Events” page - 10:05 UTC
Description: New all events page that includes all findings events

Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 12:00 UTC

Description: Description: New Ruleset China Cybersecurity Law for all the supported CSPs; New Ruleset COBIT 2019 for all the supported CSPs; New Ruleset IEC 62443-4-2 for all the supported CSPs; New Ruleset ISO 42001 for Alibaba, AWS, Azure & GCP; New Ruleset ISO/SAE 21434 for all the supported CSPs; New Ruleset NIST 800-160 for all the supported CSPs; New Ruleset NIST 800-161rev1 for all the supported CSPs; New Ruleset NIST 800-207 for all the supported CSPs; New Ruleset NIST 800-218 for all the supported CSPs; New Ruleset NIST 800-37rev2 for all the supported CSPs; New Ruleset NIST AI RMF for all the supported CSPs; New Ruleset NIST Privacy Framework v1 for all the supported CSPs; New Ruleset NIST SP 800-171rev3 for all the supported CSPs; New Ruleset NIST SP 800-171Arev3 for all the supported CSPs; New Ruleset OWASP Top-10 v2021 for all the supported CSPs; New Ruleset SCF-Z (Zero Trust) for all the supported CSPs; New Ruleset Shared Assessments SIG 2024 for all the supported CSPs; New Ruleset Spanish Royal Decree 311/2022 for all the supported CSPs; New Ruleset TISAX ISA for all the supported CSPs; New Ruleset UK Cyber Essentials for all the supported CSPs; New rules for AWS and GCP. A complete list can be found here.

Case ID: CNAPP-11906, DFR-3768, DFR-3770, DFR-3773, DFR-3774, DFR-3775
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

Deployment September 17, 2024

FIX Font size in the Context Graph is now readable on all zoom levels - 8:45 UTC

Description: The font size in the Context Graph is now readable for all the zoom levels. You no longer need to zoom in to read the captions.
Case ID: CNAPP-11927
Known limitations: N/A 
Affected Components: ui

feature AWS Route 53 Application Recovery Controller Entities - 15:00 UTC
Description: Added support for Route 53 Control Panel & Route 53 Routing Control Entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-11552
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Artifact Report entity - 15:00 UTC
Description: Added support for AWS Artifact Report entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11251
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Payment Cryptography Key entity - 15:00 UTC
Description: Added support for AWS Payment Cryptography Key Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11573
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS Data Zone Domain entity - 15:00 UTC
Description: Added support for AWS Data Zone Domain Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10914
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Deployment September 16, 2024

IMPROVEMENT CDR Rulesets Update - 15:00 UTC

Description: Updating rules. A complete list can be found here.

Case ID: CNAPP-10865
Known limitations: N/A 
Affected Components: CDR RULESETS

feature - New 'Code Security Access' Permissions: Enhanced Granularity in Access Control to Code Security Resources -12:00 UTC

Description: We're excited to announce the addition of new "Code Security Resources" permissions! This update allows for more granular control when assigning permissions to Code Security Admin or Member Access to a User or a Role.

Before, the member permission was included to all users by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the permission to a User or a User Role under the 'manage resources' parameter in the Permissions sections of the Users direct permission or Role.

To assign these new permissions:

  • Admins can add them directly to a user’s permissions.

  • Alternatively, admins can assign these permissions as part of a user role.

Case ID:
Known limitations: N/A 
Affected Components: UI COMplaince engine complaince rulesets

Deployment September 15, 2024

IMPROVEMENT Azure Missing Permissions - 8:45 UTC

Description:
Improved Error Summarization: Permissions errors are now summarized to provide customers with the exact permission error, rather than the entire error log.

Case ID: CNAPP-11824
Known limitations: N/A 
Affected Components: ui fetchers

IMPROVEMENT GCP Disk & Virtual Machine - 8:10 UTC

Description:
Protected Assets API:

  • GCP Disk: Added the additionalFields[].sourceImage property for enhanced functionality.

GoogleCloudVMInstance API:

  • Introduced the sourceMachineImage property to improve instance configuration.

  • Corrected the paths for the following properties:

    • disks[].DiskName to disks[].initializeParams.DiskName

    • disks[].DiskSizeGb to disks[].initializeParams.DiskSizeGb

    • disks[].DiskType to disks[].initializeParams.DiskType

    • disks[].SourceImage to disks[].initializeParams.SourceImage

Case ID: DFR-3132, DFR-3134
Known limitations: N/A 
Affected Components: api PROTECTED ASSETS

Deployment September 12, 2024

fixed GSL Builder issue - 15:30 UTC
Description: Fix the issue where some properties weren’t populated
Case ID: DFT-3928
Known limitations: N/A
Affected Components: ui

Deployment September 11, 2024

IMPROVEMENT Compliance Rulesets Update - 08:00 UTC

Description: New Ruleset CIS Azure Foundations Benchmark v3.0.0; New rules for AWS and GCP. A complete list can be found here.

Case ID: CNAPP-11729, DFR-3767, DFR-3769, DFT-4044
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature AWS EMR Studio Entity - 11:30 UTC
Description: Added support for AWS EMR Studio Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11654
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature - New 'CloudGuard Resources' Permissions: Enhanced Granularity in Access Control to all CloudGuard Resources -12:00 UTC

Description: We're excited to announce the addition of new "View/Manage CloudGuard Resources" permissions! This update allows for more granular control when assigning permissions across all CloudGuard Resources. Users can now be granted separate view or manage access to key resources including Notifications, Integrations, Rulesets, Rules, Policies, Remediation, and Exclusions.

Before, the view permission was included to all users by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the permission to a User or a User Role under the 'view resources' parameter in the Permissions sections of the Users direct permission or Role.

To assign these new permissions:

  • Admins can add them directly to a user’s permissions.

  • Alternatively, admins can assign these permissions as part of a user role.

image-20240912-100838.png

 

Case ID: DFT-4174, CNAPP-11850, CNAPP-11898, DFT-4175
Known limitations: N/A 
Affected Components: UI COMplaince engine complaince rulesets

Deployment September 10, 2024

FIX Fixed issue where Toxic Combination filter could not be saved - 10:30 UTC

Description: It is now possible to save the filter.

Case ID: DFT-4082, CNAPP-11679
Known limitations: N/A 
Affected Components: RIsk management

feature AWS CodeGuru Scan Entity - 11:00 UTC
Description: Added support for AWS CodeGuru Scan in Compliance Engine and Protected Assets.
Case ID: CNAPP-10945
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Improvement Added the ability to navigate to a child asset in Toxic Combination information panel - 12:30 UTC

Description: If you have an asset that has child assets (e.g. Auto Scaling Group) it is now possible to navigate to a particular child asset from the information panel.

Case ID: CNAPP-11685
Known limitations: N/A 
Affected Components: RIsk management

feature GCP Speech To Text Entities - 14:00 UTC
Description: Added support for GCP Text To Speech Custom class & GCP Text To Speech Phrase Set in Compliance Engine and Protected Assets.
Case ID: CNAPP-9491
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Toxic Combination Update - 15:30 UTC

Description: New Rules

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) was detected on a virtual machine

CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) was detected on a container workload

Case ID: CNAPP-11425
Known limitations: N/A 
Affected Components: Toxic Combination Rules

Deployment September 9, 2024

FIX Enforced access denied to insufficient permissions for Billing Information and Account ID for users with no permissions in UI - 10:30 UTC

Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team

Case ID: CNAPP-11490, DFT-3786, DFT-2535
Known limitations: Users or Roles who had no permissions specified will no longer have view permissions to billing information or the account ID under the Account Page.
Affected Components: UI

FEATURE AWP | Support AWS org onboarding with Centralized mode - 10:30 UTC

Description: AWS org onboarding now supports AWP in a centralized mode.

Case ID: AL-2376
Known limitations: N/A 
Affected Components: AWP

fixed Dashboard | Incorrect alerts for time range 'custom' - 10:00 UTC
Description: Fix custom date range for widget with source 'Alerts'
Case ID: DFT-3898
Known limitations: N/A
Affected Components: ui

Deployment September 8, 2024

FEATURE Package License GSL - 10:30 UTC

Description: New SbomPackage GLS entity available for querying licenses and package managers under Workload Vulnerability GSL

Case ID: CON-9299
Known limitations: N/A 
Affected Components: CONTAINERS

Deployment September 5, 2024

IMPROVEMENT CDR Rulesets Update - 10:30 UTC

Description: New Azure rules. A complete list can be found here.

Case ID: CNAPP-11444
Known limitations: N/A 
Affected Components: CDR RULESETS

 

Deployment September 4, 2024

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: New rules for AWS, Azure, GCP, and OCI. A complete list can be found here.

Case ID: CNAPP-11462, DFT-4130, DFT-4043, DFT-4097,DFR-3689, DFR-3589
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature Azure Load Testing Load Test Entity - 10:00 UTC
Description: Added support for Azure Load Testing Load Test Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10962
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature GCP Cloud Workstations Entities - 10:00 UTC
Description: Added support for GCP Cloud Workstations Cluster & GCP Cloud Workstations config & GCP Cloud Workstations Workstation in Compliance Engine and Protected Assets.
Case ID: CNAPP-9495
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature GCP Cloud Billing Project Billing Info Entity - 10:00 UTC
Description: Added support for GCP Cloud Billing Project Billing Info in Compliance Engine and Protected Assets.
Case ID: CNAPP-6373
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature GCP Big Query Data Transfer Config Entity - 10:00 UTC
Description: Added support for GCP Big Query Data Transfer Config entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10952
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FIX Enforced access denied to insufficient permissions for Ruleset and Policies in UI and API - 10:30 UTC

Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team

Case ID: CNAPP-11489, CNAPP-11491, DFT-3786, DFT-2535
Known limitations: Users or Roles who had only access to specific environments and did not have permissions to either Rules and Ruleset, Manage Alert or Policy will no longer have view permissions.

Previously, access to view the Ruleset and Policy was enabled by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the ‘CloudGuard Resources’ permission to a role if it includes specific organizational units or environments within the "manage" or "view" resources sections.

 

Affected Components: UI COMplaince engine complaince rulesets

feature AWS Backup Plan Entity - 11:00 UTC
Description: Added support for AWS Backup plan in Compliance Engine and Protected Assets.
Case ID: CNAPP-11219
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed UI | Dashboard | Entity Type incorrect when filtering - 12:30 UTC
Description: Fix filter to display correctly security groups

**This update will not automatically migrate existing configurations
This is particularly relevant if you are using the 'Entity Type' filter in your widgets of Source: 'Alerts'

Update the 'Entity Type' filter according to your current needs

image-20240904-151017.png
Case ID: DFT-4042
Known limitations: N/A
Affected Components: ui

 

Deployment September 3, 2024

FIX Enforced access denied to insufficient permissions for Remediation and Exclusions in UI - 10:30 UTC

Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team

Case ID: CNAPP-11494, DFT-3786, DFT-2535
Known limitations: Users or Roles who had only access to specific environments and did not have permissions to ‘Manage Alert’ will no longer have view permissions.

Previously, access to view the Remediation and Exclusions was enabled by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the ‘CloudGuard Resources’ permission to a role if it includes specific organizational units or environments within the "manage" or "view" resources sections.

 

Affected Components: UI

Deployment September 2, 2024

FIX Enforced access denied to insufficient permissions for Notifications and Integrations in UI and API - 10:30 UTC

Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team

Case ID: CNAPP-11490, CNAPP-11488, DFT-3786, DFT-2535
Known limitations: Users or Roles which had access only to specific environments and did not have permissions to the Notification or Policy will no longer have view permissions.

Previously, access to view the Notification and Integrations was enabled by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the ‘CloudGuard Resources’ permission to a role if it includes specific organizational units or environments within the "manage" or "view" resources sections.

Affected Components: UI COMplaince engine complaince rulesets

feature GCP Batch Job Entity - 07:00 UTC
Description: Added support for GCP Batch Job Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10937
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Code Security Detectors Update - 10:30 UTC

Description: New detectors. A complete list can be found here.

Case ID: DFR-3673
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

feature GCP Certificate Authority Service Entities - 15:00 UTC
Description: Added support for GCP Ca Service Ca Pool & GCP Ca Service Certificate Authority & GCP Ca Service Certificate & GCP Ca Service Certificate Template & GCP Ca Service Certificate Revocation List in Compliance Engine and Protected Assets.
Case ID: CNAPP-9277
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AZURE Hybride Compute Machine Entity - 15:00 UTC
Description: Added support for AZUR Hybride Compute Machine Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10916
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

Deployment September 1, 2024

feature Azure Kubernetes Fleet Manager Fleet Entity - 14:00 UTC
Description: Added support for Azure Kubernetes Fleet Manager Fleet Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10947
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature GCP Cloud Build Entities - 14:15 UTC
Description: Added support for GCP Cloud Build Build Trigger & GCP Cloud Build Worker Pool in Compliance Engine and Protected Assets.
Case ID: CNAPP-9265
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS