September 2024
Deployment September 30, 2024
IMPROVEMENT Intelligence Rulesets Update - 09:30 UTC
Description: Updating Intelligence rules.
Case ID: CNAPP-11903, DFT-4242
Known limitations: N/A
Affected Components: Intelligence RULESETS
Deployment September 29, 2024
IMPROVEMENT AWS AppSync - 07:30 UTC
Description: Added new fields support for AWS AppSync entity:
ApiType , Dns, EnhancedMetricsConfig, IntrospectionConfig, MergedApiExecutionRoleArn, Owner, OwnerContact,QueryDepthLimit , ResolverCountLimit , Visibility
Case ID: DFT-4203
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature GCP Cloud tasks Queue entity - 9:40 UTC
Description: Added support for GCP Cloud Tasks Queue entity in compliance and protected assets.
Case ID: CNAPP-11583
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
fixed GSL Entities incorrect time issue - 11:00 UTC
Description: Resolved an issue that resulted in incorrect time value assignments.
Case ID: CNAPP-12246
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS
Deployment September 26, 2024
Feature CDR Events tab in Protected Asset page - 08:00 UTC
Description: The CDR Events list for a particular protected asset is now visible within that protected asset’s page as a new tab.
Case ID: CNAPP-11413
Known limitations:
Affected Components: UI PROTECTED ASSETS
Deployment September 25, 2024
Feature AWS Network Manager Core Network Entity - 13:00 UTC
Description: Added support for AWS Network Manager Core Network in Compliance Engine and Protected Assets.
Case ID: CNAPP-11191
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature AWS Comprehend Medical Detection V2 Job Entity - 13:00 UTC
Description: Added support for AWS Comprehend Medical Detection V2 Job entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11596
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature AWS Rekognition Project Entity - 13:00 UTC
Description: Added support for AWS Rekognition Project entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11223
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature AWS Lex V2 Bot Entity - 13:00 UTC
Description: Added support for AWS Lex V2 Bot entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10960
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature GCP Transcoder entities - 13:00 UTC
Description: Added support for GCP Transcoder Job & Job Template entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-11257
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature AWS Clean Room Membership Entity - 13:00 UTC
Description: Added support for AWS Clean Room Membership entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10899
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature Azure Red Hat Open Shift Cluster Entity - 13:30 UTC
Description: Added support for Azure Red Hat Open Shift Cluster Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10956
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Toxic Combination Update - 17:00 UTC
Description: New Rules
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability (CVE-2023-3519) was detected on a virtual machine
Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability (CVE-2023-3519) was detected on a container workload
VMware ESXi OpenSLP Heap Overflow Vulnerability (CVE-2021-21974) was detected on a virtual machine
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (CVE-2021-38647) was detected on a virtual machine
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability (CVE-2021-38647) was detected on a container workload
HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) was detected on a virtual machine
HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) was detected on a container workload
HTTP/2 Rapid Reset Attack Vulnerability (CVE-2023-44487) was detected on a serverless function
Case ID: CNAPP-11475, CNAPP-11476, CNAPP-11692, CNAPP-11956
Known limitations: N/A
Affected Components: Toxic Combination Rules
Deployment September 24, 2024
IMPROVEMENT Compliance Rulesets Update - 9:00 UTC
Description: New rules for AWS and Azure. A complete list can be found here.
Case ID: CNAPP-12129, DFR-3772, DFT-4220
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
fixed UI | Notification page - 403 toasters from Serverless policies - 18:25 UTC
Description: notification page permission validation for serverless was updated to take into account the new permission
Case ID: DFT-4241
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
fixed UI | Exclusions : Rules are not ticked in the Edit Exclusion - 13:00 UTC
Description: Fix the issue the rules weren’t ticked when editing an exclusion
Case ID: DFT-3926
Known limitations: N/A
Affected Components: ui
fixed GSL Buider : Search box dissapears when searching passed entities. - 13:00 UTC
Description: Fix the issue that search box disappears in GSL builder
Case ID: DFT-4092
Known limitations: N/A
Affected Components: ui
Deployment September 23, 2024
fixed Notifications | Cannot delete notifications get 403 - 14:25 UTC
Description: v2/serverless/policy was updated with the correct permissions, added view and manage permissions CloudGuard Resources.
Case ID: DFT-4244
Known limitations: N/A
Affected Components: ui COMPLIANCE ENGINE
fixed Bug Fix - Notification Jira test button disabled - 13:05 UTC
Description: Test button under the Jira selection was appearing as disabled with an incorrect message.
Case ID: CNAPP-12266
Known limitations: N/A
Affected Components: ui
fixed CloudGuard SSO/JIT authentication | No linked role/group – No existing user | able to authenticate on CloudGuard instead of having a permission denied message - 13:05 UTC
Description: Users without permission will see a permission denied page when trying to access CloudGuard UI
Case ID: DFT-2535, DFT-3786
Known limitations: N/A
Affected Components: ui
Deployment September 22, 2024
IMPROVEMENT Azure Subnet new property - 13:00 UTC
Description: Added the ‘Address Ranges’ field to support subnets that have both IPV4 and IPv6 ranges in Azure Subnet entity.
Case ID: DFT-4147
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS api
IMPROVEMENT Azure Service Bus new properties - 13:00 UTC
Description: Added support for the following fields in Azure Service Bus - privateEndpointConnections and publicNetworkAccess.
Case ID: DFR-3676 & DFR-3685
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature AWS Cloud Map Entities - 13:00 UTC
Description: Added support for AWS Cloud Map Namespace and Cloud Map Service in Compliance Engine and Protected Assets.
Case ID: CNAPP-11545
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature AWS SSM Association Entity - 13:00 UTC
Description: Added support for AWS SSM Association Entity in Compliance Engine and Protected Assets.
Case ID: DFR-3771
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature AWS Kendra Index Entity - 13:00 UTC
Description: Added support for AWS Kendra Index Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10954
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT GCP Subnet new property - 13:00 UTC
Description: Added the ‘Purpose’ field to GCP Subnet entity.
Case ID: DFR-3588
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS api
Feature GCP ReCAPTCHA Key Entity - 13:00 UTC
Description: Added support for GCP ReCAPTCHA Key Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11229
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT AWS CodeStarProject & CodeStarUserProfile Deprecated Entities - 13:00 UTC
Description: Remove support for CodeStarProject & CodeStarUserProfile Deprecated Entities.
Case ID: CNAPP-11382
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature GCP Backup for GKE entities - 13:00 UTC
Description: Added support for GCP Backup for GKE Backup & Backup Plan & Restore in Compliance Engine and Protected Assets.
Case ID: CNAPP-11470
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Feature GCP Certificate Manager entities - 13:00 UTC
Description: Added support for GCP Certificate Manager Certificate & Certificate Issuance Config & Certificate Map & Dns Authorization & Trust Config in Compliance Engine and Protected Assets.
Case ID: CNAPP-11972
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment September 19, 2024
Feature Helm 2.32.0- 8:05 UTC
Description: ARM64 support, credentials update improvement
ARM64 support: ARM64 support is now available for all agents, except Runtime Protection blade and Shiftleft environment
ECS scanner: supporting customer certificates for Container Registries scan from ECS via CG_REG_CA_CERTIFICATE environment variable
Labels Unification: standardized labeling across all components
Agents restart on credential change: all agents will be restarted when credentials or cluster ID is updated
Telemetry Enhancements
Agents versions
Inventory 1.15.0
Image Assurance 2.36.0
Admission Control: Enforcer 2.13.0, Policy 1.9.0
Runtime Policy 1.9.0
Flow Logs (Intelligence) 0.15.0
Affected Components: CloudGuard Workload Protection agents
Case ID: CON-9935
Known limitations: N/A
Affected Components: COntainers
Deployment September 19, 2024
IMPROVEMENT New “Toxic Combinations” section in Risk Management - 8:00 UTC
Description: Risk Management Toxic Combinations feature is now available for all the customers.
The feature includes four main areas:
Issues - Where you can see the list of all the toxic combinations in your account.
Exclusions - Where you can manage the exclusions for the toxic combinations list
Security Controls - Similar to “Rules” but for Toxic Combination issues
Actions Hub - Where you can add notification for Toxic Combinations.
Affected Components: UI
IMPROVEMENT Bug fixes and UI improvements - 16:00 UTC
Description: Various bug fixes and improvements throughout the system such as:
Fixed issue where Protected Assets table in Risk Management would revert to original column order when filter was applied
Numerous adjustments to the Reports template creating dialog
Various UI adjustments
etc…
Affected Components: UI
Deployment September 18, 2024
fixed AWS IAM User - 8:05 UTC
Description: Fixed root account’s ‘passwordEnabled' property value for cloud accounts with inactive fetching.
Case ID: DFT-4148
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
IMPROVEMENT New “All Events” page - 10:05 UTC
Description: New all events page that includes all findings events
Affected Components: UI
IMPROVEMENT Compliance Rulesets Update - 12:00 UTC
Description: Description: New Ruleset China Cybersecurity Law for all the supported CSPs; New Ruleset COBIT 2019 for all the supported CSPs; New Ruleset IEC 62443-4-2 for all the supported CSPs; New Ruleset ISO 42001 for Alibaba, AWS, Azure & GCP; New Ruleset ISO/SAE 21434 for all the supported CSPs; New Ruleset NIST 800-160 for all the supported CSPs; New Ruleset NIST 800-161rev1 for all the supported CSPs; New Ruleset NIST 800-207 for all the supported CSPs; New Ruleset NIST 800-218 for all the supported CSPs; New Ruleset NIST 800-37rev2 for all the supported CSPs; New Ruleset NIST AI RMF for all the supported CSPs; New Ruleset NIST Privacy Framework v1 for all the supported CSPs; New Ruleset NIST SP 800-171rev3 for all the supported CSPs; New Ruleset NIST SP 800-171Arev3 for all the supported CSPs; New Ruleset OWASP Top-10 v2021 for all the supported CSPs; New Ruleset SCF-Z (Zero Trust) for all the supported CSPs; New Ruleset Shared Assessments SIG 2024 for all the supported CSPs; New Ruleset Spanish Royal Decree 311/2022 for all the supported CSPs; New Ruleset TISAX ISA for all the supported CSPs; New Ruleset UK Cyber Essentials for all the supported CSPs; New rules for AWS and GCP. A complete list can be found here.
Case ID: CNAPP-11906, DFR-3768, DFR-3770, DFR-3773, DFR-3774, DFR-3775
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Deployment September 17, 2024
FIX Font size in the Context Graph is now readable on all zoom levels - 8:45 UTC
Description: The font size in the Context Graph is now readable for all the zoom levels. You no longer need to zoom in to read the captions.
Case ID: CNAPP-11927
Known limitations: N/A
Affected Components: ui
feature AWS Route 53 Application Recovery Controller Entities - 15:00 UTC
Description: Added support for Route 53 Control Panel & Route 53 Routing Control Entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-11552
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature AWS Artifact Report entity - 15:00 UTC
Description: Added support for AWS Artifact Report entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11251
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature AWS Payment Cryptography Key entity - 15:00 UTC
Description: Added support for AWS Payment Cryptography Key Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11573
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature AWS Data Zone Domain entity - 15:00 UTC
Description: Added support for AWS Data Zone Domain Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10914
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment September 16, 2024
IMPROVEMENT CDR Rulesets Update - 15:00 UTC
Description: Updating rules. A complete list can be found here.
Case ID: CNAPP-10865
Known limitations: N/A
Affected Components: CDR RULESETS
feature - New 'Code Security Access' Permissions: Enhanced Granularity in Access Control to Code Security Resources -12:00 UTC
Description: We're excited to announce the addition of new "Code Security Resources" permissions! This update allows for more granular control when assigning permissions to Code Security Admin or Member Access to a User or a Role.
Before, the member permission was included to all users by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the permission to a User or a User Role under the 'manage resources' parameter in the Permissions sections of the Users direct permission or Role.
To assign these new permissions:
Admins can add them directly to a user’s permissions.
Alternatively, admins can assign these permissions as part of a user role.
Case ID:
Known limitations: N/A
Affected Components: UI COMplaince engine complaince rulesets
Deployment September 15, 2024
IMPROVEMENT Azure Missing Permissions - 8:45 UTC
Description:
Improved Error Summarization: Permissions errors are now summarized to provide customers with the exact permission error, rather than the entire error log.
Case ID: CNAPP-11824
Known limitations: N/A
Affected Components: ui fetchers
IMPROVEMENT GCP Disk & Virtual Machine - 8:10 UTC
Description:
Protected Assets API:
GCP Disk: Added the additionalFields[].sourceImage property for enhanced functionality.
GoogleCloudVMInstance API:
Introduced the sourceMachineImage property to improve instance configuration.
Corrected the paths for the following properties:
disks[].DiskName to disks[].initializeParams.DiskName
disks[].DiskSizeGb to disks[].initializeParams.DiskSizeGb
disks[].DiskType to disks[].initializeParams.DiskType
disks[].SourceImage to disks[].initializeParams.SourceImage
Case ID: DFR-3132, DFR-3134
Known limitations: N/A
Affected Components: api PROTECTED ASSETS
Deployment September 12, 2024
fixed GSL Builder issue - 15:30 UTC
Description: Fix the issue where some properties weren’t populated
Case ID: DFT-3928
Known limitations: N/A
Affected Components: ui
Deployment September 11, 2024
feature AWS EMR Studio Entity - 11:30 UTC
Description: Added support for AWS EMR Studio Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11654
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature - New 'CloudGuard Resources' Permissions: Enhanced Granularity in Access Control to all CloudGuard Resources -12:00 UTC
Description: We're excited to announce the addition of new "View/Manage CloudGuard Resources" permissions! This update allows for more granular control when assigning permissions across all CloudGuard Resources. Users can now be granted separate view or manage access to key resources including Notifications, Integrations, Rulesets, Rules, Policies, Remediation, and Exclusions.
Before, the view permission was included to all users by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the permission to a User or a User Role under the 'view resources' parameter in the Permissions sections of the Users direct permission or Role.
To assign these new permissions:
Admins can add them directly to a user’s permissions.
Alternatively, admins can assign these permissions as part of a user role.
Case ID: DFT-4174, CNAPP-11850, CNAPP-11898, DFT-4175
Known limitations: N/A
Affected Components: UI COMplaince engine complaince rulesets
Deployment September 10, 2024
FIX Fixed issue where Toxic Combination filter could not be saved - 10:30 UTC
Description: It is now possible to save the filter.
Case ID: DFT-4082, CNAPP-11679
Known limitations: N/A
Affected Components: RIsk management
feature AWS CodeGuru Scan Entity - 11:00 UTC
Description: Added support for AWS CodeGuru Scan in Compliance Engine and Protected Assets.
Case ID: CNAPP-10945
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Improvement Added the ability to navigate to a child asset in Toxic Combination information panel - 12:30 UTC
Description: If you have an asset that has child assets (e.g. Auto Scaling Group) it is now possible to navigate to a particular child asset from the information panel.
Case ID: CNAPP-11685
Known limitations: N/A
Affected Components: RIsk management
feature GCP Speech To Text Entities - 14:00 UTC
Description: Added support for GCP Text To Speech Custom class & GCP Text To Speech Phrase Set in Compliance Engine and Protected Assets.
Case ID: CNAPP-9491
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
IMPROVEMENT Toxic Combination Update - 15:30 UTC
Description: New Rules
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) was detected on a virtual machine
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) was detected on a container workload
Case ID: CNAPP-11425
Known limitations: N/A
Affected Components: Toxic Combination Rules
Deployment September 9, 2024
FIX Enforced access denied to insufficient permissions for Billing Information and Account ID for users with no permissions in UI - 10:30 UTC
Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team
Case ID: CNAPP-11490, DFT-3786, DFT-2535
Known limitations: Users or Roles who had no permissions specified will no longer have view permissions to billing information or the account ID under the Account Page.
Affected Components: UI
FEATURE AWP | Support AWS org onboarding with Centralized mode - 10:30 UTC
Description: AWS org onboarding now supports AWP in a centralized mode.
Case ID: AL-2376
Known limitations: N/A
Affected Components: AWP
fixed Dashboard | Incorrect alerts for time range 'custom' - 10:00 UTC
Description: Fix custom date range for widget with source 'Alerts'
Case ID: DFT-3898
Known limitations: N/A
Affected Components: ui
Deployment September 8, 2024
FEATURE Package License GSL - 10:30 UTC
Description: New SbomPackage GLS entity available for querying licenses and package managers under Workload Vulnerability GSL
Case ID: CON-9299
Known limitations: N/A
Affected Components: CONTAINERS
Deployment September 5, 2024
IMPROVEMENT CDR Rulesets Update - 10:30 UTC
Description: New Azure rules. A complete list can be found here.
Case ID: CNAPP-11444
Known limitations: N/A
Affected Components: CDR RULESETS
Deployment September 4, 2024
feature Azure Load Testing Load Test Entity - 10:00 UTC
Description: Added support for Azure Load Testing Load Test Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10962
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature GCP Cloud Workstations Entities - 10:00 UTC
Description: Added support for GCP Cloud Workstations Cluster & GCP Cloud Workstations config & GCP Cloud Workstations Workstation in Compliance Engine and Protected Assets.
Case ID: CNAPP-9495
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature GCP Cloud Billing Project Billing Info Entity - 10:00 UTC
Description: Added support for GCP Cloud Billing Project Billing Info in Compliance Engine and Protected Assets.
Case ID: CNAPP-6373
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature GCP Big Query Data Transfer Config Entity - 10:00 UTC
Description: Added support for GCP Big Query Data Transfer Config entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10952
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
FIX Enforced access denied to insufficient permissions for Ruleset and Policies in UI and API - 10:30 UTC
Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team
Case ID: CNAPP-11489, CNAPP-11491, DFT-3786, DFT-2535
Known limitations: Users or Roles who had only access to specific environments and did not have permissions to either Rules and Ruleset, Manage Alert or Policy will no longer have view permissions.
Previously, access to view the Ruleset and Policy was enabled by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the ‘CloudGuard Resources’ permission to a role if it includes specific organizational units or environments within the "manage" or "view" resources sections.
Affected Components: UI COMplaince engine complaince rulesets
feature AWS Backup Plan Entity - 11:00 UTC
Description: Added support for AWS Backup plan in Compliance Engine and Protected Assets.
Case ID: CNAPP-11219
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
fixed UI | Dashboard | Entity Type incorrect when filtering - 12:30 UTC
Description: Fix filter to display correctly security groups
**This update will not automatically migrate existing configurations
This is particularly relevant if you are using the 'Entity Type' filter in your widgets of Source: 'Alerts'
Update the 'Entity Type' filter according to your current needs
Case ID: DFT-4042
Known limitations: N/A
Affected Components: ui
Deployment September 3, 2024
FIX Enforced access denied to insufficient permissions for Remediation and Exclusions in UI - 10:30 UTC
Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team
Case ID: CNAPP-11494, DFT-3786, DFT-2535
Known limitations: Users or Roles who had only access to specific environments and did not have permissions to ‘Manage Alert’ will no longer have view permissions.
Previously, access to view the Remediation and Exclusions was enabled by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the ‘CloudGuard Resources’ permission to a role if it includes specific organizational units or environments within the "manage" or "view" resources sections.
Affected Components: UI
Deployment September 2, 2024
FIX Enforced access denied to insufficient permissions for Notifications and Integrations in UI and API - 10:30 UTC
Description: We have successfully fixed an issue that was causing unauthorized users to gain access to CloudGuard resources. As a result of this fix, users who may have had access prior to the update may now notice they are unable to view certain resources. To ensure appropriate access, please contact your administrator and request to have the relevant CloudGuard resources added to your user permissions, if required. We appreciate your understanding and cooperation. If you have any further questions or need assistance, please reach out to our support team
Case ID: CNAPP-11490, CNAPP-11488, DFT-3786, DFT-2535
Known limitations: Users or Roles which had access only to specific environments and did not have permissions to the Notification or Policy will no longer have view permissions.
Previously, access to view the Notification and Integrations was enabled by default. However, the default behavior has now changed. To grant this permission, an Admin must be explicitly added the ‘CloudGuard Resources’ permission to a role if it includes specific organizational units or environments within the "manage" or "view" resources sections.
Affected Components: UI COMplaince engine complaince rulesets
feature GCP Batch Job Entity - 07:00 UTC
Description: Added support for GCP Batch Job Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10937
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature GCP Certificate Authority Service Entities - 15:00 UTC
Description: Added support for GCP Ca Service Ca Pool & GCP Ca Service Certificate Authority & GCP Ca Service Certificate & GCP Ca Service Certificate Template & GCP Ca Service Certificate Revocation List in Compliance Engine and Protected Assets.
Case ID: CNAPP-9277
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature AZURE Hybride Compute Machine Entity - 15:00 UTC
Description: Added support for AZUR Hybride Compute Machine Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10916
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
Deployment September 1, 2024
feature Azure Kubernetes Fleet Manager Fleet Entity - 14:00 UTC
Description: Added support for Azure Kubernetes Fleet Manager Fleet Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-10947
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS
feature GCP Cloud Build Entities - 14:15 UTC
Description: Added support for GCP Cloud Build Build Trigger & GCP Cloud Build Worker Pool in Compliance Engine and Protected Assets.
Case ID: CNAPP-9265
Known limitations:
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS