October 2023

IMPROVEMENT Assessment Run Without Policy - 23:00 UTC

Description: Internal Fix.
Case ID: CNAPP-4359
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS Application Load Balancer - 12:10 UTC

Description: Instead of a single "wafRegional" property there are now 2 properties "wafRegional" and "wafRegionalV2", both containing new "rules" property in Compliance Engine and Protected Assets.
Case ID: DFR-2988
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS API Gateway - 12:10 UTC

Description: Deleted "wafRegional" property and now each stage under "stages" will contain 2 new properties "wafRegional" and "wafRegionalV2", both containing new "rules" property in Compliance Engine and Protected Assets.
Case ID: DFR-2988, DFR-2679
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS WAFRegionalV2 - 12:10 UTC

Description: Added support for “loggingConfiguration“ and “rules.rule.statement.ipSetReferenceStatement” properties in AWS WAFRegionalV2 in Compliance Engine and Protected Assets.
Case ID: DFR-2860, DFR-2896
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS WAFRegional - 12:10 UTC

Description: Added support for “loggingConfiguration“ and “rules” properties in AWS WAFRegional in Compliance Engine and Protected Assets.
Case ID: DFR-2714, DFR-2988
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Enlarge custom resources list limitation - 12:10 UTC

Description: Custom resource list now support up to 9,999 items.
Case ID: CNAPP-2976
Known limitations: N/A
Affected Components: Platform GSL

fixed AWS SES - 7:30 UTC

Description: : Fixed a bug IN AWS SES that caused assessments failures
Case ID: DFT-3018
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed Free text search in Protected Assets Table - 4:40 UTC

Description: : Fixed the precision of the free text search in the protected assets table.
Case ID: DFT-2922
Known limitations: N/A
Affected Components: PROTECTED ASSETS api

feature AWP- Windows scan for AWS - EA - 12:30 UTC

Description: Scanner: Windows Support AWS is now in early availability.
Case ID: AL-695
Known limitations: N/A
Affected Components: AWP

feature AWP- Azure off boarding - 12:30 UTC

Description: AWP account removal - Azure
Case ID: AL-1521
Known limitations: N/A
Affected Components: AWP

feature In the Posture Findings (Events) the Environment filter doesn't discover all the cloud accounts - 10:00 UTC

Description: Environment filter support all environments
Case ID: DFT-2967
Known limitations: N/A
Affected Components: UI

feature AWS Support - 8:20 UTC

Description: Added support for AWS Support entities: SupportCase and SupportSeverityLevel in Compliance Engine and Protected Assets.
Case ID: CNAPP-3507
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

feature AWS MWAA Environment - 8:20 UTC

Description: Added support for AWS MWAA Environment in Compliance Engine and Protected Assets.
Case ID: CNAPP-3498
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed AWS Route Table - 7:30 UTC

Description: Fixed AWS route table not appearing on protected assets table.
Case ID: DFT-2906
Known limitations: N/A
Affected Components: PROTECTED ASSETS UI

IMPROVEMENT Context Graph for EKS Cluster - 12:30 UTC

Description: The network exposure context graph is now available for EKS Cluster in the protected asset overview page.
Case ID: CNAPP-372
Known limitations: N/A
Affected Components: UIERM

IMPROVEMENT Top Security Issues widgets - 12:30 UTC

Description: Four new widgets that represent the top security issues for all environments were added to the Risk Management dashboard.
Case ID: CNAPP-4019
Known limitations: N/A
Affected Components: UIERM

IMPROVEMENT Supporting GCP Regions - 10:00 UTC

Description: Added regions and areas:
asia-northeast2, Osaka
asia-northeast3, Seoul
us-west3, Salt Lake City
us-west4, Las Vegas
asia-southeast2, Jakarta
nam3, Northern Virginia and South Carolina
nam5, Iowa and Oklahoma
nam6, Iowa and South Carolina
nam7, Iowa and Northern Virginia
nam10, Iowa and Salt Lake City
nam-eur-asia1, Iowa and Oklahoma
eur3, Belgium and Netherlands
eur5, London and Belgium
asia1, Tokyo and Osaka
nam11, Iowa and South Carolina
eu, Eu
northamerica-northeast2, Toronto
southamerica-west1, Santiago
us-east5, Columbus
us-south1, Dallas
europe-central2, Warsaw
europe-southwest1, Madrid
europe-west8, Milan
europe-west9, Paris
europe-west10, Berlin
europe-west12, Turin
asia-south2, Delhi
australia-southeast2, Melbourne
me-central1, Doha
me-central2, Dammam
me-west1, Tel Aviv

Case ID: DFR-2880
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed AWS CloudFormation Stack - 8:00 UTC

Description: Fixed an issue where properties under “addonsConfig” returned null.
Case ID: CNAPP-2436
Known limitations: N/A
Affected Components: COMPLIANCE ENGINEFETCHERS

fixed GCP GKE Cluster - 8:00 UTC

Description: Fixed an issue where properties under “addonsConfig” returned null.
Case ID: DFT-2923
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

feature AWS ACM Private Certificate Authority - 8:00 UTC

Description: Added support for AWS ACMPrivateCertificateAuthority entity in Compliance Engine and Protected Assets
Case ID: CNAPP-3504
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:00 UTC

Description: New Ruleset ISO27001:2022 for Azure; New AWS rules. A complete list can be found here.

Case ID: CNAPP-4099, DFR-2756, DFT-2952, DFT-2930, DFT-2954
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Fixed GSL Builder categories - 8:30 UTC

Description: Fixed categories for EcsImage, CognitoIdentityPool and Region in GSL Builder.
Case ID: IN-8332
Known limitations: N/A
Affected Components: UI

fixed Fix spacing between key and value on the list widget - 13:30 UTC

Description: In Alerts widget, minimize spacing such that there is more space for the text
Case ID: CNAPP-4177
Known limitations: N/A
Affected Components: UI

improvement Workload Protection for Kubernetes: helm 2.23.0

Description: Admission Control: enforcer 2.8.0, policy 1.6.0, Image Assurance 2.23.0, Runtime Protection: policy 1.5.0, Flow Logs 0.10.0, Inventory 1.11.1. A complete list can be found here.
Case ID: CON-5723
Known limitations: N/A
Affected Components: containers

fixed Dashboard Widget Overview shows a wrong score by swapping the amount of successful and failed tests - 12:30 UTC

Description: the changed was to show passed tests instead of failed tests
Case ID: DFT-2994
Known limitations: N/A
Affected Components: UI

IMPROVEMENT GCP Project - 05:30 UTC

Description: Added support for “projectTags“ property in GCP Project in Compliance Engine and Protected Assets.
Case ID: DFR-2856
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT Azure FunctionApp - 12:30 UTC

Description: Added the field “AppType” in order to differ between Function app and Logic app standard.
Case ID: DFT-2991
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

feature Risk Management - Top Remediation Actions - 08:30 UTC

Description: Added Overprivileged User Assigned Identities remediation action for Azure VirtualMachine, FunctionApp and UserAssignedIdentity.
Case ID: CNAPP-172
Known limitations: N/A
Affected Components: EFFECTIVE RISK MANAGEMENT API

IMPROVEMENT AWS SES - 04:30 UTC

Description: Changed Ses SDK in use, to reduce API calls and add more information.
Added properties - tags, configuration set (which contains TLS policy, VDM options, and more).

Case ID: DFR-2694,DFR-660
Known limitations: Requires new permissions - ses:ListEmailIdentities and ses:GetEmailIdentity
Affected Components: uiCOMPLIANCE ENGINE FETCHERS

IMPROVEMENT Risk Management Dashboard - 16:00 UTC

Description: The “By Type” widget was replaced by the “Highest Risk Score by Asset Type” widget.

Case ID: CNAPP-616
Known limitations: N/A 
Affected Components: uiERM

IMPROVEMENT GSL Builder - 06:15 UTC

Description: “New” labels were removed from the GSL builder’s UI, for 30 days old entities.

Case ID: IN-8200
Known limitations: N/A 
Affected Components: ui

fixed New Dashboard - Compliance Gauge widget seems to be showing wrong Info - 12:30 UTC

Description: Fixed an issue with Compliance Gauge widget where it showed failed instead of passed tests
Case ID: DFT-2988
Known limitations: N/A
Affected Components: UI

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New Ruleset APRA CPS 234 for AWS; New Ruleset ISO27001:2022 for GCP; New AWS rules. A complete list can be found here.

Case ID: CNAPP-3945, DFT-2951, DFT-2953, DFT-2934
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed AWS CloudFormationStack - 08:30 UTC

Description: Fixed “stackStatus.value” property returned null.
Case ID: DFT-2970
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

feature New Overview Dashboard Framework - 7:00 UTC

Description: New look and feel, improved performance and bugs fixes.
Case ID: CNAPP-3019
Known limitations: N/A
Affected Components: Overview page

feature GCP Effective Firewall Rules for VMInstance - 13:00 UTC

Description: Added data fetching for VMInstances NICs effective firewall rules. Information will be used in later releases to compute VMInstances network exposure.
Case ID: CNAPP-3569
Known limitations: N/A
Affected Components: FETCHERS

feature Azure Purview Data Fetching - 13:00 UTC

Description: Added Azure Purview data classifications fetcher for Storage Accounts. Information will be integrated into Risk Management in later releases.
Case ID: CNAPP-2803
Known limitations: N/A
Affected Components: DSPM

feature Risk Management Business Priority Rules - 12:00 UTC

Description: Added Organizational Units support in ‘v2/erm/businesspriority’ APIs.
Case ID: CNAPP-771
Known limitations: N/A
Affected Components: EFFECTIVE RISK MANAGEMENT API

IMPROVEMENT GCP Project - 08:00 UTC

Description: Added support for “projectTags“ property in GCP Project in Compliance Engine and Protected Assets.
Case ID: DFR-2856
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS ElasticBeanstalk - 08:00 UTC

Description: Added support for the following load balancers properties in AWS ElasticBeanstalk in Compliance Engine and Protected Assets.
The properties are: “resources.loadBalancers[].alb“, “resources.loadBalancers[].nlb“, “resources.loadBalancers[].elb“.

Case ID: DFR-1794
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

fixed Scheduled Assessment Report - 19:40 UTC

Description: Bug fixed in Emailed Scheduled Assessment Reports, which contains a link to download the report.
Case ID: DFT-2823, CNAPP-2490
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

fixed AWS Keyspaces - 10:00 UTC

Description: Four unnecessary properties were removed from the “KeySpace” entity: NextToken, ResponseMetadata, ContentLength, HttpStatusCode.
Case ID: IN-8303
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS

FEATURE AWS Outposts - 08:00 UTC

Description: Added support to AWS Outpost entity in Compliance Engine and Protected Assets.
Case ID: DFR-2313
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS S3 Bucket - 07:00 UTC

Description: Added support for the ‘objectLockConfiguration’ property in AWS S3 Bucket in Compliance Engine and Protected Assets.

Case ID: DFR-2420
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: New AWS, and Azure rules. A complete list can be found here.

Case ID: CNAPP-3807, DFT-2917, DFT-2916, DFT-2888, DFT-2936,DFT-3446,DFT-2908
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed Assessment History- 23:20 UTC

Description: Assessment histories without related policy attached to the rule, won’t be considered once policy is created, for findings creation.
Case ID: DFT-2801, CNAPP-2274
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

fixed AWS AppRunner - 14:30 UTC

Description: Broken “tags” properties were fixed for the AppRunner entities.
Case ID: IN-8301
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE FETCHERS

IMPROVEMENT Tags support in protected assets - 11:00 UTC

Description: Added tags support in Protected Assets for the following: AwsIamRole, AwsKms, AwsSecretManager.
Added labels support in Protected Assets for the following: GcpCloudFunction
Case ID: CNAPP-177
Known limitations: N/A
Affected Components: PROTECTED ASSETS

FEATURE EKS Cluster Network Exposure - 15:30 UTC

Description: The Network Exposure additional info parameter is now available for EKS Cluster entity.
Case ID: CNAPP-174
Known limitations: N/A
Affected Components: ERM

FEATURE Add GSL support to inspect KubernetesPod spec.automountServiceAccountToken (Boolean) - 16:30 UTC

Description: Add GSL support to inspect KubernetesPod spec.automountServiceAccountToken (Boolean)
Case ID: CON-7216
Known limitations: N/A
Affected Components: COntainers

FEATURE AWS Signer - 16:30 UTC

Description: Added support for AWS Signer entities: SignerProfile and SignerJob in Compliance Engine and Protected Assets.
Case ID: CNAPP-2147
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Connect Instance - 16:30 UTC

Description: Added support for AWS ConnectInstance in Compliance Engine and Protected Assets.
Case ID: CNAPP-2957
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 12:30 UTC

Description: New Ruleset AWS Security Controls Ruleset; New Ruleset Azure Security Controls Ruleset; New Ruleset Check Point CloudGuard AWS Vulnerabilities Detection; New Ruleset Check Point CloudGuard Azure Vulnerabilities Detection;

AWS Foundational Security Best Practices (FSBP) standard update; New AWS, Azure, and GCP rules. A complete list can be found here.

Case ID: CNAPP-3616
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE AWS App Stream 2.0 Usage Report - 16:30 UTC

Description: Added support for AWS AppStream2UsageReport in Compliance Engine and Protected Assets.
Case ID: CNAPP-2955
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Lambda Layer - 16:30 UTC

Description: Added support for AWS Lambda Layer in Compliance Engine and Protected Assets.
Case ID: CNAPP-2159
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Media Tailor - 16:30 UTC

Description: Added support for AWS MediaTailor entities in Compliance Engine and Protected Assets:

• AwsMediaTailorChannel

• AwsMediaTailorPlaybackConf

• AwsMediaTailorSourceLocation.

Case ID: CNAPP-1452
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS DS Directory - 16:30 UTC

Description: Added support for AWS DsDirectory in Compliance Engine and Protected Assets.
Case ID: CNAPP-1446
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS CloudSearch Domain - 16:30 UTC

Description: Added support for AWS CloudSearchDomain in Compliance Engine and Protected Assets.
Case ID: CNAPP-2143
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Lightsail - 16:30 UTC

Description: Added support for AWS Lightsail entities in Compliance Engine and Protected Assets:

• Lightsailnstance

• LightsailRelationalDatabase

• LightsailLoadBalancer

• LightsailDomain

• LightsailDistribution

• LightsailDisk

Case ID: CNAPP-3510
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Key Space - 16:30 UTC

Description: Added support for AWS KeySpace in Compliance Engine and Protected Assets.
Case ID: CNAPP-2962
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Batch Job - 16:30 UTC

Description: Added support for Batch Job entities in Compliance Engine and Protected Assets:

• AWS BatchJobQueue

• AWS BatchJobComputeEnvironment

• AWS BatchJobDefinition

Case ID: CNAPP-2956
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Kinesis Analytics Application - 16:30 UTC

Description: Added support for AWS KinesisAnalyticsApplication in Compliance Engine and Protected Assets.
Case ID: CNAPP-3501
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS App Runner - 16:30 UTC

Description: Added support for the following AWS App Runner entities in Compliance Engine and Protected Assets:

• AppRunnerAutoScalingConfiguration

• AppRunnerVpcConnector

• AppRunnerConnection.

Case ID: CNAPP-1434
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS App Runner Service - 16:30 UTC

Description: Added support for AWS AppRunnerService in Compliance Engine and Protected Assets.
Case ID: CNAPP-1433
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS DAX - 16:30 UTC

Description: Added support for the following AWS DAX entities in Compliance Engine and Protected Assets:

• DaxCluster

• DaxParameterGroup.

Case ID: CNAPP-2958
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Nimble Studio - 16:30 UTC

Description: Added support for the AWS NimbleStudio entity in Compliance Engine and Protected Assets.
Case ID: CNAPP-2155
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS Code Pipeline - 16:30 UTC

Description: Added support for AWS CodePipelineWebhook in Compliance Engine and Protected Assets.
Case ID: CNAPP-2963
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

FEATURE AWS DevOps Guru - 16:30 UTC

Description: Added support for AWS DevOpsGuruServiceIntegration in Compliance Engine and Protected Assets.
Case ID: CNAPP-2959
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS

IMPROVEMENT AWS Cloud Formation Stack - 10:00 UTC

Description: Added stackResources and cloudFormationTemplate as the new properties to CloudFormationStack entity in Compliance Engine and Protected Assets.
Case ID: DFR-2594
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE FETCHERS PROTECTED ASSETS