November 2024

status:Improvement Compliance Rulesets Update - 11:30 UTC
Description: New Ruleset: AWS AI Best Practice Ruleset, Azure AI Best Practice Ruleset, GCP AI Best Practice Ruleset; New rules for Alibaba, AWS and Azure. A complete list can be found here.
Case ID: CNAPP-13816
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Improvement Toxic Combination CVE information - 8:00 UTC
Description: Added some extra information of each CVE in the Vulnerabilities toxic combination issue.
Case ID: CNAPP-13676
Known limitations: N/A
Affected Components: status:Toxic Combinations

status:Feature AWS Supply Chain Instance Entity - 09:55 UTC
Description: Added support for AWS Supply Chain Instance Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-13160
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS Textract new Entities - 09:55 UTC
Description: Added support for AWS Textract Adapter & Textract Adapter Version Entities in Compliance Engine and Protected Assets.
Case ID: DFR-3881
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT AWS Kendra Index New properties - 15:30 UTC
Description: Added support for a new properties in AWS Kendra Index - ‘DataSourse’ Compliance Engine.
Case ID: DFR-3810
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:API

status:Improvement Event Asset Card - 14:00 UTC
Description: The asset card will have data for the entity even if the entity is not found in the protected assets list (e.g. AWS IAM) .
Case ID: CNAPP-12783, DFT-4348
Known limitations: N/A
Affected Components: status:Events

status:Feature AWS Trusted Advisor Check Entity - 17:40 UTC
Description: Added support for AWS Trusted Advisor Check Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-13403
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Alibaba SAS Instance Entity - 17:40 UTC
Description: Added support for Alibaba SAS (simple application server) Instance entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12553
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT Azure Snapshot Entity - 17:40 UTC
Description: Added support for a new Azure Snapshot Entity and API and Protected Assets Fields imageReferenceId & galleryImageReferenceId & sourceResourceId in Compliance Engine.
Case ID: DFR-3137
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:API

status:IMPROVEMENT GCP CloudNAT Gateway Entity - 17:40 UTC
Description: Added support for GCP CloudNAT Gateway Entity in Compliance Engine and Protected Assets.
Case ID: DFR-3806
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS

status:Feature AWS Device Farm Project entity - 17:40 UTC
Description: Added support for a new Aws Device Farm Project in Compliance Engine.
Case ID: CNAPP-13502
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Improvement Compliance Rulesets Update - 09:40 UTC
Description: New Ruleset: AWS FISC, Azure FISC; New rules for AZURE, GCP, Alibaba, AWS. A complete list can be found here.
Case ID: CNAPP-13710, DFR-3867, DFR-3876
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Feature Alibaba NAT Gateway Entity - 15:00 UTC
Description: Added support for Alibaba NAT Gateway Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12596
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIX Exposure Dashboard Links - 15:00 UTC
Description: Exposure Dashboard links will not propagate the filter to the target page.
Case ID: CNAPP-12754, DFT-4142
Known limitations:
Affected Components: status:Dashboard status:External exposure

status:IMPROVEMENT Helm 2.33.1: Fixed Flow Logs agents deployment on ARM64 nodes

Description:

• Fixed Flow Logs agents deployment on ARM64 nodes

Case ID: CON-10530
Known limitations: N/A
Affected Components: CloudGuard Workload Protection agents

status:IMPROVEMENT Toxic Combination Update - 21:00 UTC

Description: New Rules

Publicly exposed virtual machine with PII data and a network vulnerability
Publicly exposed virtual machine with PHI data and a network vulnerability
Publicly exposed virtual machine with PCI data and a network vulnerability
Publicly exposed virtual machine with credentials data and a network vulnerability

Case ID: CNAPP-13089
Known limitations: N/A 
Affected Components: status:Toxic Combination Rules

status:IMPROVEMENT OCI StorageBucket properties - 6:59 UTC
Description: Added support for “objectEventsEnabled” and “versioning” properties in OCI StorageBucket entity.
Case ID: DFT-4386
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS

status:FIXED Risk Management - Network Exposure - 09:30 UTC

Description: Fixed an issue with the Auth Level check of Azure FunctionApp when analyzing the Network Exposure.
Case ID: CNAPP-13677
Known limitations: N/A 
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:IMPROVEMENT Azure Storage Account new properties - 11:30 UTC
Description: Added the ‘SasPolicy’ and 'containerSoftDeleteEnabled' fields to support Storage Account.
Case ID: DFR-3163, DFR-2099
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS

status:IMPROVEMENT Azure Disk API Support And PA Fields - 11:30 UTC
Description: Added support for a new Azure Disk API and PA Fields imageReferenceId & galleryImageReferenceId & sourceResourceId in Compliance Engine.
Case ID: DFR-3137
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS

status:IMPROVEMENT AWS EC2 Instance new properties - 11:30 UTC
Description: Added support for a new properties in Aws EC2 Instance - “WindowIds” and “maintenanceWindowTask” in Compliance Engine.
Case ID: DFR-3918
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS

status:Improvement Compliance Rulesets Update - 12:00 UTC
Description: New rules for Alibaba. A complete list can be found here.
Case ID: CNAPP-13500, DFT-4484, DFT-4437, DFT-4421
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:IMPROVEMENT Azure API Management New properties - 11:30 UTC
Description: Added the ‘Policies’ and 'Portal Configs' fields to support Api Management.
Case ID: DFR-3850
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Alibaba Resource Orchestration Service Entities - 11:30 UTC
Description: Added support for Alibaba ROSStack and ROSStackGroup entities in Compliance Engine and Protected Assets.
Case ID: CNAPP-12231
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Alibaba Simple Message Entities - 11:30 UTC
Description: Added support for Alibaba SimpleMessageQueueQueue and SimpleMessageQueueTopic in Compliance Engine and Protected Assets.
Case ID: CNAPP-11713
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS AppStream2 Directory Config entity- 11:30 UTC
Description: Added support for AWS AppStream2 Directory Config entity in Compliance Engine and Protected Assets.
Case ID: DFR-3880
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS Alibaba PolarDB Entity - UTC 11:30
Description: Added support for Alibaba PolarDB Entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12222
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FEATURE Risk Management - Network Exposure - 12:30 UTC

Description: Network Exposure support for Azure Redis Cache. Available in Protected Assets and as part of the risk score calculation.
Case ID: CNAPP-12772
Known limitations: N/A 
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:IMPROVEMENT AWS Account Update properties - 15:30 UTC
Description: Fix support for a status and joinedMethod properties in AWS Account in Compliance Engine.
Case ID: DFT-4470
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:Improvement Compliance Rulesets Update - 09:58 UTC
Description: New rules for AWS, AZURE, GCP. A complete list can be found here.
Case ID: CNAPP-13252, DFT-4418, DFT-4326, DFT-4314
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FEATURE Risk Management - Network Exposure - 15:00 UTC

Description: Network Exposure support for Azure Storage Blob Container. Available in Protected Assets and as part of the risk score calculation.
Case ID: CNAPP-12514
Known limitations: N/A 
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:IMPROVEMENT Intelligence Rulesets Update - 14:30 UTC

Description: Content updates, enrichment and bug fixes. A complete list can be found here.

Case ID: CNAPP-12716
Known limitations: N/A 
Affected Components: status:INTELLIGENCE RULESETS

status:IMPROVEMENT Exclude Azure VDI VM's from billable assets - 08:00 UTC
Description: Exclude Azure virtual machines of type VDI from billable assets.
Case ID: DFR-3841
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT AWS App Sync new property - 13:00 UTC
Description: Added support for a new property in Aws App Sync - “appSyncDescription” in Compliance Engine.
Case ID: DFR-3814
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT Azure Databrick Workspace new property - 13:00 UTC
Description: Added support for a new property in Azure Databrick Workspace - “publicNetworkAccess” in Compliance Engine.
Case ID: DFR-3539
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS