Release Notes

status:Improvement Compliance Rulesets Update - 10:00 UTC
Description: General maintenance and content updates. FISC v12 rulesets for AWS and Azure.
Case ID: CNAPP-15126, DFR-4078
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Improvement Azure Front Door - 14:00 UTC
Description: Added support for Front Door secrets and origin Groups properties in compliance engine and protected assets.
Case ID: CNAPP-14577
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS status:FETCHERS status:PROTECTED ASSETS

status:Improvement AWS new regions support - 12:30 UTC
Description: Added support for 3 new AWS Regions: mx_central_1, ap_southeast_5, ap_southeast_7 - across all AWS entities.
Case ID: CNAPP-15014
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS status:FETCHERS status:PROTECTED ASSETS

status:FEATURE Azure Data Factory - 16:00 UTC
Description: Added support for the following properties for the Data Factory entity in Compliance Engine and Protected Assets: GitConfigurations, DataFactoryV2IntegrationRuntime, privateLinkServiceConnectionState, PurviewConfiguration.
Case ID: CNAPP-14566
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED AWS RDS DB Cluster - 14:00 UTC
Description: Fixed an issue that caused the tags of the Aws RDSDBCluster Entity’s tags to incorrectly show as empty.
Case ID: DFT-4965
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:PROTECTED ASSETS

status:FIXED AWS S3 Bucket - 18:30 UTC
Description: Added support to new AWS regions, so that S3 bucket will not get missing policy statement, and will show all correct data.
Case ID: DFT-4894
Known Limitations: N/A
Affected Components: status:FETCHERS

status:Improvement Compliance Rulesets Update - 10:00 UTC
Description: General maintenance and content updates. Azure CloudGuard Best Practices ruleset Japanese translation. A complete list can be found here.
Case ID: CNAPP-15819, CNAPP-16099, DFT-4881, DFT-4967
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FEATURE AWS Fin Space Kx Environment - 16:00 UTC
Description: Added support for AWS Fin Space Kx Environment entity in compliance engine and protected assets.
Case ID: DFR-4144
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Improvement Compliance Rulesets Update - 12:30 UTC
Description: General maintenance and content updates. A complete list can be found here.
Case ID: CNAPP-15673, CNAPP-15693, CNAPP-15694, CNAPP-15695, CNAPP-16050, CNAPP-16075, DFT-4942, DFT-4957
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FIXED AWS Secret Manager - 14:00 UTC
Description: Fixed an issue where the AWS Secret Manager Entities got cut off while fetching because of a limit on the results.
Case ID: DFT-4938
Known Limitations: N/A
Affected Components: status:FETCHERS

status:Improvement AWS Access Analyzer Finding - 16:00 UTC
Description: Expose AWS Access Analyzer Finding in GSL and Protected Assets.
Case ID: DFR-3557
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FIXED AWS Application & Network Load Balancer - 10:30 UTC
Description: Fixed get by id API call.
Case ID: DFT-4812, DFT-4930
Known Limitations: N/A
Affected Components: status:api

status:Improvement Compliance Rulesets Update - 14:30 UTC
Description: General maintenance and content updates. A complete list can be found here.
Case ID: CNAPP-15933, CNAPP-16043, DFT-4939
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:IMPROVEMENT AWS Account Alias - 13:00 UTC
Description: Added support for AWS Account Alias in Compliance Engine: For the RDSDBCluster, S3Bucket and DynamoDbTable.
Case ID: DFT-4794
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:Improvement Compliance Rulesets Update - 11:30 UTC
Description: General maintenance and content updates. A complete list can be found here.
Case ID: CNAPP-15945, DFT-4903, DFT-4923
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:IMPROVEMENT AWS Ebs Snapshot - 16:00 UTC
Description: Improved performance for AWS Ebs Snapshot in compliance engine.
Case ID: DFT-4794
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:IMPROVEMENT AWS Region - 14:30 UTC
Description: Added support for AutomatedDiscoveryAccount in macieAutomatedDiscoveryConfiguration property in AWS Region.
Case ID: DFR-3766
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED Protected Assets Export By Email Timeout - 10:30 UTC
Description: Protected assets export by email got timeout for large exports but the email was sent, now the timeout is fixed.
Case ID: DFT-4815
Known Limitations: N/A
Affected Components: status:api

status:FIXED OCI Entities - 07:30 UTC
Description: Resolved an issue that caused non-used services exceptions to be caught as permission issues.
Case ID: DFT-3298
Known Limitations: Existing false-positive permission issues should be resolved by "Reset Permissions".
Affected Components: status:FETCHERS

status:IMPROVEMENT Azure VNet - 14:30 UTC
Description: Added support for property “enableDdosProtection” for Azure VNet in Compliance engine & Protected Assets.
Case ID: DFR-4097
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED AWS Iam Policy - 14:30 UTC
Description: Fixed bug in “isAWSManaged” property in AWS Iam Policy.
Case ID: DFT-4776
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:PROTECTED ASSETS

status:IMPROVEMENT Azure Event Hub - 14:30 UTC
Description: Added support for property “minimumTlsVersion” for Azure Event Hub in Compliance engine & Protected Assets.
Case ID: DFR-4085
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Improvement Assessment History Export - 08:00 UTC
Description: Passed entities are now included as part of the assessment history export.
Case ID: DFT-4690, DFT-4772
Known limitations: N/A
Affected Components: status:ui

status:Improvement Compliance Rulesets Update - 08:00 UTC
Description: General maintenance and content updates. A complete list can be found here.
Case ID: CNAPP-15685, DFT-4799, DFT-4872, DFT-4888
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FIXED AWS FinSpaceEnvironment & FirewallManagerPolicy - 13:00 UTC
Description: Resolved an issue that caused some exceptions to be classified as permission issues, for AWS FinSpaceEnvironment and FirewallManagerPolicy entities.
Case ID: DFT-3242
Known Limitations: N/A
Affected Components: status:FETCHERS

status:Improvement Compliance Rulesets Update - 11:00 UTC
Description: General maintenance and content updates. A complete list can be found here.
Case ID: CNAPP-15821, DFR-4119, DFT-4799, DFT-4834
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:IMPROVEMENT AWS Configuration Setting, AWS Region - 14:00 UTC
Description: Added support for property “exclusionByResourceTypes” for AWS Configuration Setting and AWS Region in Compliance engine & Protected Assets.
Case ID: DFR-4033
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Improvement Compliance Rulesets Update - 07:30 UTC
Description: Content fixes and updates, including Azure Container Registry public access settings. A complete list can be found here.
Case ID: CNAPP-15770, DFT-4873
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Improvement Compliance Rulesets Update - 09:00 UTC
Description: Content fixes and updates, including Azure Storage Account infrastructure encryption setting, and Azure Databricks configuration parameters. A complete list can be found here.
Case ID: CNAPP-15469, CNAPP-15793, DFT-4818, DFT-4853
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Improvement Compliance Rulesets Update - 11:45 UTC
Description: Managed list update for ECS agent version tracking.
Case ID: CNAPP-15380, DFT-4805
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FIXED AWS Application Load Balancer - 10:50 UTC
Description: fixed the entity ID format in AWS Application Load Balancer, Network Load Balancer, and Gateway Load Balancer by replacing the Name field with ARN.
Case ID: DFT-4812
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Improvement Compliance Rulesets Update - 13:07 UTC
Description: New rules for Azure. A complete list can be found here.
Case ID: CNAPP-15623, DFT-4763, DFT-4781
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:ANNOUNCMENT AWS SsmParameter & SsmDocument Entities - 11:30 UTC
Description: Removed the ‘Beta’ tags in the GSL Builder from the following entities: SsmParameter, SsmDocument.
Case ID: CNAPP-14513
Known Limitations: N/A
Affected Components: status:UI

status:FEATURE AWA Sage Maker Inference - 13:30 UTC
Description: Added support for AWS Sage Maker Endpoint and Model in compliance engine and protected assets.
Case ID: CNAPP-14005
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT Azure Function App - 11:17 UTC
Description: Added new properties to Azure FunctionApp: keyVaultReferenceIdentity, virtualNetworkSubnetId, applicationSettings, backupInfo, diagnosticSettings , networkSecurityGroup.
Case ID: CNAPP-14601
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT GCP Cloud NAT Gateway - 10:30 UTC
Description: Added support for ‘NatType’ property in GCP Cloud NAT Gateway in compliance engine. Renamed ‘Type’ property to ‘NatType’ in nats at GCP Router.
Case ID: DFR-3811
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:FIXED Include "Azure users" in filtered results for high severity alerts - 16:30 UTC
Description: This update ensures comprehensive user data representation, enhancing monitoring and response capabilities..
Case ID: DFT-3443
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:Improvement Toxic Combination Update - 11:00 UTC
Description: New rules for AWS and Azure. A complete list can be found here.
Case ID: CNAPP-15425
Known limitations: N/A
Affected Components: status:Toxic Combination

status:IMPROVEMENT Azure ApplicationGateway - 14:30 UTC
Description: Added two new properties for Azure ApplicationGateway: privateLinkConfigurations, keyVaultSecretId
Case ID: CNAPP-14588
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:PROTECTED ASSETS

status:IMPROVEMENT AWS Region - 16:00 UTC
Description: Added properties for AWS Region: cloudFormationStackNames, ec2Settings
Case ID: DFR-3249, DFR-3537
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:IMPROVEMENT Azure Machine Learning Workspace - 14:30 UTC
Description: Added new property for Azure Machine Learning Workspace: Compute
Case ID: CNAPP-14014
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:FEATURE Azure Bot Service - 15:00 UTC
Description: Added support for Azure Bot Service entity in Protected Assets and compliance engine.
Case ID: CNAPP-14013
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIX CDR - Events- 15:00 UTC

Description: Fixed the issue where CDR events would not display correctly if filtered by OU.
Case ID: CNAPP-15311
Known limitations: N/A
Affected Components: status:CDR status:UI

status:FEATURE CDR - Dashboard - 15:00 UTC

Description: Brand new CDR dashboard in the CDR menu. Find all the important CDR related information in one place.
Case ID: CNAPP-15032
Known limitations: N/A
Affected Components: status:CDR status:UI

status:FEATURE Risk Management - Cloud Guard WAF integration - 13:30 UTC

Description: Added information about the benefits of Cloud Guard WAF integration to Risk Management dashboard and protected assets.
Case ID: CNAPP-14952
Known limitations: N/A
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS status:UI

status:FEATURE Risk Management - Risk Calculation - 13:30 UTC

Description: Released a new Risk Score formula that includes the addition of Toxic Combinations and Cloud Guard WAF protection.
Case ID: CNAPP-11728
Known limitations: N/A
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:FEATURE CIEM - Identical Identities - 12:00 UTC

Description: Identical identities dialog was added to AWS and Azure environments (within the environment page three dots menu).
Case ID: CNAPP-14952
Known limitations: N/A
Affected Components: status:CIEM status:UI

status:Improvement Compliance Rulesets Update - 10:06 UTC
Description: New Ruleset: AWS CIS Foundations v. 4.0.1, Azure Storage Services CIS Benchmark v1.0.0; New rules for AWS, AZURE. A complete list can be found here.
Case ID: CNAPP-15292
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Improvement Toxic Combination Update - 11:00 UTC
Description: New rules for AWS and Azure. A complete list can be found here.
Case ID: CNAPP-15297
Known limitations: N/A
Affected Components: status:Toxic Combination

status:IMPROVEMENT New Look - Settings > Email Notification Page - 8:00 UTC
Description: None
Case ID: CNAPP-15392
Known Limitations: N/A
Affected Components: status:UI

status:IMPROVEMENT UI > 3rd Party icon in Integration Configuration drawer size change - 14:30 UTC
Description: None
Case ID: CNAPP-13072
Known Limitations: N/A
Affected Components: status:UI

status:FIXED Fix MultiSelectListComponent (used in Policy Wizard & Email Notifications) - 15:00 UTC
Description: None
Case ID: CNAPP-15376
Known Limitations: N/A
Affected Components: status:UI

status:IMPROVEMENT Supported Missing Regions in OCI - 1:30 UTC
Description: Added support for previously unsupported regions.
Case ID: DFR-4101
Known Limitations: N/A
Affected Components: status:API status:FETCHERS

status:FEATURE Risk Management - IAM Sensitivity - 08:50 UTC

Description: IAM Sensitivity support for Azure Virtual Machine Scale Set.
Case ID: CNAPP-14917
Known limitations: N/A
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:Improvement CDR Rulesets Update - 13:00 UTC
Description: Content updates, enrichment and bug fixes. A complete list can be found here.
Case ID: CNAPP-15308, DFT-4647, DFT-4648
Known Limitations: N/A
Affected Components: status:INTELLIGENCE RULESETS

status:IMPROVEMENT Azure CognitiveServices Property - 16:30 UTC
Description: Added property to Azure CognitiveServices: Diagnostic Settings
Case ID: CNAPP-14599
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:Improvement Compliance Rulesets Update - 09:21 UTC
Description: New Ruleset: AWS Generative AI Best Practices Framework v2; New rules for AWS. A complete list can be found here.
Case ID: CNAPP-15160, DFT-4661
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Improvement Toxic Combination Update - 11:00 UTC
Description: New rules for AWS and Azure. A complete list can be found here.
Case ID: CNAPP-15199
Known limitations: N/A
Affected Components: status:Toxic Combination

status:FIXED UI | Cannot create policies for some rulesets in Japanese - 16:00 UTC
Description: UI | Cannot create policies for some rulesets in Japanese
Case ID: DFT-4399
Known Limitations: N/A
Affected Components: status:UI

status:IMPROVEMENT Azure DataBricksWorkspace Properties - 13:30 UTC
Description: Added properties to Azure DataBricksWorkspace: ManagedServices, ManagedServices
Case ID: CNAPP-14020
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:FIXED Added Missing Permission to Azure Manual Onboarding Instructions - 11:00 UTC
Description: Added Auditlog.Read.All to list of permissions that the user gets prompted to add when manually onboarding an Azure subscription.
Case ID: DFT-3824
Known Limitations: N/A
Affected Components: status:FETCHERS

status:FIXED AWS Macie - 12:30 UTC
Description: Resolved an issue where disabled service exceptions were incorrectly classified as permission errors.
Case ID: DFR-4076
Known Limitations: Previously misclassified exceptions should be reset using the 'Validate Permissions' function.
Affected Components: status:FETCHERS

status:IMPROVEMENT Removed system ruleset dependencies from home, AWS, Azure and GCP dashboards - 17:00 UTC
Description: Removed system rulesets filtering on specific widgets on the above dashboards and removed empty score widget.
Case ID: CNAPP-14873
Known Limitations: N/A
Affected Components: status:Compliance Engine

status:FIXED Fix rulesets filtering - 20:00 UTC
Description: Fix rulesets filtering
Case ID: CNAPP-15145
Known Limitations: N/A
Affected Components: status:UI

status:FEATURE Risk Management - Azure Virtual Machine Scale Set - 13:30 UTC

Description: Risk Management support for Azure VMSS.
Case ID: CNAPP-14915
Known limitations: Network Exposure and IAM Sensitivity information will be supported in future releases.
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:IMPROVEMENT Azure RedisCache DiagnosticSettings - 12:30 UTC
Description: Added new property for Azure RedisCache -DiagnosticSettings
Case ID: CNAPP-14592
Known Limitations: N/A
Affected Components: status:API status:COMPLIANCE ENGINE status:FETCHERS

status:FEATURE Alibaba Dedicated Host entities - 15:00 UTC
Description: Added support for Alibaba Dedicated Host entities.
Case ID: CNAPP-11638
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:PROTECTED ASSETS

status:IMPROVEMENT Azure Service Bus - 16:00 UTC
Description: Added support for a new property in Azure Service Bus - ‘encryption’ in Compliance Engine.
Case ID: CNAPP-14600
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:IMPROVEMENT GCP VMInstance new Property - 12:30 UTC
Description: Added support for a new property in GCP VMInstance - ‘DiskId’
Case ID: DFR-3671
Known Limitations: N/A
Affected Components: status:API status:COMPLIANCE ENGINE

status:Improvement Compliance Rulesets Update - 09:26 UTC
Description: New rules for AWS. A complete list can be found here.
Case ID: CNAPP-15002
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Improvement GCP onboarding process has been updated with a new design and flow - 13:30 UTC
Description: This update introduces several improvements and functionalities that simplify the onboarding journey for GCP accounts.
With several improvements and functionalities that simplify the onboarding journey for GCP accounts.
Case ID: CNAPP-12865
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:gcp

status:Improvement Update GCP Permissions using a Script - 13:30 UTC
Description: The process for updating GCP permissions has been enhanced to utilize a script-based approach.
This improvement streamlines the permissions configuration process, reduces manual effort, and ensures accuracy when managing GCP roles and permissions.
Case ID: CNAPP-15002
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:gcp

status:Improvement Organizational Units page has been redesigned - 13:30 UTC
Description: The Organizational Units page has been redesigned with a new look and enhanced functionality, including the addition of an ID column.
Case ID: CNAPP-13974
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:Improvement Toxic Combination Update - 15:00 UTC
Description: New rules for AWS and Azure. A complete list can be found here.
Case ID: CNAPP-14954
Known limitations: N/A
Affected Components: status:Toxic Combination

status:ANNOUNCMENT Deprecated AWS Nimble Studio and Elastic Transcoder - 13:30 UTC
Description: Removed AWS Nimble Studio and Elastic Transcoder from Compliance Engine and Protected Assets
Case ID: CNAPP-13957
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT Azure CognitiveService - 13:30 UTC
Description: Added support for a new properties in Azure CognitiveService: “privateEndpointConnections”, “disableLocalAuth”.
Case ID: CNAPP-14018
Known Limitations: N/A
Affected Components: status:FETCHERS

status:FIXED Azure Storage account - Blob container public access is empty - 15:30 UTC
Description: Fixed an issue where the publicAccess property is empty when there is a value- in Azure Storage Blob Container entity.
Case ID: DFT-4729
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FEATURE Risk Management - Network Exposure - 09:00 UTC

Description: Network Exposure support for Azure SQL Managed Instance.
Case ID: CNAPP-14204
Known limitations: N/A 
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS status:COMPLIANCE ENGINE

status:FIXED Environments page | Validate all environments cause rate limits and fails many environments - 17:00 UTC
Description: Environments page | Validate all environments cause rate limits and fails many environments
Case ID: DFT-4628
Known Limitations: N/A
Affected Components: status:UI

status:Improvement Compliance Rulesets Update - 15:00 UTC
Description: New rules for AWS, AZURE. A complete list can be found here.
Case ID: CNAPP-14843
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FEATURE Azure Compute Images - 10:00 UTC
Description: * A new field, ‘machineImage.exactVersion', has been added to the Azure VirtualMachine entity.
* This field is also reflected in the AzureVirtualMachine API and has been added to the Protected Assets Search API as and additional field: 'MachineImageExactVersion’
* A new API, ‘AzureComputeGalleryImage’, has been introduced for Azure Compute Gallery Images.
Case ID: DFR-3929
Known Limitations: N/A
Affected Components: status:API status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED UI| Inventory | Broken Properties page - 11:00 UTC
Description: UI| Inventory | Broken Properties page
Case ID: DFT-4672
Known Limitations: N/A
Affected Components: status:UI

status:FEATURE AWS OpenSearchServerless collection new Entity - 9:00 UTC
Description: Added support for Aws Entity OpenSearchSLCollection in Compliance Engine and Protected Assets.
Case ID: DFR-3882
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED Azure Active Directory (tenant level) assets - 12:00 UTC
Description: Fixed an issue where sometimes azure cloud accounts with permission issues showed an error message containing different cloud account id. 
This behavior is now fixed and permission error message for tenant level entities will not contain cloud account specific id.
Case ID: DFT-4715
Known Limitations: N/A
Affected Components: status:UI

status:FEATURE Feature AWS Quick Sight Data Source - 10:00 UTC
Description: Added support for AWS Quick Sight Data Source Entity.
Case ID: DFR-3246
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:ANNOUNCMENT Deprecated labels in GSL Builder - 10:00 UTC
Description: Added support for “Deprecated” labels in the GSL Builder.
Case ID: CNAPP-14757
Known Limitations: N/A
Affected Components: status:UI

status:Improvement Compliance Rulesets Update - 09:20 UTC
Description: Japanese version of FISC for AWS and Azure, General maintenance and content updates.
Case ID: CNAPP-14722
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FEATURE status:IMPROVEMENT 2.34.0: Image Assurance Docker Hub Registry Scanning, AppArmor for K8s 1.30+, affinity improvement
Description:

• Image Assurance 2.38.0: Docker Hub Container Registry Scanning support

• Support AppArmor for Kubernetes 1.30+

• Remove duplicate node affinity for some environments

• Enhancements: Inventory 1.16.0, Flow Logs 0.16.0, Admission Control policy 1.10.0, Admission Control enforcer 2.14.0

Case ID: CON-10776
Affected Components: status:Workload Protection status:AGents

status:FIXED AWS Organization Account - 12:00 UTC
Description: Fixed a bug where accounts that were organizations and then moved to a be part of another organization were not deleted from the database
Case ID: DFT-4650
Known Limitations: N/A
Affected Components: status:Fetchers

status:FIXED Protected Assets search request - 9:30 UTC
Description: Fixed issue with protected assets search request, where not all assets returned in the query.
Case ID: DFT-4664, CNAPP-14492, CNAPP-13293
Known Limitations: N/A
Affected Components: status:Protected Assets

status:FEATURE Azure Serial Console - 9:00 UTC
Description: Added support for Azure Serial Console Entity in Compliance Engine and Protected Assets.
Case ID: DFR-2940
Known Limitations: N/A
Affected Components: status:Fetchers status:Compliance Engine status:Protected Assets

status:fixed AWS Iam Role - 10:30 UTC
Description: Fixed a bug that prevented update of roles with a policy that defines “DateLessThan” condition, this bug is now fixed and the role should be updated.
Case ID: DFT-4700
Known Limitations: N/A
Affected Components: status:Fetchers

status:feature Beta labels in GSL Builder - 10:30 UTC
Description: Added support for “Beta” labels in the GSL Builder.
Case ID: CNAPP-14512
Known Limitations: N/A
Affected Components: status:UI

status:FEATURE Cyera Integration - 8:00 UTC
Description: Risk Management DSPM solution now supports Cyera.
Case ID: CNAPP-14495
Known Limitations: N/A
Affected Components: status:UI status:DSPM

status:IMPROVEMENT AWS App Flow - 15:00 UTC
Description: Added support for a new property in AWS App Flow - ‘KmsArn’ in Compliance Engine.
Case ID: DFR-3245
Known Limitations: N/A
Affected Components: status:Compliance Engine

status:FIXED AWS S3 Bucket - GSL Not Returning Correct Value - 15:00 UTC
Description: Fixed an issue where GSL Not Returning Correct Value for tS3 Bucket- objectLevelLogging property.
Case ID: DFT-4656
Known Limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT AWS Account - 15:00 UTC
Description: Added support for a new property in AWS Account - ‘JoinedTimestamp’ in Compliance Engine.
Case ID: DFR-3534
Known Limitations: N/A
Affected Components: status:Compliance Engine

status:IMPROVEMENT - AWS RDS - 15:00 UTC
Description: Added support for a new property in AWS RDS: “caCertificateIdentifier”.
Case ID: DFR-3744
Known Limitations: N/A
Affected Components: status:FETCHERS

status:Improvement Compliance Rulesets Update - 13:01 UTC
Description: New Ruleset: OSS (Open Source Software) License Compliance Best Practices; New rules for AWS, Kubernetes, AZURE, Alibaba. A complete list can be found here.
Case ID: CNAPP-14528
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:IMPROVEMENT Azure Storage Account - Network Exposure - 12:00 UTC

Description: Using Front Door and Private Endpoint Connections information when calculating the Network Exposure of Azure Storage Accounts.
Case ID: CNAPP-13607
Known limitations: N/A 
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:IMPROVEMENT CIEM Findings Table - 13:00 UTC
Description: The CIEM → Findings table will now redirect to Events → All Events → CIEM for the new experience.
Case ID: DFT-4636, CNAPP-14269
Known limitations:
Affected Components: status:UI status:CIEM

status:IMPROVEMENT AWS S3 Bucket - 13:00 UTC
Description: Added support for a new property in AWS S3 Bucket - “bucketKeyEnabled” in Compliance Engine.
Case ID: DFR-3535
Known limitations:
Affected Components: status:COMPLIANCE ENGINE

status:FIXED AWS S3 Bucket KMS key null issue - 13:00 UTC
Description: Fixed AWS S3 Bucket KMS key null issue in Compliance Engine.
Case ID: DFR-3736
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:Feature AWS Account Alternate Contact - 13:00 UTC
Description: Added support for a new entity AWS Account Alternate Contact in Compliance Engine.
Case ID: DFR-3765
Known limitations: N/A 
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS Route 53 Resolver Query Log - 13:00 UTC
Description: Added support for a new entity AWS Route 53 Resolver Query Log in Compliance Engine.
Case ID: DFR-3474
Known limitations: N/A 
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED AWS Target group attributes - 11:30 UTC
Description: Running rules on loadBalancer → targetGroups→ attributes resulted in inconsistent results due to fetching issue, sometimes the target group attributes appeared in the results and sometimes it was missing without any change on AWS side. This issue is now fixed.
Case ID: DFT-4685
Known limitations: N/A
Affected Components: status:Fetchers

status:IMPROVEMENT Azure VPN Gateway - 14:00 UTC
Description: Added support for a new property in Azure VPN Gateway - “Connection” in Compliance Engine.
Case ID: DFR-2751
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS

status:FEATURE Risk Management - Network Exposure - 12:00 UTC

Description: Network Exposure support for Azure CosmosDB Account. Available in Protected Assets and as part of the risk score calculation.
Case ID: CNAPP-14130
Known limitations: N/A 
Affected Components: status:RISK MANAGEMENT status:PROTECTED ASSETS

status:Improvement Network Exposure and Data Sensitivity in the Compliance Engine - 08:30 UTC
Description: Added Network Exposure and Data Sensitivity information to the Compliance Engine for all supported entities.
Case ID: CNAPP-13359
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:RISK MANAGEMENT

status:Feature AWS SSM Document (BETA) - 18:30 UTC
Description: Added support for a new version of the existing entity, SystemManagerDocument, now available as a new entity called SsmDocument.
This feature is currently in BETA and will remain so until January 1, 2025.
Case ID: CNAPP-12491
Known limitations: This is a BETA version. Initial data fetching may take up to 24 hours.
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS SSM Parameter (BETA) - 18:30 UTC
Description: Added support for a new version of the existing entity, SystemManagerParameter, now available as a new entity called SsmParameter.
This feature is currently in BETA and will remain so until January 1, 2025.
Case ID: CNAPP-12490
Known limitations: This is a BETA version. Initial data fetching may take up to 24 hours.
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED AWS Shield Subscription issue in Protected Assets - 17:30 UTC
Description: Fix a bug in the Protected Assets that caused deleted entities to remain visible in the UI within the AWS Shield Subscription.
Case ID: DFT-4619
Known limitations: N/A
Affected Components: status:Protected Assets

status:FIXED Remove Google Store button and revise the documentation on CloudGuard App - 14:00 UTC
Description: Remove Google Store button and revise the documentation to resolve any references related to play.google.com
Case ID: DFT-4056
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:FIXED GSL Engine - IsPublic() - 12:00 UTC
Description: Resolved an issue where the IsPublic() function incorrectly returned true for security group scopes.
Case ID: DFT-4662
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:FIXED Azure VM fixed search request failure - 11:30 UTC
Description: Resolved a bug that caused data inconsistencies for Azure Virtual Machine in Elasticsearch (ES).
The corruption data prevents access to the assets in some cases.
Case ID: DFT-4590
Known limitations: N/A
Affected Components: status:Protected Assets

status:Improvement Compliance Rulesets Update - 09:08 UTC
Description: New rules for AZURE, GCP, Alibaba, AWS. A complete list can be found here.
Case ID: CNAPP-14339
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Feature AWS MGN Replication Template Entity - 17:30 UTC
Description: Added support for AWS MGN Replication Template entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-13519
Known limitations: Initial fetching may take up to 24 hours.
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS Managed Blockchain Network - 13:00 UTC
Description: Added support for AWS ManagedBlockchainNetwork entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12487
Known limitations: Initial fetching may take up to 24 hours.
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Alibaba Private Link VPC Endpoint - 10:00 UTC
Description: Added support for Alibaba PrivateLinkVpcEndpoint entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12166
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Improvement CDR Events exclusions bug fixes - 14:00 UTC
Description: Fixed an issue where the environment was not saved correctly when creating a new exclusion in CDR events. Updated the UI of the exclusion dialog to have only the end date for the exclusion.
Case ID: CNAPP-14067, CNAPP-14073
Known limitations: N/A
Affected Components: status:CDR

status:feature New features in Toxic Combinations area - 12:00 UTC
Description: Four new features are now available as part of the Toxic Combinations

1. CDR Evidence - When there are CDR events as part of the Toxic Combination issue a list of the relevant events will be shown in the issue drawer.

2. Malware Evidence - When there are Malware as part of the Toxic Combination issue a list of the relevant Malware will be shown in the issue drawer.

3. CVE Ignore list - Allows the user to specify which CVEs will not be part of any Toxic Combination.

4. Malware Ignore list - Allows the user to specify which Malware will not be part of any Toxic Combination.

Case ID: CNAPP-14318
Known limitations: N/A
Affected Components: status:Toxic combination

status:Improvement Compliance Rulesets Update - 08:42 UTC
Description: New rules for AWS and AZURE. A complete list can be found here.
Case ID: CNAPP-14139, DFT-4437
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:IMPROVEMENT Added support for Role Assignment to be represented by name instead of ID - 13:00 UTC
Description: Added support for Role Assignment to be represented by name instead of ID in Compliance Engine and Protected Assets.
Case ID: DFR-2705, DFR-3618
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Alibaba Smart Access Gateway (SAG) Entity - 13:30 UTC
Description: Added support for Alibaba Smart Access Gateway (SAG) entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12218
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Alibaba ApsaraMQ For Kafka Entity - 13:30 UTC
Description: Added support for Alibaba Apsara MQ For Kafka entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-11981
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS IoT Events Input Entity - 13:30 UTC
Description: Added support for Aws IoT Events Input entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-13510
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Alibaba VPN Gateway Entity - 13:30 UTC
Description: Added support for Alibaba VPN Gateway entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-12513
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT Azure Logic App Standard Entity- 13:15 UTC
Description: Added support for a new entity Azure Logic App Standard in Compliance Engine.
Case ID: DFR-2720 , DFR-3344
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE

status:FIXED Refined Compliance dashboards widgets and restored functionality to drill-down features - 09:00 UTC
Description: resolving critical bugs including unresponsive filters, search boxes, and drill-down features.
Case ID: DFT-4552, DFT-4553, DFT-4555, DFT-4517, DFT-2327, DFT-4518, , DFT-4578, DFT-4479
Known limitations: N/A
Affected Components: status:COMPLIANCE status:Dashboards

status:Improvement Compliance Rulesets Update - 08:12 UTC
Description: New rules for Azure, Alibaba, AWS. A complete list can be found here.
Case ID: CNAPP-13948, DFT-4492, DFT-4567
Known limitations: N/A
Affected Components: status:COMPLIANCE RULESETS

status:Feature AWS Resilience Hub Application Entity - 16:40 UTC
Description: Added support for Aws Resilience Hub Application entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-13521
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature Azure Container App Entity - 16:40 UTC
Description: Added support for Azure Container App entity in Compliance Engine and Protected Assets.
Case ID: DFR-3906
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:Feature AWS Glue Database Entity - 16:40 UTC
Description: Added support for Aws Glue Database entity in Compliance Engine and Protected Assets.
Case ID: DFR-2723
Known limitations:
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED Error Codes Received for AWS Entity Types in Customer's Account - 17:30 UTC
Description: Encountering error responses when accessing AWS entity types in the customer's account.
Case ID: DFT-4609
Known limitations: N/A
Affected Components: status:Protected assets

status:IMPROVEMENT Toxic Combination Update - 00:00 UTC

Description: New Rules

Publicly exposed database with (PII/PHI/PCI/credentials) data
Publicly exposed storage asset with (PII/PHI/PCI/credentials) data

Case ID: CNAPP-13803, CNAPP-13804
Known limitations: N/A 
Affected Components: status:Toxic Combination Rules

status:IMPROVEMENT AWS Region "findingType" Property Support - 11:00 UTC
Description: Added support for a new property "findingType" in access Analyzer for AWS region entity in Compliance Engine.
Case ID: DFR-3877
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT AWS Redshift Serverless Work Group Entity - 11:00 UTC
Description: Added support for Aws Redshift Serverless Work Group Entity in Compliance Engine and Protected Assets.
Case ID: DFR-2690
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:FIXED AWS DCConnection issue showing only in us-east-1 - 11:00 UTC
Description: Fixed an issue where DCConnection entity was only showing entities created in us-east-1 in Compliance Engine.
Case ID: DFT-4593
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT Intelligence Rulesets Update - 15:00 UTC

Description: New CDR rules for AWS, Azure, and GCP. A complete list can be found here.

Case ID: CNAPP-13413
Known limitations: N/A 
Affected Components: status:INTELLIGENCE RULESETS

status:IMPROVEMENT Azure Public IP Address Entity - 17:00 UTC
Description: Added support for a new entity - Azure Public IP Address in Compliance Engine and Protected Assets
Case ID: DFR-3639
Known limitations: N/A
Affected Components: status:COMPLIANCE ENGINE status:FETCHERS status:PROTECTED ASSETS

status:IMPROVEMENT Azure Virtual Machine New properties - 17:00 UTC
Description: Added support for a new property in Azure Virtual Machine - ‘Storage Profile’ and PA Fields ‘osDiskCreateOption’ & ‘osManagedDiskId’ in Compliance Engine.
Case ID: DFR-3137
Known limitations: N/A
Affected Components: status:API status:FETCHERS status:PROTECTED ASSETS