2020 Releases
- Guy Shteinberg
- Arik Blumin (Unlicensed)
- Galit Slonimsky
AWS Custom Domain Name - 16:00 UTC
Type: New entity
Description: Added support for AWS Custom Domain Name in the compliance engine
Known limitations: N\A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
AWS NACL - IPV6 Support - 16:00 UTC
Type: Improvement
Case ID: DFR-1356
Description: Add IPV6 support in AWS NACL Compliance model and API.
Known limitations: N\A
Affected Components: API COMPLIANCE ENGINE
Compliance API - 14:00 UTC
Type: Improvement
Description: New API for future features.
Known limitations: N\A
Affected Components: API
Azure Service Bus - 18:30 UTC
Type: New Entity
Case ID: DFR-684
Description: Added support for Azure Service Bus in the compliance engine
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Intelligence - Usage calculation improvements - 12:30 UTC
Type: Improvement
Description: Improving usage calculations model.
Known limitations: N\A
Affected Components: INTELLIGENCE
Workload Protection - New Pages - 9:30 UTC
Type: New feature
Case ID: DFR-1250, 1249, 1247, 1264, 1307, 1308
Description: New pages and UI fixes.
Known limitations: N\A
Affected Components: UI KUBERNETES
Kubernetes Runtime Protection - Pop up fix - 9:30 UTC
Type: Bug Fix
Case ID: DFT-1013
Description: minor UI fix.
Known limitations: N\A
Affected Components: UI KUBERNETES
Kubernetes Onboarding - Scroll bar fix - 9:30 UTC
Type: Bug Fix
Case ID: DFT-1008
Description: minor UI fix.
Known limitations: N\A
Affected Components: UI KUBERNETES
Rulesets - Compliance sections fix - 9:30 UTC
Type: Bug Fix
Case ID: DFT-1023
Description: minor UI fix.
Known limitations: N\A
Affected Components: UI RULESETS
Remediation - Cloud bot empty parameter fix - 9:30 UTC
Type: Bug Fix
Case ID: DFT-997
Description: minor UI fix.
Known limitations: N\A
Affected Components: UI REMEDIATIONS
Protected Assets - Detailed export fix - 9:30 UTC
Type: Bug Fix
Case ID: DFT-1017
Description: Broken modal fix.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Compliance Engine - 16:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 16:15 UTC
Type: Improvement
Description: New rules were added to AWS CloudGuard Best Practices. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Update - 15:45 UTC
Type: Internal Improvement
Description: Created new Retry with backoff mechanism.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Update - 13:45 UTC
Type: Internal Improvement
Description: Added backend support for new feature.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 12:45 UTC
Type: Improvement
Description: New rules were added to Azure rulesets. Additionally, we have made changes to existing AWS rules. a complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Subnet - 10:45 UTC
Type: Bug Fix
Case ID: DFT-1012
Description: Fix Azure subnet route table mapping in compliance entity
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
AWS EC2 Instance - 14:30 UTC
Type: Improvement
Case ID: DFR-1327
Description: Added Public DNS and Private DNS properties in compliance engine for AWS Instance entity
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
AWS SSM Document - 14:30 UTC
Type: New Entity
Case ID: DFR-1360
Description: Added support for AWS SSM Document in the compliance engine
GSL Examples:
Ensure that Dms Endpoint is utilizing ssl:
SystemManagerDocument should not have accountSharingInfoList contain [ accountId='all' ]- Ensure that the SystemManagerDocument of specific account supports the 'Windows' platform:
SystemManagerDocument where owner = 989524331127 should have platformTypes contain [ 'Windows']
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
AWS DMS Endpoint - 14:30 UTC
Type: New Entity
Case ID: DFR-1254
Description: Added support for AWS DMS Endpoint in the compliance engine
GSL Examples:
Ensure that Dms Endpoint is utilizing ssl:
DmsEndpoint should not have sslMode='none'- Ensure that Dms Endpoint is encrypted using Kms:
DmsEndpoint should not have kmsKeyId isEmpty()
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Azure Regional WAF - 14:30 UTC
Type: New Entity
Case ID: DFR-1210
Description: Added support for Azure Regional WAF (aka Azure Web Application Firewall) in the compliance engine
GSL Examples:
Ensure that ApplicationGateway utilizes WAF with Ruletype set to 'OWASP' and version '3.0':
ApplicationGateway should have (getResource('RegionalWAF', regionalWAFPolicyId) contain[managedRules.managedRuleSets contain [ ruleSetVersion='3.0'] and managedRules.managedRuleSets contain [ ruleSetType='OWASP' ]]) or (firewall.enabled=true and firewall.ruleSetType='OWASP' and firewall.ruleSetVersion='3.0')- Ensure that WAF policy for detection mode is in state enabled:
RegionalWAF where policySettings.state.mode = 'Detection' should have policySettings.state='Enabled'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
AWS RDS DBCluster - 14:30 UTC
Type: New Entity
Case ID: DFR-1339
Description: Added support for AWS RDS DBCluster in the compliance engine
GSL Examples:
Ensure that all the cluster storages are encrypted:
RDSDBCluster should haveStorageEncrypted=true
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
AWS Storage Gateway - 14:30 UTC
Type: New Entity
Case ID: DFR-1312
Description: Added support for AWS Storage Gateway in the compliance engine
GSL Examples:
Ensure that all the gateways are operational:
StorageGateway should have gatewayOperationalState='ACTIVE'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
AWS MSK Cluster - 14:30 UTC
Type: New Entity
Case ID: DFR-1297
Description: Added support for AWS MSK Cluster in the compliance engine
GSL Examples:
Ensure that MSK Clustert has data encrypted in Cluster while in Transit:
MskCluster should have encryptionInfo.encryptionInTransit.inCluster=true
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - 14:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Notifications - Webhook - Jira Integration - 10:30 UTC
Type: New Feature
Case ID: DFR-445
Description: Fixing unrequired calls from UI.
Known limitations: N\A
Affected Components: WEBHOOK NOTIFICATIONS
Environments - Serverless UI calls fix - 10:30 UTC
Type: Bug fix
Description: Fixing unrequired calls from UI.
Known limitations: N\A
Affected Components: UI ENVIRONMENTS
Environments - Kubernetes page - 10:30 UTC
Type: Minor fix
Description: Fix expand all behavior.
Known limitations: N\A
Affected Components: UI ENVIRONMENTS
Environments - Added Compliance policy tab - 10:30 UTC
Type: Improvement
Case ID: DFR-1187
Description: Added additional information on Environment page..
Known limitations: N\A
Affected Components: UI ENVIRONMENTS
AWS Fetching System Improvement - 08:30 UTC
Type: Improvement
Description: Fetch data based on activity.
Known limitations: Not supported in AWS S3 Bucket.
Affected Components: DATA FETCHERS AWS
AWS Data Fetchers - 08:30 UTC
Type: Improvement
Description: Infra Improvement for AWS data fetchers: IAM Role, IAM Instance Profile.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Compliance Engine - 15:00 UTC
Type: Improvement
Description: Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Notifications - Azure Security Center - 13:00 UTC
Type: New Feature
Description: Released a new Integration type for Azure Security Center.
Known limitations: NA.
Affected Components: COMPLIANCE NOTIFICATIONS
AWS Data Fetchers - 13:30 UTC
Type: Improvement
Description: Infra Improvement for AWS data fetchers: S3 Bucket, IAM Role, IAM Instance Profile.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Intelligence & Threat Hunting. - Azure NSG Flow Logs - 10:30 UTC
Type: New Feature
Description: Released a new version of Azure NSG Flow Logs with a new onboarding method.
Known limitations: NA.
Affected Components: INTELLIGENCE & THREAT HUNTING
Platforms API - 09:00 UTC
Type: Improvement
Description: Added additional regions and zones to GCP.
Known limitations: N/A.
Affected Components: API
Protected Assets - 09:00 UTC
Type: Bug Fix
Case ID: DFT-999
Description: Fixed Billable Asset value for AWS Cloud Formation Stack and Kinesis Firehose entities.
Known limitations: N\A
Affected Components: PROTECTED ASSETS
Azure Virtual Network Gateway - 09:00 UTC
Type: Improvement
Description: Infra Improvement for Virtual Network Gateway data fetcher.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Compliance Engine - 12:40 UTC
Type: Improvement
Description: Update assessment model , Internal model improvement
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE API
Compliance Rulesets Update - 12:00 UTC
Type: Improvement
Description: New rules were added to Terraform AWS CIS Foundations ruleset. Additionally, we have made changes to existing rules and remove one rule. a complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
AWS ECS Task Definition - 14:30 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
AWS Data Fetchers - 13:30 UTC
Type: Improvement
Description: Infra Improvement for AWS data fetchers: IAM Account Summary, IAM Password Policy, IAM Policy, IAM Role Attached Policies, IAM Role Inline Policies, IAM Role Permissions Boundary, IAM Server Certificate, IAM User, IAM User Attached Policies, IAM User Groups, IAM User Inline Policies, IAM User Permissions Boundary, IAM User Tags, Organization, Virtual MFA Devices.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Azure Data Fetchers - 10:00 UTC
Type: Improvement
Description: Infra Improvement for Azure data fetchers: Virtual Network Gateway, Role Definition, Virtual Machine Scale Set.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Shift Left environment onboarding - 18:00 UTC
Type: Improvement
Description: Adding Infra structure for Shift left - currently not visible to customers.
Known limitations: N\A
Affected Components: API IAC ASSESSMENT UI
Azure Data Fetchers - 11:00 UTC
Type: Improvement
Description: Infra Improvement for Azure data fetchers: Storage Account, Analysis Service, Application Gateway, Logic App, Api Management, Disk, Application Security Group, Container Registry.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Compliance Rulesets Update - 10:30 UTC
Type: Improvement
Description: The first release of AWS CIS Foundations v. 1.3.0 ruleset. A complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Data Fetchers - 09:00 UTC
Type: Improvement
Description: Infra Improvement for Azure data fetchers: Web App, Function App, Activity Log Alert Rules.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Azure Role Definitions - 13:00 UTC
Type: New Entity
Case ID: DFR-1214
Description: Added support for Azure Role Definitions in the compliance engine
GSL Examples:
Ensure that `MULTI-FACTOR AUTH STATUS` is `Enabled` for all users who are ‘Owner’:
RoleAssignment should have (properties contain [getResource('User', principalId) contain [userCredentialRegistrationDetails.isRegisterWithMfa=true]] and properties contain [getResource('RoleDefinition',roleDefinitionId) contain [properties.roleName = 'Owner']])
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure Role Assignment - 13:00 UTC
Type: New Entity
Case ID: DFR-1214
Description: Added support for Azure Role Assignment in the compliance engine
GSL Examples:
Ensure that the password used for the 'Owner' role assignment is changed every 90 days or less:
RoleAssignment should have (properties contain [getResource('User', principalId) contain [lastPasswordChangeDateTime after(-90, 'days') ]] and properties contain [getResource('RoleDefinition',roleDefinitionId) contain [properties.roleName = 'Owner']])
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure WebApp, FunctionApp and CosmosDB Account Fetchers - 13:00 UTC
Type: Improvement
Description: Infra Improvement for Azure WebApp, FunctionApp and CosmosDB Account data fetcher.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
MSP Portal - Logo fix - 14:00 UTC
Type: Bug Fix
Case ID: DFT-964
Description: Fixed an issue that affected uploaded logo's visibility.
Known limitations: N/A.
Affected Components: UI MSP
Compliance Rulesets Update - 14:00 UTC
Type: Improvement
Description: One new network rule was added to AWS CloudGuard Best Practices ruleset. Additionally, we have made changes to existing rules and remove six old rules. a complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure Subnet - 10:00 UTC
Type: Improvement
Description: Infra Improvement for Azure Subnet data fetcher.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Single Sign On - Fixes and Improvements - 9:50 UTC
Type: Improvement and Bug Fix
Case ID: DFT-910, DFT-956
Description: SSO improvements for large SAML elements, fixes for JIT groups.
Known limitations: N/A.
Affected Components: AUTHENTICATION SSO
Compliance Engine - 14:40 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE API
Compliance Engine - 14:00 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE API
Compliance Engine - 13:20 UTC
Type: Improvement
Description: Backend support for upcoming Azure Security Center feature.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
AWS Data Fetchers - 10:00 UTC
Type: Improvement
Description: Infra Improvement for AWS data fetchers: IAM Role Tags, Cloud Front, Route53 Domains.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Manual Assessment - Removed VNET Selection - 8:00 UTC
Type: Improvement
Description: Removed Azure VNET selection on manual assessment and GSL builder.
Known limitations: N\A
Affected Components: UI COMPLIANCE ENGINE
Protected Assets - Attach Security groups issue - 8:00 UTC
Type: Bug Fix
Description: Fixed an issue that prevented users to attach security groups to an EC2 Instance.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Azure Onboarding- UI fixes - 8:00 UTC
Type: Bug Fix
Description: Fixed several UI components to handle different resolutions.
Known limitations: N\A
Affected Components: UI AZURE UNSAFE-ONBOARDING
Protected Assets - Alerts fix for Kubernetes - 8:00 UTC
Type: Bug Fix
Description: Fixed Alerts issues when the source is Kubernetes Image Scanning.
Known limitations: N\A
Affected Components: UI K8S
GCP Security groups - Shared VPC fixes - 8:00 UTC
Type: Bug Fix
Case ID: DFT-883
Description: Fixed UI issues when using Shared VPC.
Known limitations: N\A
Affected Components: UI SECURITY GROUPS PROTECTED ASSETS
Security Groups - Added Export support - 8:00 UTC
Type: Improvement
Case ID: DFR-1237, DFR-1096
Description: Adding export support for Security groups.
Known limitations: N\A
Affected Components: UI SECURITY GROUPS
Account Page - Data Center indicator - 8:00 UTC
Type: Improvement
Case ID: DFR-1216
Description: Added Data Center indicator.
Known limitations: N\A
Affected Components: UI ACCOUNT PAGE
Environments - Added Kubernetes status - 8:00 UTC
Type: Improvement
Case ID: DFR-1195
Description: Added additional indicators to Kubernetes status.
Known limitations: N\A
Affected Components: UI ENVIRONMENTS
AWS SNS Platform Application - 12:30 UTC
Type: New Entity
Description: Added support for AWS SNS Platform Application in the compliance engine
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
AWS Glue Connection - 12:30 UTC
Type: New Entity
Description: Added support for AWS Glue Connection in the compliance engine
GSL Examples:
Ensure that GlueConnection enforce SSL for JDBC connections:
GlueConnection should have connectionProperties contain [ key='JDBC_ENFORCE_SSL' and value='true' ] where connectionType = 'JDBC'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
GCP VM Instance - 12:30 UTC
Type: Bug fix
Case ID: DFR-1215
Description: Project level setting not mapped to resources
Known limitations: N/A
Affected Components: DATA FETCHERS GCP COMPLIANCE ENGINE
AWS VPC Endpoint - 12:30 UTC
Type: Improvement
Case ID: DFR-1209
Description: Additional properties are supported in compliance engine for AWS VPC Endpoint entity
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Azure Data Explorer - 12:30 UTC
Type: New Entity
Description: Added support for Azure Data Explorer in the compliance engine
GSL Examples:
Ensure that Azure DataExplorerCluster is enabled for purge:
DataExplorerCluster should have enablePurge=true
Ensure that Auzre DataExplorerCluster is encrypted:
DataExplorerCluster should have enableDiskEncryption=true
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure Disk - 12:30 UTC
Type: New Entity
Description: Added support for Azure Disk in the compliance engine
GSL Examples:
Ensure that Azure disks are encrypted:
Disk should have properties.encryptionSettingsCollection.enabled=true
Ensure that Azure disks are set with up to 2 shares:
Disk should have properties.maxShares <= 2
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure Role Assignment - 12:30 UTC
Type: New Entity
Description: Added support for Azure Role Assignment entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AZURE
Azure Firewall - 12:30 UTC
Type: New Entity
Case ID: DFR-1274
Description: Added support for Azure Firewall entity in the compliance engine.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Environment Missing Permissions - 11:00 UTC
Type: Bug Fix
Case ID: DFT-975
Description: Missing permissions were not visible for Gov / China Cloud Accounts.
Known limitations: N/A.
Affected Components: UI API
Authentication Hardening - 11:00 UTC
Type: Improvement
Description: Hardening Improvement for all authentication types.
Known limitations: N/A.
Affected Components: AUTHENTICATION SERVICE ALL REGIONS UI MSP
Compliance Engine - 9:20 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 9:00 UTC
Type: Improvement
Description: The first release of the Japanese AWS Dome9 FISC ruleset.
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Compliance Rulesets Update - 10:15 UTC
Type: Improvement
Description: Adding new rules to AWS CloudGuard Best Practices ruleset.
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
GCP Security Group - 16:30 UTC
Type: Improvement
Description: Added 'description' field to GcpSecurityGroup inbound and outbound rules.
Known limitations: N/A
Affected Components: DATA FETCHERS GCP COMPLIANCE ENGINE
AWS VPC Endpoint - 12:00 UTC
Type: Improvement
Description: Added support for additional properties.
Known limitations: Additional fields still not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AWS
Azure Private Endpoint - 12:00 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
AWS Workspaces - 12:00 UTC
Type: Bug Fix
Case ID: DFT-978
Description: Fix for disk encryption status reported incorrectly
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 10:00 UTC
Type: Bug Fix
Case ID: DFT-961, DFT-979, DFT-758
Description: Rules fixes D9.AZU.NET.06, D9.AZU.CRY.19, D9.AZU.LOG.03
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Intelligence & Threat Hunting. - Flow Logs Time Line - 12:00 UTC
Type: New Feature
Description: Added timeline to Flow Logs traffic.
Known limitations: NA.
Affected Components: INTELLIGENCE & THREAT HUNTING
Intelligence & Threat Hunting. - Customize Centralize On-boarding - 12:00 UTC
Type: New Feature
Description: Added support to on-board centralized bucket with multiple sources of AWS Cloudtrail and Flow Logs.
Known limitations: NA.
Affected Components: INTELLIGENCE & THREAT HUNTING
AWS SNS Platform Application - 12:00 UTC
Type: New Entity
Description: Added support for AWS SNS Platform Application entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AWS
Azure Data Explorer - 12:00 UTC
Type: New Entity
Description: Added support for Azure Data Explorer entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AZURE
Azure HDInsight - 12:00 UTC
Type: New Entity
Description: Added support for Azure HDInsight in the compliance engine
GSL Examples:
Ensure that HDInsight is encypted with encryptionAtHost:
HDInsight should have properties.diskEncryptionProperties.encryptionAtHost=true
Ensure that HDInsight supports TLS version '1.2':
HDInsight should have properties.minSupportedTlsVersion='1.2'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
AWS ECS Service- 11:15 UTC
Type: Bug Fix
Case ID: DFT-955
Description: Fix 'taskDefinition' property updating issue
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
AWS Kinesis Firehose - 11:15 UTC
Type: New Entity
Description: Added support for AWS Kinesis Firehose in the compliance engine
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
AWS Cloud Formation Stack - 11:15 UTC
Type: New Entity
Description: Added support for AWS Cloud Formation Stack in the compliance engine
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
AWS Network Firewall - 11:00 UTC
Type: New Entity
Description: Added support for AWS Network Firewall in the compliance engine:
GSL Examples:
Ensure that Network Firewall uses the 'Flow' logtype:
NetworkFirewall should have loggingConfiguration.logDestinationConfigs with [ logType='FLOW' ]
Ensure that Network Firewall status is 'Ready' and is in-sync:
NetworkFirewall should have (firewallStatus.status='READY' and firewallStatus.configurationSyncStateSummary='IN_SYNC')
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Azure Virtual Machine API- 08:30 UTC
Type: Bug Fix
Case ID: DFT-953
Description: Fix permission issue in GET Azure Virtual Machine by cloud account id API
Known limitations: N\A
Affected Components: API
Azure ActivityLogMonitor - 08:30 UTC
Type: Bug Fix
Case ID: DFT-965
Description: Fix Typos in ActivityLogMonitor compliance model.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Service Accounts - 08:30 UTC
Type: Improvement
Case ID: DFR-1273
Description: Allow to manage Service Accounts via MSP assumed roles.
Known limitations: N\A
Affected Components: API
Azure Data Fetchers - 13:00 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
AWS Route53 Hosted Zone - 13:00 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Protected Assets - Kubernetes Alerts fix - 19:07 UTC
Type: Bug Fix
Description: Fixing Alerts representation on Kubernetes entities .
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Dashboard - Add PDF export - 9:05 UTC
Type: Improvement
Description: Added Dashboard export to PDF.
Known limitations: N\A
Affected Components: UI DASHBOARDS
Protected Assets - Generic Entity page - 9:05 UTC
Type: Improvement
Description: On Generic pages the properties tab is the default tab.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Protected Assets - Added Tabs on Entity page - 9:05 UTC
Type: Improvement
Description: Separated the Alerts tab to Security events / Tasks Tabs.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Dashboards - Added missing % to trend widgets - 9:05 UTC
Type: Bug Fix
Description: Added missing % to trend widgets.
Known limitations: N\A
Affected Components: UI DASHBOARDS
GSL Builder - Combo box fixes - 9:05 UTC
Type: Improvement
Description: Fixed responsive boxes and missing VNET selection box.
Known limitations: N\A
Affected Components: UI
Compliance Rulesets - Fixed mislabeled titles - 9:05 UTC
Type: Bug fix
Case ID: DFT-970
Description: GSL logic was added back.
Known limitations: N\A
Affected Components: UI RULESETS
GSL Builder - Kubernetes Categories - 9:05 UTC
Type: Improvement
Case ID: DFR-1240
Description: Adding support for Kubernetes runtime assurance.
Known limitations: N\A
Affected Components: UI
Protected assets - Linkable Cloud Accounts - 9:05 UTC
Type: Improvement
Case ID: DFR-1183
Description: Added links to the cloud accounts.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Protected Assets - Added additional fields support - 9:05 UTC
Type: Improvement
Case ID: DFR-1182
Description: Added additional fields support on the entity page.
Known limitations: N\A
Affected Components: UI PROTECTED ASSETS
Intelligence & Threat Hunting - Generic on-boarding - 14:00 UTC
Type: New Feature
Description: Adding the ability to on-board Multiple cloud accounts in the same S3
Known limitations: N\A
Affected Components: INTELLIGENCE & THREAT HUNTING
Compliance Rulesets Update - 14:00 UTC
Type: Improvement
Description: Adding new rules to AWS CloudGuard Best Practices ruleset
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Compliance Rulesets Update - 14:00 UTC
Type: Bug Fix
Description: Rules fixes in Terraform AWS CIS Foundations ruleset
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Compliance Engine - 14:00 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE
Azure HDInsight - 10:00 UTC
Type: Bug Fix
Description: Fix permission errors handling
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Azure HDInsight - 17:00 UTC
Type: New Entity support
Description: Added support for Azure HDInsight entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AZURE
K8s Agents Status Notification - 15:00 UTC
Type: Improvement
Description: New Infrastructure for K8s agents status notifications.
Known limitations: N/A
Affected Components: NOTIFICATIONS
Compliance Engine - 15:00 UTC
Type: Bug Fix
Description: Infra Improvement.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE API
Compliance Engine - 15:00 UTC
Type: Bug Fix
Description: Fixed internal issues that caused assessment failures on the following entities: AWS ELB, AWS EcsService.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE API
Azure Data Fetchers - 12:30 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
GCP Image - 12:00 UTC
Type: Improvement
Case ID: DFR-613
Description: Added support for GCP Image in the compliance engine:
GSL Examples:
Ensure that Image has a sha235 key encryption:
Image should not have imageEncryptionKey.sha256 isEmpty()
Ensure that Image has a kms encryption:
Image should not have imageEncryptionKey.kmsKeyName isEmpty()
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
GCP Redis - 12:00 UTC
Type: Improvement
Case ID: DFR-613
Description: Added support for GCP Redis in the compliance engine:
GSL Examples:
Ensure that Redis tier is equal 'STANDARD_HA':
Redis should have tier='STANDARD_HA'
Ensure that Redis is utilizing a valid configuration:
Redis should not have redisConfigs isEmpty()
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS GCP
AWS Athena Work Group - 12:00 UTC
Type: Improvement
Case ID: DFR-613
Description: Added support for AWS Athena Work Group in the compliance engine:
GSL Examples:
Ensure that the settings for the workgroup override client-side settings:
AthenaWorkGroup should have configuration.enforceWorkGroupConfiguration=true
Ensure that AthenaWorkGroup is ecnrypted with 'SSE_KMS':
AthenaWorkGroup should have configuration.resultConfiguration.encryptionConfiguration.encryptionOption='SSE_KMS'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Assessment - Fixed IPV6 conversion on network functions 8:15 UTC
Type: Bug Fix
Case ID: DFT-962
Description: Fixed an issue that caused discrepancies in results when using specific IPV4 ranges on GSL network functions.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
GCP Image - 17:00 UTC
Type: New Entity support
Description: Added support for GCP Image entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS GCP
Azure Data Fetchers - 12:00 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Compliance Rulesets Update - 12:00 UTC
Type: Improvement
Description: The first release of CIS Kubernetes Benchmark v1.6.1 ruleset
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Compliance Rulesets Update - 12:00 UTC
Type: Bug Fix
Description: Rule removal: D9.AZU.NET.29; Rules fixes: D9.AZU.LOG.03, D9.TF.AZU.NET.04, D9.TF.AZU.NET.05, D9.TF.AZU.NET.08, D9.TF.AZU.NET.09, D9.TF.K8S.IAM.25
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Compliance Assessment History Stats - 16:00 UTC
Type: Improvement
Description: Adding Severity breakdown to the assessment history stats.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Rulesets Update - 6:00 UTC
Type: Improvement
Description: Adding new rules to Terraform AWS CIS Foundations ruleset.
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Azure Data Fetchers - 12:30 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Azure Compute Disk - 11:00 UTC
Type: New Entity support
Description: Added support for Azure Compute Disk entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AZURE
Compliance Assessment - Adding Terraform Assessment support - 10:00 UTC
Type: New Feature
Description: Added Terraform assessment support, supporting Terraform version 11 and above.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE TERRAFORM ASSESSMENT
Compliance Rulesets Update - 18:00 UTC
Type: Improvement
Description: Adding new rules to AWS CloudGuard Best Practices ruleset.
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
AWS Athena Work Group - 15:00 UTC
Type: New Entity support
Description: Added support for AWS Athena Work Group entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AWS
GCP Redis - 15:00 UTC
Type: New Entity support
Description: Added support for GCP Redis entity properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS GCP
Compliance Rulesets Update - 14:00 UTC
Type: Bug Fix
Description: Rules removal: D9.AZU.LOG.01, D9.AZU.LOG.07, D9.AZU.LOG.08.
Known limitations: N\A
Affected Components: COMPLIANCE RULESETS
Compliance Engine - GCP Shared VPC support - 8:00 UTC
Type: Improvement
Description: Added GCP shared networks support to the Compliance engine checks.
Known limitations: The Project sharing the network to other projects must be onboarded to the system as well.
Affected Components: COMPLIANCE ENGINE
Log.ic - new anomalies detection for account activity- 17:50 UTC
Type: New Feature
Description: Anomalies detection based on Machine Learning models for account activity.
Added Features:
- console login of users by the user agent and geolocation;
- user API events by geolocation and user agent
- baseline by event name or target type.
Known limitations: N\A
Affected Components: LOG.IC
System notification - Notify when local storage is disabled - 15:30 UTC
Type: Improvement
Description: Added notification when the browser local storage is disabled.
Known limitations: N\A
Affected Components: UI
Status page - Indicator improvement - 15:30 UTC
Type: Improvement
Description: Added status page incident as alert in content.
Known limitations: N\A
Affected Components: UI
Compliance Assessment - Drop Down improvements - 15:30 UTC
Type: Improvement
Description: Improved the drop down selectors on run assessment page.
Known limitations: N\A
Affected Components: UI
Protected Assets - Fixed Navigation Issue - 15:30 UTC
Type: Bug Fix
Description: Fixed an issue that affected routing between asset page to log.ic.
Known limitations: N\A
Affected Components: UI
Azure Log.ic - Fixed Onboarding Text - 15:30 UTC
Type: Bug Fix
Description: Modified text on the Azure Log.ic steps.
Known limitations: N\A
Affected Components: UI
IP Addresses - Fixed exception handling - 15:30 UTC
Type: Bug Fix
Description: Fixed exception handling on specific cases.
Known limitations: N\A
Affected Components: UI
Dashboard - Fixed Gauge widget on no data - 15:30 UTC
Type: Bug Fix
Description: Fixed widget behavior on click and no data.
Known limitations: N\A
Affected Components: UI DASHBOARD
IP Addresses - Fixed exception - 15:30 UTC
Type: Bug Fix
Description: Fixed exception on specific cases.
Known limitations: N\A
Affected Components: UI
Dynamic Access - Fixed filters state - 15:30 UTC
Type: Bug Fix
Description: Fixed the filters state on refresh.
Known limitations: N\A
Affected Components: UI
Terraform Rulesets - Added CLI command line snippet - 15:30 UTC
Type: Improvement
Case ID: DFR-1196
Description: Added CLI snippet to copy paste easily.
Known limitations: N\A
Affected Components: UI
Kubernetes Onboarding - Runtime protection support - 15:30 UTC
Type: Improvement
Case ID: DFR-1193
Description: Added Runtime protection support to the features list
Known limitations: N\A
Affected Components: UI
GSL Builder - Kubernetes Categories - 15:30 UTC
Type: Improvement
Case ID: DFR-1188
Description: Adding Categories grouping to Kubernetes.
Known limitations: N\A
Affected Components: UI
Cloud Accounts - Rebranding as Environments - 15:30 UTC
Type: Improvement
Case ID: DFR-1185
Description: Renaming the cloud accounts to environments.
Known limitations: N\A
Affected Components: UI
Compliance engine - CFT Tab Removal - 15:30 UTC
Type: Improvement
Case ID: DFR-1053, DFR-1056
Description: Removed CFT tab from run assessment, will be possible in the future to run CFT as a platform.
Known limitations: N\A
Affected Components: UI
Compliance Rulesets Update - 10:00 UTC
Type: Improvement
Description: The first release of Terraform Azure CIS Foundations, EKS CloudGuard Best Practices, Kubernetes v.1.14 CloudGuard Best Practices and CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 rulesets. Additionally, we have made changes to existing Azure network rules: D9.AZU.NET.26;D9.AZU.NET.18.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Engine - 17:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - 16:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
AWS Athena - 18:00 UTC
Type: Improvement
Case ID: DFR-830
Description: Added support for AWS Athena Query executions in the compliance engine:
GSL Examples:
Ensure that the Athena associated DB and Catalog are valid:
Athena should not have (queryExecutionContext.catalog isEmpty() or queryExecutionContext.database isEmpty())
Ensure that the Athena execution results are encrypted:
Athena should have (resultConfiguration.encryptionConfiguration.encryptionOption='SSE_KMS' or resultConfiguration.encryptionConfiguration.encryptionOption='SSE_S3')
Known limitations: Query executions are fetched for Primary Work Group.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Azure API Management Service- 18:00 UTC
Type: Improvement
Case ID: DFR-1204
Description: Added support for Azure API Management in the compliance engine:
GSL Examples:
Ensure that the API Management Service holds a specific IP address:
ApiManagementService should have privateIPAddresses contain [ '10.1.0.5']
Ensure that the API Management is associated with a subnet with the 10.1.0.0/26 range:
ApiManagementService should have virtualNetworkConfiguration contain [ getResource('Subnet', subnetResourceId) contain [addressRange = '10.1.0.0/26']]
Known limitations: Identity property returns assigned only if it was created along with the API Management service itself. If added later, it will still return as null.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Azure Data Fetchers - 13:30 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
AWS IAM Access Keys - 13:30 UTC
Type: Improvement
Description: Infra Improvement in fetching system.
Known limitations: N\A
Affected Components: DATA FETCHERS AWS
Compliance Engine - 09:40 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - 13:30 UTC
Type: Bug Fixes
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
AWS WAF Regional and WAF Regional V2- 13:30 UTC
Type: Improvement
Case ID: DFR-1203
Description: Added support for API Gateways property in WAF and WAF V2 compliance model.
In addition, added support for WAF Regional property in API Gateway compliance model.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Azure Data Fetchers - 13:30 UTC
Type: Improvement
Description: Infra Improvement.
Known limitations: N\A
Affected Components: DATA FETCHERS AZURE
Compliance Engine - 09:10 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Notifications - Security Hub Integration fix - 15:00 UTC
Type: Bug Fix
Case ID: DFT-944
Description: Fixed an issue that caused notifications to get access denied from AWS.
Known limitations: N\A
Affected Components: SECURITY HUB
Compliance Engine - 12:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Assessment History API - 07:50 UTC
Type: Improvement
Description: Improve performance of '/AssessmentHistoryV2/LastAssessmentResults' API.
Known limitations: N\A
Affected Components: API
New toolbar action design- 14:30 UTC
Type: Improvement
Description: Redesign action toolbar for security group, user management and role management pages .
Known limitations: N/A.
Affected Components: UI
404 Page - 14:30 UTC
Type: Improvement
Description: Redesign for 404 page
Known limitations: N/A.
Affected Components: UI
Azure On Boarding - 14:30 UTC
Type: Update
Case ID: DFR-912
Description: Updated Azure on boarding instructions
Known limitations: N/A.
Affected Components: ON BOARDING
Kubernetes On Boarding - 14:30 UTC
Type: Update
Case ID: DFR-912
Description: Updated Kubernetes on boarding instructions
Known limitations: N/A.
Affected Components: ON BOARDING
New Data Centers - 14:30 UTC
Type: Improvement
Case ID: DFR-1139
Description: Added two new data centers for login - Europe (EU) and asia pacific (AP)
Known limitations: N/A.
Affected Components: LOGIN
Compliance Engine - AWS Personalize - 13:40 UTC
Type: Improvement
Case ID: DFR-834
Description: Added support for AWS Personalize in the compliance engine:
GSL Examples:
Ensure AWS Personalize data encryption is active:
Personalize should not have kmsKeyArn isEmpty()
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - AWS Translation Terminology- 13:40 UTC
Type: New Entity
Description: Added support for AWS Translation Terminology in the compliance engine.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - AWS Translate - 13:40 UTC
Type: New Entity
Case ID: DFR-835
Description: Added support for AWS Translate in the compliance engine:
GSL Examples:
Ensure translation jobs status is not failed:
TranslationJob should not have jobStatus='FAILED'- Ensure translation jobs has associated terminology: TranslationJob should not have terminologyNames isEmpty()
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - AWS Transcribe Medical - 13:40 UTC
Type: New Entity
Description: Added support for AWS Transcribe Medical in the compliance engine.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - AWS Transcribe - 13:40 UTC
Type: New Entity
Case ID: DFR-832
Description: Added support for AWS Transcribe in the compliance engine:
GSL Examples:
TranscribeJob should have 'wav' media format:
TranscribeJob should have mediaFormat='wav'- TranscribeJob should have up to 5 speaker labels defined: TranscribeJob should have settings.maxSpeakerLabels<=5
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - Internal improvements 10:00 UTC
Type: Improvement
Description: Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE API
Data fetching services - 9:30 UTC
Type: Improvement
Description: Change internal configuration for performance improvements.
Known limitations: N\A
Affected Components: ALL DATA FETCHING COMPONENTS COMPLIANCE ENGINE
Compliance Engine - Webhook 12:00 UTC
Type: Bug fix
Description: Fixed a bug that affected the Webhook tester feature.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Single Sign On - Improved JIT support - 9:30 UTC
Type: Improvement
Case ID: DFT-910
Description: Improved Just in time provisioning for many group members and roles.
Known limitations: N\A
Affected Components: SSO
Compliance Engine - 9:30 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - Azure Activity Logs - 13:00 UTC
Type: Improvement
Case ID: DFR-877
Description: Added support for Azure Activity Log Alert Rules and Diagnostic Settings in the compliance engine:
- New entity called 'ActivityLogMonitor' contains Activity Log Diagnostic Settings and aggregated information of Activity Log Alert Rules operations.
- New entity called 'ActivityLogAlertRule' contains specific information about each Activity Log Alert Rule in the subscription.
GSL Examples:
Ensure the Storage Container storing the Activity Logs is not publicly accessible:
'ActivityLogMonitor should not have diagnosticSettings contain [ storageContainer.properties.publicAccess isEmpty()=false and storageContainer.properties.publicAccess!='None' ]'
Ensure that Activity Log Alert exists for Create or Update Network Security Group:
'ActivityLogMonitor should have alertRuleOperations contain-any [$ in ('microsoft.network/networksecuritygroups/write', 'microsoft.network/networksecuritygroups/all', 'all') ]'
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
AWS SnsTopic - Policy statement fix - 10:00 UTC
Type: Bug Fix
Case ID: DFT-884
Description: Fixed a bug that affected the policy statements principal.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
AWS Transcribe Job and Transcribe Medical Job - 16:30 UTC
Type: New Entity support
Description: Added support for AWS Transcribe Job and AWS Transcribe Medical Job entities properties.
Known limitations: Entity is not available in compliance engine and protected assets page.
Affected Components: DATA FETCHERS AWS
Exclusions and Remediation - New Infrastructure - 16:30 UTC
Type: Improvement
Description: Added a new Infrastructure for exclusions and remediation next version.
Known limitations: N/A.
Affected Components: API EXCLUSIONS REMEDIATION
Azure Activity Logs - 08:00 UTC
Type: Improvement
Case ID: DFR-1162
Description: Added a new Infrastructure to fetch Azure Activity Logs.
Known limitations: Will be used in later releases to optimize data fetching mechanism for Azure entities.
Affected Components: DATA FETCHERS AZURE
Create Execution - 23:00 UTC
Type: Bug
Description: DFT-934 - Unable to create exclusion fix
Known limitations: N/A
Affected Components: COMPLIANCE
Protected Asset - AWS WAF Regional V2 - 17:00 UTC
Type: Improvement
Description: Added support for AWS WAF Regional V2 entity in protected assets.
Known limitations: N/A
Affected Components: UI COMPLIANCE
New Mobile Application Version - 20:10 UTC
Type: Improvement
Description: New mobile version for iOS with region selection.
Known limitations: N/A.
Affected Components: MOBILE
New CloudGuard Chrome Extension - 20:10 UTC
Type: Improvement
Description: New chrome extension with support for regions selection.
Known limitations: N/A.
Affected Components: EXTENTION
Dashboard- minor improvements- 20:10 UTC
Type: Improvement
Description: sections not displayed on no data and collapse by defaults improvements.
Known limitations: N/A.
Affected Components: UI DASHBOARD
Menu - Loader improvement- 20:10 UTC
Type: Improvement
Description: When navigating the user can click on the internal menu without waiting that the page will finish loading.
Known limitations: N/A.
Affected Components: UI
Alerts - Entity links improvement- 20:10 UTC
Type: Improvement
Description: Links improvement for open on the same tab.
Known limitations: N/A.
Affected Components: UI
Compliance Notifications - Bug fix- 20:10 UTC
Type: Bug Fix
Case ID: DFT-890
Description: Fixed an issue that reverted the day to Sunday on Japanese language.
Known limitations: N/A.
Affected Components: UI
Posture management - export fix- 20:10 UTC
Type: Bug Fix
Case ID: DFT-881
Description: Fixed export issue.
Known limitations: N/A.
Affected Components: UI
Cloud accounts - Kubernetes status alignments - 20:10 UTC
Type: Improvement
Description: Aligned Kuberenetes accounts status to the other platforms.
Known limitations: N/A.
Affected Components: UI CLOUD ACCOUNTS
Compliance notifications - Filtering support - 20:10 UTC
Type: Improvement
Description: Added filter capability to the compliance Immediate notifications.
Known limitations: Not supported on Scheduled reports..
Affected Components: UI COMPLIANCE NOTIFICATIONS
Kubernetes onboarding - instructions updates - 20:10 UTC
Type: Improvement
Description: Instructions update.
Known limitations: N/A.
Affected Components: UI
Service Account page - 20:10 UTC
Type: New Feature
Description: Added support service accounts API keys.
Known limitations: N/A.
Affected Components: UI
AWS WAF Regional V2 - 17:45 UTC
Type: New Entity support
Description: Added support for AWS WAF Regional V2 entity properties.
Known limitations: Not Supported on protected assets yet.
Affected Components: DATA FETCHERS AWS
Azure Virtual Network - Compliance Engine - 15:00 UTC
Type: Improvement
Case ID: DFR-956
Description: Added support for Service and Private Endpoints properties.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
AWS ECS - Compliance Engine - 13:30 UTC
Type: Improvement
Description: Removed unused properties from AWS ECS entities: EcsCluster, EcsService, EcsTask.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE API
Compliance Rulesets Update - 15:55 UTC
Type: Improvement
Description: First release of the AWS NIST 800-171 and Azure NIST 800-171 rulesets. As part of this release we have added 7 new rules across various services in AWS. Additionally we have made changes to existing rules, a complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure - remove account through API using Subscription ID - 17:30 UTC
Type: Improvement
Case ID: DFR-1167
Description: Account can be removed through API call using Subscription ID.
Known limitations: N/A.
Affected Components: ACCOUNT API
Notifications - Scheduled report day option fix - 18:52 UTC
Type: Bug fix
Case ID: DFT-890
Description: Fixed the time selection on Japanese language.
Known limitations: N/A.
Affected Components: NOTIFICATIONS UI
Managed list - Permissions save option fix - 18:52 UTC
Type: Bug fix
Case ID: DFT-908
Description: Fixed the save option visibility according to permissions.
Known limitations: N/A.
Affected Components: MANAGED LIST UI
Protected assets - Export report by asset type fix - 12:13 UTC
Type: Bug fix
Case ID: DFT-923
Description: Fixed broken links while downloading report.
Known limitations: N/A.
Affected Components: PROTECTED ASSETS UI
Protected assets - Alerts on asset page fix - 11:47 UTC
Type: Bug fix
Case ID: DFT-896
Description: Fixed alerts view when navigating between assets.
Known limitations: N/A.
Affected Components: PROTECTED ASSETS UI
Compliance Engine - 7:30 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N\A
Affected Components: COMPLIANCE ENGINE
Azure Function App - 11:30 UTC
Type: Improvement
Description: Added additional fields to Azure Function App entity.
Known limitations: Environment variables fetching demand additional permissions for Website Contributor role.
Affected Components: DATA FETCHERS AZURE API
Azure Private Endpoints - 14:00 UTC
Type: Improvement
Description: Added Azure Private Endpoints entity
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release as a part of Azure Virtual Network entity.
Affected Components: DATA FETCHERS AZURE
ServiceNow App - 13:40 UTC
Type: Improvement
Description: Dome9 ServiceNow App supports Orlando version in the ServiceNow store: https://store.servicenow.com/sn_appstore_store.do#!/store/application/659f0e251b3eb30071e463d07e4bcbd9/1.1.0
Known limitations: N/A
Affected Components: N/A
Kubernetes Account Page - 21:10 UTC
Type: Improvement
Description: Selecting a kubernetes account via the Cloud Accounts page will display the new kubernetes page where you are able to enable / disable agent features.
Known limitations: N/A.
Affected Components: KUBERNETES
Alerts/Account/Policy Rules Pages Redesign Toolbar - 21:10 UTC
Type: Improvement
Description: New action toolbar for alerts menu items, account page and policy rules.
Known limitations: N/A.
Affected Components: ALERTS ACCOUNT
Cloud Inventory CSV Export - 21:10 UTC
Type: Feature
Description: You can now export all your cloud accounts into a CSV file
Known limitations: N/A.
Affected Components: ACCOUNTS
Security Group Alerts Page Link - 21:10 UTC
Type: Bug
Description: Fixed link from security group page to alerts page
Known limitations: N/A.
Affected Components: SECURITY GROUPS
Widget Title Double Click - 21:10 UTC
Type: Bug
Description: Double clicking the widget title will now open the widget settings modal
Known limitations: N/A.
Affected Components: DASHBOARD
Compliance GSL Engine - 10:19 UTC
Type: Improvement
Description: Improved GSL performance.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
Compliance Engine - Change internal configuration - 13:30 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE API
Compliance Engine - GSL - 12:50 UTC
Type: Improvement
Description: Improved GSL to be more efficient.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
Compliance Engine - Azure Virtual Network Gateway - 12:30 UTC
Type: Improvement
Case ID: DFR-540
Description: Added support for Azure Virtual Network Gateway entity in the compliance engine.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
Compliance Engine - AWS IAM Users Access Keys - 15:30 UTC
Type: Improvement
Case ID: DFT-877
Description: Added AWS IAM Users Access Keys data in compliance.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Azure Function App - 15:30 UTC
Type: Improvement
Description: Added related Functions and Environment variables information for Azure Function App.
Known limitations: Environment variables fetching demand additional permissions for Website Contributor role.
Affected Components: DATA FETCHERS AZURE
Compliance Engine - Azure SQL DB & SQL Server Advanced Security Settings- 15:30 UTC
Type: Improvement
Case ID: DFT-897
Description: Display accurate data on the SQL DB in relation to the SQL Server settings.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Support Private and Service endpoints properties for Azure Subnet - 14:30 UTC
Type: Improvement
Description: Added Private and Service endpoints properties for Azure Subnet entity as enrichment
Known limitations: Infra only
Affected Components: DATA FETCHERS AZURE
AWS Translation Job and AWS Translation Terminology - 14:30 UTC
Type: Improvement
Description: Added AWS Translation Jobs and AWS Translation Terminology entities
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components: DATA FETCHERS AWS
Azure Virtual Network Gateway - 12:30 UTC
Type: Improvement
Description: Added Azure Virtual Network Gateway entity
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components: DATA FETCHERS AZURE
Compliance Engine - 11:00 UTC
Type: Improvement
Description: Adding GSL Functionality
Known limitations: N/A.
Affected Components: COMPLIANCE CORE
Compliance Engine - 14:00 UTC
Type: Improvement
Description: Internal improvements.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE COMPLIANCE INTEGRATIONS
Compliance Engine - 12:00 UTC
Type: Improvement
Description: Adding step scaling to components.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE
Service Account - API support - 15:00 UTC
Type: New Feature
Case ID: DFR-520
Description: Added internal support for service accounts.
Known limitations: Not visible on UI yet.
Affected Components: API
Compliance Engine - AWS RDS - 14:00 UTC
Type: Improvement
Description: Added sync status information for AWS RDS option groups and parameter groups.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - AWS Step Function - 07:30 UTC
Type: Improvement
Case ID: DFR-640
Description: Added AWS Step Function State Machine support in the Compliance Engine.
GSL Examples:
Ensure that AWS Step Function State Machine should have logs configured:
'StepFunctionStateMachine should have loggingConfiguration.level!='OFF''
Ensure that AWS Step Function State Machine of type Express should have their definition json string be shorter than 1000 chars:
'StepFunctionStateMachine where machineType='EXPRESS' should not have definition length()>1000'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - AWS System Manager - 07:30 UTC
Type: Improvement
Case ID: DFR-809
Description: Added AWS System Manager Parameter support in the Compliance Engine.
GSL Examples:
Ensure that SystemManagerParameter includes x,y,z policies
'SystemManagerParameter should not have policies contain-all ['policyType:ExpirationNotification' and 'policyType:Expiration' and 'policyType: NoChangeNotification']'
Ensure that SystemManagerParameter is of tier 'Advanced'
'SystemManagerParameter should have tier = 'Advanced''
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - AWS Glue - 07:30 UTC
Type: Improvement
Case ID: DFR-829
Description: Added AWS Glue Security Configuration support in the Compliance Engine.
GSL Examples:
Ensure that at-rest encryption is enabled when writing Amazon Glue logs to CloudWatch Logs.
'GlueSecurityConfiguration should not have encryptionConfiguration.cloudWatchEncryption.cloudWatchEncryptionMode = 'DISABLED''
Ensure that Amazon Glue enforce data-at-rest encryption using KMS CMKs.
'GlueSecurityConfiguration should not have (encryptionConfiguration.s3Encryption with [ s3EncryptionMode='DISABLED' ] or encryptionConfiguration.cloudWatchEncryption.cloudWatchEncryptionMode='DISABLED' or encryptionConfiguration.jobBookmarksEncryption.jobBookmarksEncryptionMode='DISABLED')'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - AWS MQ Broker- 07:30 UTC
Type: Improvement
Case ID: DFR-981
Description: Added AWS MQ Broker support in the Compliance Engine.
GSL Examples:
Ensure that AWS MQ brokers have the Auto Minor Version Upgrade feature enabled:
'MqBroker should have autoMinorVersionUpgrade=true'
Ensure that AWS MQ brokers are using the active/standby deployment mode:
'MqBroker should have (deploymentMode like '%ACTIVE%' or deploymentMode like '%STANDBY%')'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - AWS Transfer - 07:30 UTC
Type: Improvement
Case ID: DFR-463
Description: Added AWS Transfer support in the Compliance Engine.
GSL Example:
- Ensure that AWS Transfer is not public:
'Transfer should not have endpointType='PUBLIC'
- Ensure that AWS Transfer should not support FTP protocol:
'Transfer should not have (protocols contain-any [ $ in ('FTP')] )])'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - AWS ECR Repository - 07:30 UTC
Type: Improvement
Description: Added support for AWS ECR Repository entity in the compliance engine.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
Compliance Engine - Azure SQL Managed Instance - 07:30 UTC
Type: Improvement
Case ID: DFR-807
Description: Added support for Azure SQL Managed Instance entity in the compliance engine.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
Compliance Engine - 07:30 UTC
Type: Bug Fix
Description: Fixed internal issue that caused assessment failures on AWS EcsService entity.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE API
ShiftLeft - New Menu Item - 16:00 UTC
Type: New Feature
Description: New ShiftLeft menu item feature
Known limitations: N/A
Affected Components: SHIFTLEFT
Compliance Engine - AWS RDS - 15:10 UTC
Type: Improvement
Case ID: DFR-707, DFR-997
Description: Added additional properties for AWS RDS in the compliance engine: engineVersion, optionGroups, parameterGroups.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Engine - Azure Key Vault - 14:30 UTC
Type: Improvement
Case ID: DFR-381
Description: Added additional properties for Azure Key Vault in the compliance engine: enablePurgeProtection, networkAcls, privateEndpointConnections.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Compliance Engine - Azure NSG Flow Logs - 14:20 UTC
Type: Improvement
Case ID: DFR-422
Description: Added support for Azure NSG Flow Logs in the compliance engine:
- Added property to Azure NetworkSecurityGroup entity called nsgFlowLog. Holds Flow Log information in case it is enabled.
- New entity called NsgFlowLog. Holds all enabled Flow Logs in the subscription.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE
Authentication - Internal Configuration Change - 16:20 UTC
Type: Internal Improvement
Description: Configuration change to support multi region applications.
Known limitations: N/A
Affected Components: AUTHENTICATION
Email notification configuration SAVE button fix - 15:12 UTC
Type: Bug
Description: When checking and then unchecking an option - the SAVE button is enabled and wasn't rolled back.
Known limitations: N/A
Affected Components: UI
Azure Function App Asset - 15:12 UTC
Type: Improvement
Description: Added dedicated details asset page
Known limitations: N/A
Affected Components: PROTECTED ASSETS
Internal
UI - infrastructure improvement - 15:12 UTC
Type: Improvement
Description: Added internal component for UI - currently not in use yet.
Known limitations: N/A
Affected Components: NONE
Compliance Engine Internal Configuration Change - 9:05 UTC
Type: Internal Improvement
Description: Improved Error handling.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE API
Azure Onboarding - 7:24 UTC
Type: Improvement
Description: Minor changes to Azure onboarding.
Known limitations: N/A
Affected Components: UI
UI - toobarl change - 7:24 UTC
Type: Improvement
Description: Protected assets and managed list - Toolbar improvement.
Known limitations: N/A
Affected Components: UI
UI - tool tips text changes - 7:24 UTC
Type: Minor Improvement
Description: Added several tool tips.
Known limitations: N/A
Affected Components: DASHBOARDS
Dashboard - Fixed scrolling issue - 7:24 UTC
Type: Minor fix
Description: Fixed scrolling when adding dashboard widget.
Known limitations: N/A
Affected Components: DASHBOARDS
Dashboard - Added new default dashboards - 7:24 UTC
Type: Improvement
Description: New default dashboards for AWS, Azure, GCP, Serverless.
Known limitations: N/A
Affected Components: DASHBOARDS
Serverless - Permissions fix - 6:00 UTC
Type: Bug fix
Description: Fixing an issue that did not allocated OU permissions to lambda functions.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE
AWS Step Functions entity - 13:30 UTC
Type: Improvement
Case ID: DFR-640
Description: Added AWS Step Functions entity (State Machines)
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components: DATA FETCHERS AWS
Compliance Engine - 11:00 UTC
Type: Improvement
Description: Adding step scaling to components.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE
AWS Systems Manager entity - 13:30 UTC
Type: Improvement
Case ID: DFR-809
Description: Added AWS Systems Manager entity (SSM)
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components: DATA FETCHERS AWS
AWS Transfer entity - 13:30 UTC
Type: Improvement
Case ID: DFR-463
Description: Added AWS Transfer entity
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components: DATA FETCHERS AWS
Compliance Engine - 12:00 UTC
Type: Improvement
Description: Bug Fix
Known limitations: N/A.
Affected Components: COMPLIANCE CORE SERVERLESS
Compliance Engine - 10:00 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A.
Affected Components: COMPLIANCE CORE
AWS ECR Repository - 17:00 UTC
Type: Improvement
Description: Added a new Data Fetcher to fetch AWS ECR repositories.
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components: DATA FETCHERS AWS
Support AWS Regions - Cape Town and Milan - 17:00 UTC
Type: Improvement
Description: Added Support for AWS Cape Town and Milan regions.
Known limitations: N/A
Affected Components: API DATA FETCHERS AWS COMPLIANCE ENGINE
Internal Configuration Change in Compliance Core - 14:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE CORE
Generic List broken save button fix - 10:40 UTC
Type: Bug fix
Case ID: DFT-899
Description: Fix an issue when save button was not enabled for generic list edit mode.
Known limitations: N/A
Affected Components: UI
AWS MQ Service entity - 12:30 UTC
Type: Improvement
Case ID: DFR-981
Description: Added AWS MQ Service entity
Known limitations: Infra only
Affected Components: DATA FETCHERS AWS
Azure NSG Network Assets Stats- 12:00 UTC
Type: Improvement
Case ID: DFR-995
Description: Support network interfaces count in NSG network assets stats
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE ENGINE
Compliance Engine Internal Configuration Change - 11:57 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: API
AWS Onboarding - permissions update - 11:47 UTC
Type: Improvement
Description: Removed actions that are now included on the AWS SecurityAudit policy and adding new permissions for new supported entities on the read only policy,
Known limitations: N/A
Affected Components: UI
AWS Cognito User and Identity Pools - 14:00 UTC
Type: Improvement
Case ID: DFR-475
Description: Added AWS Cognito User and Identity Pools support in the compliance engine
GSL Examples:
- Cognito user pool password strength must be defined as X,Y,Z
- CognitoUserPool should have (userPoolType.policies.passwordPolicy.requireLowercase=true and userPoolType.policies.passwordPolicy.requireNumbers=true and userPoolType.policies.passwordPolicy.requireSymbols=true)
- Cognito user pool temporary passwords set by administrators should expire after n days if not used.
- CognitoUserPool should have userPoolType.policies.passwordPolicy.temporaryPasswordValidityDays<=3
- Cognito user pool settings for multi-factor authentication (MFA) must be enabled
- CognitoUserPool should have userPoolType.mfaConfiguration='ON'
- Cognito user pool advanced security must be enabled and block High Risk user authentications.
- CognitoUserPool should have (userPoolType.userPoolAddOns.advancedSecurityMode='ENFORCED') and (riskConfiguration.accountTakeoverRiskConfiguration.actions.highAction.eventAction= 'BLOCK')
- No additions to Cognito user pool advanced security IP address exception whitelist / blacklist
- CognitoUserPool should have (riskConfiguration.riskExceptionConfiguration.blockedIPRangeList isEmpty() and riskConfiguration.riskExceptionConfiguration.skippedIPRangeList isEmpty()
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
AWS WorkSpaces - 14:00 UTC
Type: Improvement
Case ID: DFR-299
Description: Added AWS WorkSpaces support in the Compliance Engine.
GSL Example:
- Ensure that AWS WorkSpace is associated with an AWS Directory Service of type ‘AD Connector’:
'Workspace should have workspaceDirectory.directoryType like 'AD_CONNECTOR''
- Ensure that AWS WorkSpace Directory 'Reconnect Enabled' option is disabled:
'Workspace should have workspaceDirectory.workspaceClientProperties.reconnectEnabled='DISABLED''
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
Support Permission Boundary Policies sub-model for IAMUser and IAMRole entities - 13:30 UTC
Type: Improvement
Case ID: DFR-709
Description: Added Permission Boundary Policies enrichment for IAMUser and IAMRole entities
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
Support AWS Glue - 16:30 UTC
Type: Improvement
Case ID: DFR-829
Description: Added AWS Glue entity
Known limitations: Infra only
Affected Components: DATA FETCHERS AWS
API Internal Configuration Change - 15:25 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: API
Log.ic. -New quick filters to AWS and Dome9 events- 7:30 UTC
Type: Improvement
Description: NA
Known limitations: NA
Affected Components: LOG.IC
Azure SQL Managed Instance - 13:00 UTC
Type: Improvement
Description: Added a new Data Fetcher to fetch Azure SQL Managed Instances.
Known limitations: Entity is not available in compliance engine and protected assets page. Will be available at later release.
Affected Components: DATA FETCHERS AZURE
Support AWS NAT Gateways - 17:00 UTC
Type: Improvement
Case ID: DFR-744
Description: Added AWS NAT Gateways entity
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE PROTECTED ASSETS
Support AWS RDS DB Snapshots - 17:00 UTC
Type: Improvement
Case ID: DFR-291
Description: Added AWS RDS DB Snapshots entity
Known limitations: Basic, without enrichments.
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE PROTECTED ASSETS
Support AWS Cognito User and Identity Pools - 17:00 UTC
Type: Improvement
Case ID: DFR-475
Description: Added AWS Cognito User and Identity Pools entities
Known limitations: Infra only
Affected Components: DATA FETCHERS AWS
Entity inspect expand by level - 5:00 UTC
Type: New Feature
Description: Adding a new dropdown for select a predefined levels to expand.
Known limitations: N/A.
Affected Components: UI
Notifications - Google Security Command Center Integration - 5:00 UTC
Type: New Feature
Description: Open the integration for all customers.
Known limitations: N/A.
Affected Components: UI
Notifications - Google Security Command Center Integration - 5:00 UTC
Type: New Feature
Description: Open the integration for all customers.
Known limitations: N/A.
Affected Components: UI
Page not found (404) UI changes - 5:00 UTC
Type: Improvement
Description: Minor UI changes.
Known limitations: N/A.
Affected Components: UI
Remediation creation modal bug fix - 5:00 UTC
Type: Bug fix
Case ID: DFR-875
Description: Fix an issue which preventing from saving custom bots with '-' char.
Known limitations: N/A.
Affected Components: UI
Protected Asset - Adding new fields to export CSV report - 5:00 UTC
Type: Improvement
Description: Exports of Protected Assets for EC2 instances now include additional fields.
The export CSV file will include fields for the OS Platform and the AWS Image Id.
These new fields will appear in each record, before the tag fields.
Known limitations: N/A.
Affected Components: UI
Log.ic - New widget for Flow Logs traffic trend- 5:00 UTC
Type: New Feature
Description: New widgets that show bytes per hour
Known limitations: Support only AWS Flow Logs; soon will support K8S Flow Logs.
Affected Components: LOG.IC
Log.ic - schedule report - 22:00 UTC
Type: New Feature
Description: A schedule report for alerts of network and events activity.
Known limitations: Summary and Detail reports are the same.
Affected Components: LOG.IC
Internal Configuration Change in Compliance Core - 14:35 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE CORE API
Kubernetes bug fix - 15:40 UTC
Type: Bug fix
Case ID: DFT-859
Description: Change Kubernetes entities' 'AccountNumber' field to represent CloudGuard's Kubernetes cluster ID instead of CloudGuard's Account ID.
Known limitations: N/A
Affected Components: COMPLIANCE CORE
Compliance engine fix - Lists calculation on network functions - 15:25 UTC
Type: Bug fix
Case ID: DFT-856
Description: Fix an issue when Generic and IP Lists not calculated correct in some of the GSL network function.
Known limitations: N/A
Affected Components: COMPLIANCE CORE API
Internal Configuration Change in Compliance Core - 12:35 UTC
Type: Improvement
Description: API
Known limitations: N/A
Affected Components: COMPLIANCE CORE API
CSV Export Infra - 09:00 UTC
Type: Improvement
Description: Internal change.
Known limitations: N/A
Affected Components: API
Compliance Rulesets Update - 15:55 UTC
Type: Improvement
Description: First release of the Terraform AWS CIS Foundations for static assessment of your cloud workloads. As part of this ruleset we have added 20 new rules across various services in AWS. Additionally we have made changes to existing rules, a complete list can be found here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Internal Configuration Change in API Project - 12:44 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: API
Internal Configuration Change in AWS Inspector - 11:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Support AWS CloudTrail tags - 10:00 UTC
Type: Improvement
Case ID: DFT-824
Description: Added Tags support for AWS CloudTrail entity
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
Support AWS Elastic IP tags - 10:00 UTC
Type: Improvement
Case ID: DFT-824
Description: Added Tags support for AWS Elastic IP entity
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
AWS S3 Bucket - Object Level Logging - 10:00 UTC
Type: Bug Fix
Description: Fixed an issue with AWS S3 Bucket Compliance Entity. Bad handling of the bucket Prefix field in Cloud Trail Data Events, caused the value of Object Level Logging to be false.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE API
User List - 16:00 UTC
Type: Bug
Description: A user that was added is not displayed in the users list fix.
Known limitations: N/A
Affected Components: USER MANAGEMENT
Posture Management Pages Redesign - 16:00 UTC
Type: Improvement
Description: All sub menu pages for Posture Management buttons have been redesigned
Known limitations: N/A
Affected Components: POSTURE MANAGEMENT
Dashboard Widget Scroll - 16:00 UTC
Type: Improvement
Description: Now will show a scroll for a widget only when hovering the widget
Known limitations: N/A
Affected Components: DASHBOARD
Compliance Engine Internal Configuration Change - 10:12 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE CORE API
Support Route53 Domain, Hosted Zone and Recordset Group Tags - 08:30 UTC
Type: Improvement
Case ID: DFT-824
Description: Added support for Tags to Route53 Domain, Hosted Zone and Recordset Group entities
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
New multi Trend Widget - 09:30 UTC
Type: Improvement
Description: Added new dashboard widget with multi trend line options
Known limitations: N/A.
Affected Components: DASHBOARD
AWS Access Analyzer - 11:30 UTC
Type: Improvement
Description:
- Added AWS Access Analyzer Integration into the Compliance Engine.
- AWS Access Analyzers are now part of the 'Region' entity and are listed under the 'accessAnalyzers' field.
- Supported AWS entities includes a new field called 'accessAnalyzerFindingCount' which holds the amount of Active findings for the entity.
- Findings count is supported for the following entities: IamRole, S3Bucket, Lambda, KMS, Sqs.
- IamRole findings are distinct across regions to avoid finding duplication.
GSL Example:
- Ensure that AWS Access Analyzer is enabled on region:
'Region should have accessAnalyzers contain [ status='ACTIVE' ]'
- Ensure that AWS IAM Roles does not have active findings:
'IamRole should not have accessAnalyzerFindingCount>0'
Known limitations:
- Only Account level Analyzers and Findings are fetched. Organization Analyzers are not supported.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Continuous Compliance fix - 18:50 UTC
Type: Bug fix
Description: Fixing an issue that caused the system to skip accounts using special configuration.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE
Support AWS ECS Task Tags - 09:30 UTC
Type: Improvement
Case ID: DFT-824
Description: Added Tags support for AWS ECS Task entity
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
Dome9 Icon Replacement - 16:00 UTC
Type: Bug
Description: Replacing old Dome9 icons with CloudGuard icons
Known limitations: N/A.
Affected Components: BRAND
IP List - 16:00 UTC
Type: Bug Fixes
Description: Multiple bug fixes within the new IP List page:
- Invalid value field marked in red
- Clone ip list
- Create new ip list from assign modal
- Security Group link to the new ip list
- New ip list autofocus
Known limitations: N/A.
Affected Components: IP LIST
Compliance Engine - 15:00 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A.
Affected Components: COMPLIANCE CORE API
Azure Security Groups Management Infrastructure Improvement- 13:30 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components: AZURE SECURITY GROUP MANAGEMENT API
Protected Assets - Index Azure VM operating system - 06:30 UTC
Type: Improvement
Description: Index Azure VM operating system
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE PROTECTED ASSETS
Protected Assets - Index AWS EC2 Instance platform - 13:30 UTC
Type: Improvement
Description: Index AWS EC2 instance platform
Known limitations: N/A
Affected Components: DATA FETCHERS AWS PROTECTED ASSETS
Compliance Engine - 13:00 UTC
Type: Bug Fix
Description: Fixed internal issues that caused assessment failures on the following entities: AWS IamUser, AWS EcsService, GCP IamUser.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE API
segregated
AWS Security Group - Can't Add DNS For A New Service - 17:55 UTC
Type: Bug Fix
Case ID: DFT-839
Description: Fix for an issue when adding a new service, can't add DNS.
Known limitations: N/A
Affected Components: UI
Integration Infrastructure - Internal Configuration Change - 13:30 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Compliance SNS Notification - Reduce Payload Size - 16:30 UTC
Type: Improvement
Case ID: DFT-839
Description: SNS supported messages up to 256kb, we issued a fix to reduce large entities which prevented from sending.
Known limitations: N/A
Affected Components: COMPLIACNE INTEGRATION
Pie Widget Update - 16:00 UTC
Type: Improvement
Description: Changes to the Pie widget legend and tooltip
Known limitations: N/A
Affected Components: DASHBOARD
Serverless Menu Item - 16:00 UTC
Type: Feature
Description: Lambda code scan is now available under Serverless menu item
Known limitations: N/A
Affected Components: SERVERLESS
Dashboard Sections Styling - 16:00 UTC
Type: Improvement
Description: We made changes to the dashboard sections styling as we emphasize the borders between widgets
Known limitations: N/A
Affected Components: DASHBOARD
HTTP Endpoint Integration - Internal Configuration Change - 08:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
New Security Group view - 10:00 UTC
Type: Improvement
Description: The design has changed to be the same as the default view.
Known limitations: N/A
Affected Components: SECURITY GROUP MANAGEMENT
Add events and traffic activity to the Security Group view - 10:00 UTC
Type: Improvement
Description: New tabs for event and accounts activity.
Known limitations: N/A
Affected Components: SECURITY GROUP MANAGEMENT LOG.IC
Add events and traffic activity to the NIC and VPC views - 10:00 UTC
Type: Improvement
Description: New tabs for event and accounts activity.
Known limitations: N/A
Affected Components: PROTECTED ASSETS LOG.IC
Ticketing System Integration - Internal Configuration Change - 11:50 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Console Alert - Internal Configuration Change - 11:50 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Console Alert - Internal Configuration Change - 11:50 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
GCP Security Command Center - Internal Configuration Change - 12:30 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
HTTP End Point Integration - Internal Configuration Change - 14:10 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Security Hub Integration - Internal Configuration Change - 14:10 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Compliance Engine - Azure VMSSInstance - 11:30 UTC
Type: Bug Fix
Description: Fixed an internal issue with Azure VMSSInstance entity.
Known limitations: N/A.
Affected Components: COMPLIANCE CORE API
Network Security - IPV6 Security Groups - 11:30 UTC
Type: Improvement
Description:
- Added IP Lists support for IPv6 Security Groups.
- Added Tags Management support for IPv6 Security Groups.
Known limitations: N/A.
Affected Components: AWS SECURITY GROUP MANAGEMENT
Compliance Notifier - Internal Configuration Change - 19:45 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Slack Integration - Internal Configuration Change - 19:40 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
HTTP Endpoint Integration - Internal Configuration Change - 19:30 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
PREVIEW
AWS SageMaker Training Job - 14:20 UTC
Type: Bug Fix
Description: Disabling tags support due to performance issues.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Text Filter Italic Text Fix - 15:40 UTC
Type: Bug
Description: When searching free text in the filter panel the text was talic for a short time
Known limitations: N/A
Affected Components: FILTER PANEL
Combo Box Keyboard Support - 15:40 UTC
Type: Improvement
Description: We have added common keyboard keys support to our combo box (such as enter, escape etc)
Known limitations: N/A
Affected Components: COMPONENTS
Home Dashboard Updated - 15:40 UTC
Type: Improvement
Description: We have updated the predefined home dashboard
Known limitations: N/A
Affected Components: DASHBOARD
HTTP Endpoint Notification - Support self-signed certificates selection test button - 09:40 UTC
Type: Improvement
Description: Endpoint test button support the new checkbox for allowing self-signed certificates.
Known limitations: N/A
Affected Components: HTTP ENDPOINT UI
HTTP Endpoint Notification - Allow self-signed certificates for HTTP Endpoint notifications - 13:40 UTC
Type: Improvement
Description: Added checkbox for allowing self-signed certificates for HTTP Endpoint notifications.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS API UI
Compliance Engine Internal Configuration Change - 07:20 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE CORE API
Removed Alerts/Protected Assets/Log.ic/Overview Dashboard - 16:25 UTC
Type: Improvements
Description: Dashboard from the above pages migrated to main home dashboard.
Known limitations: N/A
Affected Components: DASHBOARD
Dashboard Sections - 16:25 UTC
Type: Improvements
Description: Added widgets sections to dashboard
Known limitations: N/A
Affected Components: DASHBOARD
Cloud Account Page Actions Buttons - 16:25 UTC
Type: Bug
Description: Fixed an issue that buttons are clickable only when hovering the buttons text
Known limitations: N/A
Affected Components: CLOUD ACCOUNTS
Kubernetes Account Rename - 16:25 UTC
Type: Bug
Case ID: DFT-803
Description: Fixed renaming kubernetes account name
Known limitations: N/A
Affected Components: KUBERNETES
IE11 Rename Cloud Account - 16:25 UTC
Type: Bug
Case ID: DFT-8
Description: Fixed renaming cloud account name on ie11
Known limitations: N/A
Affected Components: CLOUD ACCOUNT
Tags support for AWS VPC Endpoint entity - 14:25 UTC
Type: Improvements
Case ID: DFT-824
Description: Added Tags support for AWS VPC Endpoint entity
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Tags support for AWS EKS Cluster entity - 14:25 UTC
Type: Improvements
Case ID: DFT-824
Description: Added Tags support for AWS EKS Cluster entity
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Performance improvements for OU permissions - 14:25 UTC
Type: Bug Fix and improvements
Case ID: DFT-798, DFT-832
Description: Fixing several components that caused latency on cloud accounts, security groups and protected assets pages.
Known limitations: N/A
Affected Components: API CLOUD ACCOUNT PAGE SECURITY GROUPS PAGE SECURITY GROUPS PAGE
AWS KMS - several bug fixes - 05:00 UTC
Type: Bug Fix
Case ID: DFT-843, DFT-838
Description: Fixing several components with redeploy.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Compliance Scheduled Assessment Report Internal Configuration Change - 14:22 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: SCHEDULED ASSESSMENT REPORT
AWS S3 Bucket - 14:30 UTC
Type: Bug
Description: Fixed an issue with AWS S3 buckets fetching on optional regions.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Assets Billing Infra Improvement - 12:15 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components: API
Compliance Engine Internal Configuration Change - 12:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE CORE API
Cloud Account Page - 15:00 UTC
Type: Improvement
Description: DFR-1013 hiding serverless and iam safety from non AWS accounts
Known limitations: N/A
Affected Components: CLOUD ACCOUNTS
PREVIEW
Home Dashboard - Infrastructure Preparation for section feature - 16:00 UTC
Type: Improvement
Description: Infrastructure improvements for section separation support within the Dashboard.
Known limitations: N/A
Affected Components: API UI
API Internal Configuration Change - 7:45 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: API
Protected Asset Detail Page - 16:35 UTC
Type: Improvement
Description: Asset details page load each tab on request for performance
Affected Components: PROTECTED ASSETS
Dashboard And Serverless Icons - 16:35 UTC
Type: Improvement
Description: Menu icons updated for Dashboard and Serverless
Affected Components: MENU
Save Favorite Filter - 16:35 UTC
Type: Bug
Description: Save favorite filter button showed the wrong text
Affected Components: FILTER PANEL
Added Azure Bots - 16:35 UTC
Type: Improvement
Description: Azure bots added to the uI
Affected Components: CLOUDBOTS
On boarding AWS in Japanese - 16:35 UTC
Type: Bug
Description: The Japanese instruction for AWS onboarding shows one section in HTML syntax
Affected Components: ONBOARDING
CVE External Link - 16:35 UTC
Type: Improvement
Description: Within the alerts page each CVE has a link to an external link for the CVE definition
Affected Components: ALERTS
AWS DynamoDb Table Tags - 15:30 UTC
Type: Improvement
Description: Added support for AWS DynamoDb Table Tags.
Known limitations: Need to add "dynamodb:ListTagsOfResource" permission to Dome9 read only policy.
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
AWS S3 Bucket Account Public Access Block - 15:30 UTC
Type: Improvement
Description:
- Added support for AWS S3 Bucket Account Public Access Block.
GSL Example:
- Ensure that AWS S3 Bucket block public ACLs is enabled at the account level or at the Bucket level:
'S3Bucket should have ( accountAccessPublicBlock.blockPublicAcls=true or accessPublicBlock.blockPublicAcls=true )'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
PREVIEW
AWS SageMaker Training Job - 14:00 UTC
Type: Improvement
Description:
- Added support for AWS SageMaker Training Job entity.
GSL Example:
- Ensure that AWS SageMaker Training Job Network Isolation is enabled:
'SageMakerTrainingJob should have enableNetworkIsolation=true'
- Ensure that AWS SageMaker Training Job Inter Container Traffic Encryption is enabled:
'SageMakerTrainingJob should have enableInterContainerTrafficEncryption=true'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Remediation - Add new Azure bots to the predefined list - 12:15 UTC
Type: Improvement
Description: Add the following bots (please find the full documentation here):
modify_network_security_group_scope_by_port
postgres_enable_connection_throttling
postgres_enable_log_connections
postgres_enable_log_disconnections
postgres_enable_log_duration
postgres_enable_log_retention_days_7
postgres_enforce_ssl_connection
postgres_enforce_ssl_connection_tls_12
sql_enable_data_encryption
Known limitations: N/A
Affected Components: UI
Protected Asset Page - Improve Performance - 12:15 UTC
Type: Improvement
Description: Improve the Asset Details page loading time.
Known limitations: N/A
Affected Components: UI
Compliance Engine Internal Configuration Change - 11:15 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Compliance Engine Internal Configuration Change - 08:22 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Security Groups In Protected Assets Page - 15:57 UTC
Type: Bug
Description: Protected assets page displayed security groups as asset type
Known limitations: N/A
Affected Components: PROTECTED ASSETS
Added Cloud Infra User Interface - 15:57 UTC
Type: Improvement
Description: Added UI interface for adding users from Cloud Infra
Known limitations: N/A
Affected Components: CLOUD INFRA
Slack Integration Minor UI Changes - 13:57 UTC
Type: Improvement
Description: Icon and some other minor UI changes.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Plan Exceeded - Account Notification - 06:30 UTC
Type: Improvement
Description: Adding usage alert that can be disabled for 30 days.
Known limitations: N/A
Affected Components: UI
AWS EBS Snapshot - 14:00 UTC
Type: Improvement
Description: Added support for AWS EBS Snapshot entity.
GSL Example:
- EbsSnapshot where volumeId in('vol-1234567', 'vol-12351167') should have encrypted='true'
- EbsSnapshot where volumeId in('vol-1234567', 'vol-12351167') should have encryptionKey.isCustomerManaged='true'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance reports Internal Configuration Change - 15:50 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE REPORTS
Azure SQL Server - Added new property - 14:20 UTC
Type: Improvement
Description: Added Deny Public Network Access property.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE
Azure SQL Server - Fixed a typo - 14:20 UTC
Type: Bug fix
Case ID: DFT-118
Description: Added Deny Public Network Access property.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE
Compliance Engine Internal Configuration Change - 08:50 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine Internal Configuration Change - 07:30 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Switch for the new version of Clarity - 08:30 UTC
Type: Improvement
Description: switch for the new version of Clarity (old version has removed).
Known limitations: N/A
Affected Components: CLARITY
Widget Tooltip Overflow - 16:55 UTC
Type: Bug
Description: When hovering an item in Top/Latest widget in some cases the tooltip text overflows the container.
Known limitations: N/A.
Affected Components: DASHBOARD
Kubernetes Image In Protected Assets - 16:55 UTC
Type: Improvement
Case ID: DFR-950
Description: Kubernetes object should show findings in protected assets page
Known limitations: N/A
Affected Components: KUBERNETES
Compliance Rulesets Update - 15:55 UTC
Type: Improvement
Description: First release for AWS CCPA Framework and AWS MAS TRM Framework. We have also added 21 new rules across platforms and additionally we have made changes to existing rules, a complete list can be found here.
A fix for Japanese Rulesets were made as part of the AWS Best Practices Rulesets and AWS Network Alerts.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
API Internal Configuration Change - 12:00 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: API
Improve service normalization in IPV6 security groups - 11:00 UTC
Type: Improvement
Description: Improve service normalization in IPV6 security groups.
Known limitations: N/A.
Affected Components: API AWS NETWORK SECURITY
Support EC2 Instances Export To CSV - 06:45 UTC
Type: Improvement
Description: EC2 instances export to CSV
Known limitations: N/A
Affected Components: API
Compliance Engine Internal Configuration Change - 20:24 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine Internal Configuration Change - 16:48 UTC
Type: Improvement
Description: Change internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Aws SageMaker Notebook Tags - 13:55 UTC
Type: Bug Fix
Case ID: DFT-823
Description: Fixed a bug in SageMaker Notebook data fetcher. Bad handling of Notebook tags caused some accounts to fail on entities fetching.
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
Account Page - Adding AWS Lambda Function to Billable Calculation - 12:45 UTC
Type: Improvement
Description: Billable AWS Lambda functions calculation will take an effect in all page graphs.
Known limitations: N/A
Affected Components: UI
Billable Assets - Adding AWS Lambda Function to Billable Calculation - 08:00 UTC
Type: Improvement
Description: Now all AWS Lambda functions will marked as isBillable:True, the billing will calculated according to the catalog calculation.
Known limitations: N/A
Affected Components: API UI
Logic AWS - write event or protocol on the link between two assets - 11:00 UTC
Type: Improvement
Description: Write on the link between 2 assets the event for Cloudtrail and the protocol for Flow Logs
Known limitations: N/A
Affected Components: LOG.IC
Loading Indicator Replaced - 15:00 UTC
Type: Improvement
Description: While system is loading you will see 3 bouncing dots
Known limitations: N/A
Affected Components: SYSTEM
Dashboard Menu Order Changed - 15:00 UTC
Type: Improvement
Description: Now the add widget action is on top and the 'New' dashboard button text replaced with 'New Dashboard'
Known limitations: N/A
Affected Components: DASHBOARD
Widget Click Opens On The Same Page - 13:00 UTC
Type: Improvement
Description: Clicking on a Widget or System Search will go to relevant page in the same browser tab.
Known limitations: N/A
Affected Components: DASHBOARD
Sync Failures In Assessment Result - 16:00 UTC
Type: Bug Fix
Case ID: DFT-829
Description: Fixed an issue that caused assessment result to indicate about entities sync failures.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Dome9 Icon Replaced With CloudGuard - 18:10 UTC
Type: Improvement
Description: System dome9 icon has been replaced with check point's cloud guard icon.
Affected Components: SYSTEM
Widget Icons - 13:10 UTC
Type: Improvement
Description: Extended the top/latest widget icon support
Known limitations: N/A
Affected Components: DASHBOARD
Widget Preview - 18:10 UTC
Type: Bug Fix
Description: Widget preview with date or free text filter had no effect.
Known limitations: N/A
Affected Components: DASHBOARD
Widget Resize by Drag & Drop - 18:10 UTC
Type: Improvement
Description: Now you can resize your widget by drag and drop via mouse.
Known limitations: Pie chart legend now always displayed after resize
Affected Components: DASHBOARD
Compliance Engine Internal Configuration Change - 13:10 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
AWS Secret Manager - 10:30 UTC
Type: Improvement
Description:
- Added support for AWS Secret Manager entity.
GSL Example:
- Ensure that AWS Secret Manager Secret rotation is enabled:
'SecretManager should have rotationEnabled=true'
- Ensure that AWS Secret Manager Secret rotation interval is smaller than 30 days:
'SecretManager should have rotationRules.automaticallyAfterDays<30'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Slack Integration UI - 17:25 UTC
Type: New Feature
Description: Added the new Slack integration to the Notification's UI.
Known limitations: Preview.
Affected Components: COMPLIANCE INTEGRATIONS
AWS KMS - 13:15 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE
New Feature - Slack Integration - 11:40 UTC
Type: New Feature
Description: Added new integration with Slack for Compliance Policies, this will allow customer to get immediate report for any identified changes.
Known limitations: UI will support later on today.
Affected Components: COMPLIANCE INTEGRATIONS
Compliance Engine Configuration Change - 06:45 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine Internal Configuration Change - 08:20 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS COMPLIANCE CORE API
Add/Edit Widget Preview - 14:06 UTC
Type: Improvement
Description: Now when you add or edit a widget you will see a preview of the result before saving.
Known limitations: N/A
Affected Components: DASHBOARD
API optimization - added new configuration - 12:06 UTC
Type: Improvement
Description: Adding internal configuration.
Known limitations: N/A
Affected Components: API
Azure VM Scale Set Instance- 11:30 UTC
Type: Bug Fix
Case ID: DFT-816
Description: Add missing Public IP Address data for Azure VMSSInstance in compliance model
Known limitations: N/A
Affected Components: COMPLIANCE
Compliance Engine Internal Configuration Change - 10:30 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Azure SQL Server and DB - 15:30 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Compliance Engine Internal Configuration Change - 12:50 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Disabled Permission Validation For Kubernetes - 14:15 UTC
Type: Improvement
Description: Validate permission button is now disabled for kubernetes.
Known limitations: N/A
Affected Components: PERMISSIONS
A Null Cloud Account For Kubernetes Alert - 14:00 UTC
Type: Bug
Description: Expanding a kubernetes alert would give a null value for cloud account field.
Known limitations: N/A
Affected Components: ALERTS
Corrupted Tabs In Protected Assets Page - 14:00 UTC
Type: Bug
Description: When opening multiple tabs in protected assets page they would be corrupted.
Known limitations: N/A
Affected Components: PROTECTED ASSETS
System Search Shortcut Keys Replaced - 14:00 UTC
Type: Improvement
Description: For system search click ALT + /
Known limitations: N/A
Affected Components: SYSTEM
Compliance Engine Internal Configuration Change - 08:15 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: API COMPLIANCE CORE
Logic - integrate account and event activity in protected assets view - 08:00 UTC
Type: New Feature
Description: New tabs in asset scope of account and events activity.
Known limitations: N/A
Affected Components: LOG.IC
Clarity -Bug fixes - 08:00 UTC
Type: Bug
Description: Zoom functionality when entering to Clarity, Load Balancer classification, show details of the link.
Known limitations: N/A
Affected Components: CLARITY
No Scroll On X-Axis On Small Screens Fix - 16:35 UTC
Type: Bug
Description: When viewing filtered table content on small screen it was not possible to see the entire data of the table and a scroll on the x-axis was missing.
Known limitations: N/A
Affected Components: DASHBOARD
Dashboard Top Bar Redesign - 16:35 UTC
Type: Improvement
Description: Top dashboard action bar rearranged
Known limitations: N/A
Affected Components: DASHBOARD
Cross System Search - 16:35 UTC
Type: Improvement
Description: Now you can search cross system by clicking SHIFT + S anywhere in the application.
Known limitations: N/A
Affected Components: COMPONENTS
Compliance Engine Internal Configuration Change - 15:55 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: CONTINUOUS COMPLIANCE
GCP IAM User, Group and Policy - 13:30 UTC
Type: Improvement
Description: GCP IAM user, group and policy are available in protected assets
Known limitations: N/A
Affected Components: PROTECTED ASSETS
Azure VM Scale Set Instance- 12:30 UTC
Type: Improvement
Case ID: DFR-909
Description: Add new compliance model for VMSSInstance and add it to NSG stats
Known limitations: N/A
Affected Components: COMPLIANCE
Compliance Engine Internal Configuration Change - 10:00 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: API CONTINUOUS COMPLIANCE
Logic - added support for Firefox - 10:00 UTC
Type: Improvement
Description: N/A.
Known limitations: N/A
Affected Components: LOG.IC
Compliance Engine Internal Configuration Change - 18:50 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: API
License system integration - 18:00 UTC
Type: Improvement
Description: Some changes in Log.ic eval (trial) licenses.
Known limitations: N/A
Affected Components: API
Kubernetes - Agent status API - 12:00 UTC
Type: New Feature
Description: Added a new API which gets the agent’s status.
Agent status
Is the agent up to date
Creation time
Last communication time
version
Known limitations: NA
Affected Components: API
Logic - Anomaly detection for AWS Flow Logs. Beta - 10:30 UTC
Type: New Feature
Description: A new Ruleset of anomaly detection per port per asset.
Known limitations: NA
Affected Components: LOG.IC
AWS SQS - 08:00 UTC
Type: Improvement
Description: Excluding unsupported regions enrichment
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
AWS Fetching System Improvement - 07:15 UTC
Type: Improvement
Description: Fetch data based on region activity.
Known limitations: Not supported in AWS Security Group
Affected Components: DATA FETCHERS AWS
AWS Fetching System Improvement - 12:30 UTC
Type: Improvement
Description: Fetch data based on region activity.
Known limitations: Not supported in AWS Inspector and Security Group
Affected Components: DATA FETCHERS AWS
License system integration - 11:00 UTC
Type: Improvement
Description: Added support for Log.ic eval (trial) licenses.
Known limitations: N/A
Affected Components: API
Account page - Billable assets fixes - 08:28 UTC
Type: Bug fix
Case ID: DFT-786
Description: Fixing SQL and RDS which were not marked as a billable for some accounts.
Known limitations: N/A
Affected Components: API
Account Permission Validation - Added API - 0740 UTC
Type: Improvement
Description: Added new API to validate cloud account permissions.
Known limitations: N/A
Affected Components: API
Azure SQL Server and DB - 07:30 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE
Compliance Engine Internal Configuration Change - 07:28 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: API COMPLIANCE CORE
Alerts Internal Change - 12:30 UTC
Type: Improvement
Description: Added Internal properties that will be introduced in future new releases.
Known limitations: N/A
Affected Components: COMPLIANCE ALERTS
AWS Fetching System Improvement - 12:20 UTC
Type: Improvement
Description: Fetch data based on region activity.
Known limitations: N/A
Affected Data Fetchers: Elasticsearch, Kinesis Stream and SNS.
Affected Components: DATA FETCHERS AWS
Compliance Engine Internal Configuration Change - 07:28 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: API COMPLIANCE CORE
Kubernetes Dashboard - 16:15 UTC
Type: Improvment
Description: New predefined Kubernetes Dashboard
Known limitations: N/A
Affected Components: DASHBOARD
Association to OU for GCP accounts is corrupted - 14:15 UTC
Type: Bug Fix
Case Id: DFT-814
Description: Association to OU calls hang forever in browser for GCP projects
Known limitations: N/A
Affected Components: CLOUD ACCOUNTS
Populate Private IP for GCP VM Instance - 13:15 UTC
Type: Bug Fix
Case Id: DFT-815
Description: Show GCP VM Instance private IPs in Protected asset page.
Known limitations: N/A
Affected Components: PROTECTED ASSETS
AWS Transit Gateway - 11:10 UTC
Type: Improvement
Description:
- Added support for AWS Transit Gateway entity.
- Added additional property to AWS VPC entity named 'transitGateways'. It includes a list of attached Transit Gateways.
GSL Example:
- Ensure that AWS Transit Gateway route tables does not include static routes:
'TransitGateway should not have transitGatewayRouteTables contain [ routes contain [ type='static' ] ]'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Logic - added support for AWS SAML users- 08:00 UTC
Type: Improvement
Description: Logic separates and identity SAML user identity.
Known limitations: N/A
Affected Components: LOG.IC
Rule Engine Improvement - Adding Infrastructure for new features- 16:00 UTC
Type: Improvement
Description: Added infrastructure for new features on the way.
Known limitations: N/A
Affected Components: RULE ENGINE API
Compliance Integration Internal Configuration Change - 13:59 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Add "Sync Now" support for GCP Firewall Rules- 09:30 UTC
Type: Improvement
Description: GCP Firewall Rules fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components: DATA FETCHERS GCP
K8s Image Rule Engine Improvement - 07:30 UTC
Type: Improvement
Description: Increase internal limitation
Known limitations: N/A
Affected Components: RULE ENGINE
AWS ECS Cluster - 05:30 UTC
Type: Improvement
Description: Fetch data based on region activity
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Add "Sync Now" support for GCP Cloud Network - 15:00 UTC
Type: Improvement
Description: GCP Cloud Network fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components: DATA FETCHERS GCP
AWS SQS - 11:15 UTC
Type: Improvement
Description: Fetch data based on region activity
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
Compliance Engine Internal Configuration Change - 09:22 UTC
Type: Improvement
Description: Change some internal configuration.
Known limitations: N/A
Affected Components: API COMPLIANCE CORE
HTTP Endpoint Integration Improve Monitoring Capabilities - 18:35 UTC
Type: Improvement
Description: Add some metrics to improve the component's monitor capabilities.
Known limitations: N/A
Affected Components: COMPLIANCE HTTP ENDPOINT INTEGRATION
Protected assets - Added AWS ENI private and public IP support - 15:45 UTC
Type: Improvement
Description: Add support for AWS Network interface and their associated IP's on index and on CSV report.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS PROTECTED ASSETS
AWS IAM Users and Roles - 09:15 UTC
Type: Improvement
Description: Add support for AWS IAM user and role tagging in Compliance
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
Summary/Gauge Widget Thresholds - 11:45 UTC
Type: Improvement
Description: New Implementation to Summary and Gauge widgets thresholds
Known limitations: N/A
Affected Components: DASHBOARD
Internal changes for several components - 10:53 UTC
Type: Improvement
Description: Improving internal configuration to reduce dependancies.
Known limitations: N/A
Affected Components: ALL SYSTEM
Azure SQL Server and DB - 16:00 UTC
Type: Improvement
Description: Infra Improvement
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE COMPLIANCE
Default Dashboard Cross System Text Search - 16:00 UTC
Type: Improvement
Description: In your default home dashboard page you can now search free text across multiple pages
Known limitations: N/A
Affected Components: DASHBOARD
Compliance Integrations Internal Configuration Change - 14:50 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS
Fetching System Improvement - 12:00 UTC
Type: Improvement
Description: Performance Improvement
Known limitations: N/A
Affected Components: DATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP
Rule Engine Improvement - 11:00 UTC
Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components: RULE ENGINE
Rule Engine Improvement - 07:05 UTC
Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components: RULE ENGINE
Fetching System Improvement - 17:30 UTC
Type: Improvement
Description: Performance Improvement
Known limitations: N/A
Affected Components: DATA FETCHERS AWS DATA FETCHERS AZURE DATA FETCHERS GCP
Widget Filters To Be Based on Inventory- 16:00 UTC
Type: New Feature
GA: DFR-883
Description: Widgets with Alerts data source are now based on database inventory instead of findings.
Known limitations: N/A
Affected Components: DASHBOARD
AWS Config Settings support in Compliance Engine - 13:00 UTC
Type: Improvement
Description: Added AWS Config Settings entity to Compliance Engine.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Compliance Alert Validate and Fix Internal Configuration Change - 09:55 UTC
Type: Improvement
Description: Internal changes for the compliance alert's machanizem validator.
Known limitations: N/A
Affected Components: COMPLIANCE ALERTS
AWS Organization - Accounts Data Fetcher - 15:00 UTC
Type: Improvement
Description: Increased the maximum amount of accounts for each Organization master account.
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
Intercom - 14:00 UTC
Type: Improvement
Description: Improve throttling errors handling.
Known limitations: N/A.
Affected Components: INTERCOM
Compliance Integrations Internal Configuration Change - 11:53 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS
Azure Users support in Compliance Engine - 11:00 UTC
Type: Improvement
Description: Added Azure User entity to Compliance Engine.
Known limitations:
- To view Azure Users details, Dome9 App Registration should be granted API permissions for Microsoft Graph APIs.
- Admin consent is required to use those APIs:
- 'Directory.Read.All'
- 'Reports.Read.All'
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE API
Rule Engine Improvement - 10:08 UTC
Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components: RULE ENGINE
UI Internal Configuration Change - 07:56 UTC
Type: Bug Fix
Description: Minor change in the UI configuration data.
Known limitations: N/A.
Affected Components: UI
Compliance Rulesets Update - 15:55 UTC
Type: Improvement
Description: As part of the new agent for Kubernetes , we have added 6 new rules based on RBAC roles to Kubernetes CIS 1.5.1 ruleset, you can find the details here.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
On boarding AWS China account fix - 15:30 UTC
Type: Bug Fix
Case Id: DFT-715
Description: Fixed an issue for handling empty cloud account in China.
Known limitations: N/A.
Affected Components: AWS ON BOARDING
Rule Engine Improvement - 09:33 UTC
Type: Improvement
Description: Improve scaling
Known limitations: N/A.
Affected Components: RULE ENGINE
AWS SQS and SNS - 06:30 UTC
Type: Bug Fix
Description: Fix SQS and SNS Key mapping in compliance model
Known limitations: N/A.
Affected Components: RULE ENGINE
Wrong Asset Types Widget Filters - 16:35 UTC
Type: Bug
Description: When adding a widget with Protected Assets as the data source - the Asset Type filter would show wrong asset type values.
Known limitations: N/A.
Affected Components: DASHBOARD
Add Widget Modal Style - 16:35 UTC
Type: Improvement
Description: Add widget modal style changes
Known limitations: N/A.
Affected Components: DASHBOARD
Compliance Integrations Internal Configuration Change - 14:35 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS
AWS Organization support in Compliance Engine - 14:00 UTC
Type: Improvement
Description: Added AWS Organization and Account entities to Compliance Engine.
Known limitations: AWS Organization information is visible only for the Organization master account.
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Fetching System Improvement - 13:45 UTC
Type: Improvement
Description: Performance improvement
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
Logic now supports the new versions of AWS Flow Logs - 08:00 UTC
Type: New Feature
Description: Customers can on-board the new version of AWS Flow Logs.
Known limitations: N/A.
Affected Components: LOG.IC
Dashboard Loading By Name In URL - 16:13 UTC
Type: Improvement
Description: You can now select a dashboard to be loaded by name query param.
Known limitations: N/A.
Affected Components: DASHBOARD
Dashboard Trend Widget - 16:13 UTC
Type: Change
Description: Currently it is not possible to create a trend widget with compliance type of organisation unit.
Known limitations: N/A.
Affected Components: DASHBOARD
On boarding AWS China account fix - 13:10 UTC
Type: Bug Fix
Case Id: DFT-715
Description: Fixed an issue for handling empty cloud account.
Known limitations: N/A.
Affected Components: AWS ON BOARDING
Internal Configuration Change - 11:42 UTC
Type: Improvement
Description: Internal changes for email handling components.
Known limitations: N/A.
Affected Components: EMAIL CONFIGURATION
Logic Widgets - Query cross AWS cloud accounts - 08:10 UTC
Type: Improvement
Description: We added an ability to select all cloud accounts when defining a new widget.
Known limitations: N/A.
Affected Components: LOG.IC
Compliance Integrations Internal Configuration Change - 10:28 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS
Compliance Integrations Internal Configuration Change - 06:18 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS API SCHEDULED REPORT
AWS SQS - 15:30 UTC
Type: Improvement
Description: Support all SQS Key types in KMS assets stats compliance model
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS RULE ENGINE
Network Security - security group page fix - 13:30 UTC
Type: Bug fix
Case ID: DFT-792
Description: fixing a race condition when presenting read only security groups.
Known limitations: N/A.
Affected Components: API NETWORK SECURITY
Compliance Integrations Internal Configuration Change - 07:00 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS API SCHEDULED REPORT
Compliance Integrations Internal Configuration Change - 07:00 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS API SCHEDULED REPORT
Compliance Rulesets Update - 15:55 UTC
Type: Improvement
Description: First release of Japanese Rulesets
AWS
AWS Dome9 FISC
[日本語]AWS Dome9 Network Alerts
[日本語]AWS Dome9 Best Practices
[日本語]AWS HIPAA
[日本語]AWS Dome9 S3 Bucket Security
[日本語]AWS CIS Foundations v. 1.1.0
[日本語]AWS NIST 800-53 Rev 4 (FedRAMP)
[日本語]AWS GDPR Readiness
[日本語]AWS CSA CCM v.3.0.1
[日本語]AWS ISO 27001:2013
Azure
[日本語]Azure Dome9 Network Alerts
[日本語]Azure Dome9 Best Practices
[日本語]Azure CIS Foundations v. 1.0.0
[日本語]Azure PCI-DSS 3.2
[日本語]Azure NIST 800-53 Rev 4 (FedRAMP)
[日本語]Azure GDPR Readiness
[日本語]Azure CSA CCM v.3.0.1
GCP
[日本語]GCP Dome9 Network Alerts
[日本語]GCP Dome9 Best Practices
[日本語]GCP CIS Foundations v. 1.0.0
[日本語]GCP PCI-DSS 3.2
[日本語]GCP NIST 800-53 Rev 4 (FedRAMP)
[日本語]GCP CSA CCM v.3.0.1
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Rulesets Update - 15:55 UTC
Type: Improvement
Description: First release of CIS Kubernetes Benchmark v1.5.0 and Azure CSA CCM v.3.0.1. We have also added new rules and made changes to existing rules, a detailed description along with rule IDs can be found here.
CASE ID :
DFT-592
DFT-442
DFT-563
DFT-727
DFT-740
DFT-661
DFT-748
DFT-732
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Azure App Services - 15:15 UTC
Type: Improvement
Description: Added support for Azure Web App and Function App entities.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AZURE API
Dashboard Widget By Severity - 13:30 UTC
Type: Improvement
Description: Creating a widget by severity aggregation will show the same color as within the Alerts page
Known limitations: N/A.
Affected Components: DASHBOARD
Dashboard Widget Drag & Drop - 13:30 UTC
Type: Improvement
Description: Improved the look and feel of dragging and sorting widgets across a dashboard.
Known limitations: N/A.
Affected Components: DASHBOARD
SNS Notification Integration Improve Error Handling - 14:03 UTC
Type: Improvement
Description: Improve internal error handling.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
AWS SNS - 15:00 UTC
Type: New Entity
Description: Added support for AWS SNS entity.
GSL Example:
Ensure Amazon SNS topics enforce Server-Side Encryption (SSE):
'SnsTopic should not have cryptoKey.keyId isEmpty()'
Need to add "sns:ListTagsForResource" permission to Dome9 read only policy.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
GSL Builder - Adding isEmpty() Function Selection for Objects - 14:45 UTC
Type: Improvement
Case ID: DFR-875
Description: Properties with type of Object can use isEmpty() function as part of the builder flow.
Known limitations: N/A
Affected Components: UI
Cloud Account Page Improve Loading Time - 11:54 UTC
Type: Improvement
Description: Improve page loading time by changing some usage of APIs and split some processes to async.
Known limitations: N/A
Affected Components: UI
Beta for the new version of Clarity - 07:30 UTC
Type: Improvement
Description: We release the beta version of Clarity, with new graph technology and performance improvement.
Known limitations: N/A.
Affected Components: CLARITY
Dashboard Combo Box Search Freezes The Page - 15:48 UTC
Type: Bug
Description: Case ID: DFT-775
Known limitations: N/A.
Affected Components: DASHBOARD
Compliance Integrations Internal Configuration Change - 15:48 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS
AWS SQS - 13:30 UTC
Type: Improvement
Description: Add properties - MaximumMessageSize and DelaySeconds to compliance model.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS RULE ENGINE
Compliance Alert Validate and Fix - Internal Configuration Change - 11:23 UTC
Type: Improvement
Description: Internal configuration change in the mechanism which find and fix Compliance Alert.
Known limitations: N/A
Affected Components: COMPLIANCE ALERTS
ACM Certificates - 15:15 UTC
Type: Bug Fix
Case ID: DOME-14077
Description: Mishandling of permission issues for listing certificate tags.
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
Internal Configuration Change - 11:22 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: API AWS SECURITY GROUP MANAGEMENT
AWS Security Integration - Archive Resolved Findings - 10:45 UTC
Type: Bug Fix
Case ID: DOME-13464
Description: Fix an issue for some of the resolved findings not marked as archive in Security Hub portal.
Known limitations: N/A.
Affected Components: SECURITY HUB INTEGRATION
ACM Certificates - 15:30 UTC
Type: Improvement
Description: Improving data fetcher to include certificates from all key types.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS
AWS SQS Rule Entity Fix - 12:30 UTC
Type: Bug fix
Case ID: DOME-14054
Description: Fix mapping cryptoKey issue in compliance model.
Known limitations: N/A
Affected Components: RULE ENGINE
GCP KMS - 08:00 UTC
Type: Improvement
Description: Improve error handling including throttling exceptions.
Known limitations: N/A.
Affected Components: DATA FETCHERS GCP
AWS Log Groups- 08:00 UTC
Type: Improvement
Description: Improve permissions issues handling.
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS
Azure fetching system upgrade - 16:00 UTC
Type: Improvement
Description: Upgrading several Azure API components.
Known limitations: N/A.
Affected Components: DATA FETCHERS AZURE API AZURE NETWORK SECURITY COMPLIANCE INTEGRATION
Alerts/Protected Assets/SecurityGroups Pages Loading Improvement - 19:37 UTC
Type: Improvement
Description: Improve the loading time for the pages above.
Known limitations: N/A.
Affected Components: UI
Rule Engine Improve Error Handling - 07:45 UTC
Type: Improvement
Description: Improve internal error handling for some functions.
Known limitations: N/A.
Affected Components: RULE ENGINE
Compliance Integrations Internal Configuration Change - 14:35 UTC
Type: Improvement
Description: Internal changes for several components.
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATIONS
Organizational Unit API - 18:15 UTC
Type: Improvement
Description: Improve the API performance for large customers.
Known limitations: N/A.
Affected Components: API
AWS SQS - 17:00 UTC
Type: Improvement
Description: Added support for AWS SQS entity.
GSL Example:
- Ensure Amazon SQS queues enforce Server-Side Encryption (SSE):
'Sqs should not have cryptoKey.keyId isEmpty()'
- Ensure there is a Dead Letter Queue configured for each Amazon SQS queue:
'Sqs should not have redrivePolicy.deadLetterTargetArn isEmpty()'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
AWS EKS Cluster - 15:30 UTC
Type: Improvement
Description: Added support for AWS EKS Cluster entity.
GSL Examples:
- Ensure that AWS EKS Cluster endpoint access is not public:
'EksCluster should have resourcesVpcConfig.endpointPublicAccess=false'
- Ensure that AWS EKS Cluster control plane logging is enabled:
'EksCluster should have logging.clusterLogging with [ enabled=true ]'
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE DATA FETCHERS AWS
Token error handling - 11:10 UTC
Type: Bug fix
Case ID: MAG-202
Description: Fixed the way we deal with error handling from invalid tokens.
Known limitations: N/A.
Affected Components: INFRASTRUCTURE
Logic Account Activity - New implementation for event tracking with the token - 21:00 UTC
Type: New Feature
Description: We added a new enrichment to the event, we are now able to determine the initiator of the action in case of assume role
Known limitations: N/A.
Affected Components: LOG.IC
New Dashboard Widgets - 20:16 UTC
Type: Improvement
Description: Added two new widgets: Trend Change Summary and Trend Line With Change Summary.
Known limitations: N/A.
Affected Components: DASHBOARD
Favorite Dashboard Tag On Sub Menu - 20:16 UTC
Type: Bug fix
Description: Deleting a dashboard that was also marked as favorite now is also removed from sub menu.
Known limitations: N/A.
Affected Components: DASHBOARD
AWS Credentials validation optimization - 9:28 UTC
Type: Improvement
Description: Modified the validation behavior to behave according to the protection mode.
Known limitations: N/A.
Affected Components: API
Early Availability
Notification - Adding HTTP Endpoint Integration for QRadar - 18:25 UTC
Type: Improvement
Description: QRadar integration in EA.
Known limitations: Requires IBM Qradar Application (under development).
Affected Components: COMPLIANCE INTEGRATION UI
Notification - Adding Sumologic HTTP Endpoint Integration - 18:25 UTC
Type: Improvement
Description: Sumologic type will be send the first level of the finding's entity tree (Sumologic support up to 64kb per finding).
Known limitations: N/A.
Affected Components: COMPLIANCE INTEGRATION UI
Logic - Move custom and predefined queries to be on the same line with the main filter of Logic - 13:30 UTC
Type: Improvement
Description: Move custom and predefined queries list to be on the same line in the main filter of Logic under the Queries button.
Known limitations: N/A.
Affected Components: LOG.IC
Bug Fix Compliance Policy Organizational Unit Sub Unit Deletion - 11:40 UTC
Type: Bug Fix
Case ID: DOME-13965
Description: Fix issue for Compliance Policy associated to a deleted sub Organizational Unit without parent.
Known limitations: N/A.
Affected Components: API
Internal Configuration Change - 10:45 UTC
Type: New Feature
Description: Added minor internal configuration setting.
Known limitations: N/A.
Affected Components: API CONTINUES COMPLIANCE
New Home Dashboard - 15:15 UTC
Type: New Feature
Description: We have added a new menu item called 'Dashboards' where you can see an overview of your setup and build custom dashboards.
Known limitations: N/A.
Affected Components: DASHBOARDS
New Feature - Generic List - 16:10 UTC
Type: New Feature
Description: Added generic list support on compliance engine, this will allow customer to create lists and use compliance rules to check their content.
Known limitations: N/A.
Affected Components: UI
Logic - add translation from Quick Filters to GSL - 12:45 UTC
Type: Improvement
Description: Now the Quick filters in Logic are part of the GSL.
Known limitations: N/A.
Affected Components: LOG.IC
Compliance OU Trend API - 15:45 UTC
Type: Improvement
Description: Improve the query logic for faster response.
Known limitations: N/A.
Affected Components: API
Serverless - CI/CD Frameworks and Deployment Pages - 20:37 UTC
Type: New Feature
Description: Enable you to add cloudguard’s solutions (Proact & FSP) into your CI/CD infrastructure
Known limitations: N/A.
Affected Components: SERVERLESS
IAM Protection - 20:37 UTC
Type: Bug fix
Description: Some cases of flicking IAM account page.
Known limitations: N/A.
Affected Components: IAM
AWS fetching system upgrade - 17:58 UTC
Type: Improvement
Description: Upgrading several AWS API components.
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS API AWS NETWORK SECURITY SCHEDULED ASSESSMENT COMPLIANCE INTEGRATION
Home Dashboard and Protected Asset Performance Improvement - 10:20 UTC
Type: Improvement
Description: Improve the UI using with some APIs for better performance.
Known limitations: N/A.
Affected Components: UI
Home Dashboard - Adding Mark for Compliance Result Missing Permission or Sync Issue - 10:20 UTC
Type: Improvement
Description: Now for any Compliance Result that have may affected by missing permission or sync issue will mark with relevant icon.
Known limitations: N/A.
Affected Components: UI
CloudGuard Dome9 is now integrated with Tenable.io - 10:20 UTC
Type: Improvement
Description: CloudGuard Dome9 is a unique Cloud Security Posture Management Platform that allows you to ingest information about your cloud environment, query it with our unique GSL (Governance Specification Language) and help your company to focus on high fidelity alerts about your cloud environment.
Known limitations: N/A.
Affected Components: UI
Rule Engine GSL IPV6 support - 07:10 UTC
Type: Improvement
Description: GSL network functions - adding IPV6 support.
Known limitations: N/A.
Affected Components: RULE ENGINE GSL
OU kubernetes support - 17:20 UTC
Type: Improvement
Description: Adding support with OU filter for Kubernetes Clusters.
Known limitations: N/A.
Affected Components: UI API
GCP Data fetchers optimizations - 13:41 UTC
Type: Improvement
Description:Minor optimizations for GCP data fetchers.
Known limitations: N/A.
Affected Components: DATA FETCHERS GCP
AWS Additional Regions Network Management Support - Hong Kong and Bahrain - 11:20 UTC
Type: Improvement
Description: Added Network management Support for AWS Hong Kong and Bahrain regions in Compliance Engine.
Known limitations: N/A.
Affected Components: UI API DATA FETCHERS AWS
Scheduled Assessment Report and Immediate Email Notification Adding Missing Permission Indication - 08:20 UTC
Type: Improvement
Description: Added an indication of missing permission or data sync issue in Compliance Result to the Scheduled Report and the Immediate Email notifications.
Known limitations: N/A.
Affected Components: IMMEDIATE EMAIL NOTIFICATION DATA FETCHERS AWS
Logic - AWS Cloudtrail orgnization on-boarding - 07:00 UTC
Type: New Feature
Description:
- Add the option to on-board Cloudtrail organization.
Known limitations: N/A.
Affected Components: LOG.IC
AWS compliance engine builders optimizations - 6:00 UTC
Type: Improvement
Description: Improved the assessments entity builders for AWS ECS, ELB, EC2, KMS, ALB, Sagemaker and security groups.
Known limitations: N/A.
Affected Components: RULE ENGINE DATA FETCHERS AWS
Dashboard Performance Improvements - 12:15 UTC
Type: Improvement
Description:
- Optimising server calls
Known limitations: N/A.
Affected Components: DASHBOARD
Azure Policy Assignment Improvements - 12:15 UTC
Type: Improvement
Description:
- Added default values for Azure Policy Assignment parameters.
- New data fetcher added to get Azure Policy Definitions.
Known limitations: N/A.
Affected Components: RULE ENGINE API DATA FETCHERS AZURE
Cloud Account API Performance Improvements - 12:05 UTC
Type: Improvement
Description: Improve Cloud Accounts APIs for UI usage.
Known limitations: N/A.
Affected Components: API UI
GCP Cloud Pub/Sub - 08:15 UTC
Type: Improvement
Description: Improve GCP Pub/Sub fetching infrastructure.
Known limitations: N/A.
Affected Components: DATA FETCHERS GCP
Rule Engine Improvement - 19:55 UTC
Type: Improvement
Description: Improve logic on Instance rules assessments for large accounts.
Known limitations: N/A.
Affected Components: RULE ENGINE COMPLIANCE CORE
Compliance Assessment History Result Page - Optimization for Large Assessment - 19:55 UTC
Type: Improvement
Description: Optimized the returned result for large assessment history items.
Known limitations: N/A.
Affected Components: UI
Log.ic - Adding infrastructure for Azure - 14:00 UTC
Type: Improvement
Description: Adding infrastructure for Azure support.
Known limitations: N/A.
Affected Components: LOG.IC
AWS Marketplace improvements - 7:40 UTC
Type: Improvement
Description: Adding some fixes to the marketplace flow.
Known limitations: N/A.
Affected Components: AWS MARKETPLACE SERVICE
Clarity - minor improvements - 15:00 UTC
Type: Improvement
Description: Adding more improvements for the new clarity version.
Known limitations: N/A.
Affected Components: UI
AWS Marketplace improvements - 12:10 UTC
Type: Improvement
Description: Adding some improvements to the marketplace flow.
Known limitations: N/A.
Affected Components: AWS MARKETPLACE SERVICE
Network security - New infrastructure to support IPV6 security groups - 17:00 UTC
Type: Improvement
Description: Adding some components that will support IPV6 services in AWS security groups.
Known limitations: N/A.
Affected Components: UI
Compliance Assessment History - 14:20 UTC
Type: Improvement
Description: Adding warning mark for any assessment results suffering from missing permissions or any data sync issues.
Known limitations: N/A.
Affected Components: UI
Log.ic - on-boarding per ENI or subnet - 16:00 UTC
Type: Improvement
Description: A new option to on-board a specific ENI or Subnet.
Known limitations: N/A.
Affected Components: LOG.IC
Network security - New infrastructure to support IPV6 security groups - 12:00 UTC
Type: Improvement
Description: A new infrastructure that will support IPv6 services in AWS security groups
Known limitations: N/A.
Affected Components: AWS SECURITY GROUP MANAGEMENT
Log.ic - New alerts infrastructure - 12:00 UTC
Type: Improvment
Description: A new infrastructure for the custom alerts of Logic, reduce significantly the delay of the alerts.
Known limitations: N/A.
Affected Components: LOG.IC
Additional Severity Level Add-on - 21:12 UTC
Type: New Feature
Description: Support the new additional severity level 'Informational' and 'Critical' in the UI.
Known limitations: N/A.
Affected Components: UI
SecurityHub Integration - Change Finding's Severity - 09:50 UTC
Type: Improvement
Description: According to SecurityHub change we are now sending Finding's Severity will be send as it in Dome9 .
Known limitations: N/A.
Affected Components: SECURITY HUB INTEGRATION
Additional Severity Level Add-on - 09:50 UTC
Type: New Feature
Description: We have added two new additional severity level to the system: 'Informational' and 'Critical.
Known limitations: UI will support the following later on today, Dome9 compliance rule will be modified in the near future.
Affected Components: API SCHEDULED ASSESSMENT COMPLIANCE INTEGRATIONS
AWS fetching system upgrade - 16:12 UTC
Type: Improvement
Description: Upgrading several AWS API components.
Known limitations: N/A.
Affected Components: DATA FETCHERS AWS API AWS NETWORK SECURITY SCHEDULED ASSESSMENT COMPLIANCE INTEGRATION
Logic - Enrichment for Identity, Target, and Source in AWS Cloudtrail- 13:30 UTC
Type: Improvement
Description: Enriched Cloudtrail data with Dome9 metadata and Checkpoint Malicious information.
Known limitations: N/A.
Affected Components: LOG.IC
GSL support for Lists Optimization - 06:55 UTC
Type: Improvement
Description: Optimazied the work in the Assessment run flow.
Known limitations: N/A.
Affected Components: COMPLIANCE ENGINE
Compliance Alert Validate and Fix - 14:23 UTC
Type: Improvement
Description: We deployed a new machanizem which find and fix Compliance Alert. The component will run on a daily basis and will make sure all the shown alerts are valid.
Known limitations: N/A
Affected Components: COMPLIANCE ALERTS
AWS KMS - Added ability to check if KMS key is in use - 09:55 UTC
Type: Improvement
Case ID: DFR-782
Description: Added more properties to track unattached KMS keys.
GSL Example: KMS where name != 'default' should not have KMSAssetstats contain-all [ count = 0 ]
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Custom statistic charts for Log.ic Network Activity - 20:55 UTC
Type: New Feature
Description: New dashboards in Network Activity with customization tool.
Known limitations: N/A
Affected Components: LOG.IC
Compliance Rulesets Update - 15:55 UTC
Type: Improvement
Description: First release of the Azure Dome9 Network Security Ruleset. In addition we have also created the GCP HIPAA Ruleset to fulfill healthcare compliance needs in the GCP platform.
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Compliance Engine Improvement - 15:55 UTC
Type: Improvement
Description: Improvement of internal scale capabilities in order to reduce run duration time.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Compliance Engine Improvement - 13:40 UTC
Type: Improvement
Description: Improvement of internal scale capabilities in order to reduce run duration time.
Known limitations: N/A
Affected Components: RULE ENGINE
Scheduled Assessment Report Monitor enhance - 13:30 UTC
Type: Improvement
Description: Enhance internal monitor capabilities for the Report mechanism.
Known limitations: N/A
Affected Components: SCHEDULED ASSESSMENT REPORT
GCP Cloud Pub/Sub - 15:15 UTC
Type: New Feature
Description: Added GCP Cloud Pub/Sub entity support.
Known limitations: N/A
Affected Components: DATA FETCHERS GCP COMPLIANCE ENGINE API UI
Add "Sync Now" support for GCP Subnets - 15:15 UTC
Type: Improvement
Description: Now GCP Subnet Fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components: DATA FETCHERS GCP
Internal Configuration Changes - 17:13 UTC
Type: Improvement
Description: Changing some of the component's configurations for internal purposes.
Known limitations: N/A
Affected Components: FETCHERS
Compliance Engine Improvement - 12:50 UTC
Type: Improvement
Description: Improvement of internal scale capabilities in order to reduce run duration time.
Known limitations: N/A
Affected Components: RULE ENGINE COMPLIANCE INTEGRATION SCHEDULED ASSESSMENT
Azure Kubernetes Cluster Rule Entity Fix - 12:50 UTC
Type: Bug fix
Case ID: DOME-13621
Description: Fix mapping issue in compliance model.
Known limitations: N/A
Affected Components: RULE ENGINE
Added NACL property for attached / unattached - 12:30 UTC
Type: Improvement
Description: Added NACL property for checking if the NACL in use, in addition Added ability to track subnets via NACLs.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Scheduled Assessment Report Bug Fix - 15:55 UTC
Type: Bug fix
Case ID: DOME-13609
Description: Fix and issue which send multiple reports for some user in OU aggregation.
Known limitations: N/A.
Affected Components: SCHEDULED ASSESSMENT REPORT
Added Internal GSL support for Lists - 13:00 UTC
Type: Improvement
Description: Added support to use compliance engine on lists, this will allow customer to create lists and use compliance rules to check their content.
Known limitations: Supported only on the backend, UI will be supported soon.
Affected Components: COMPLIANCE ENGINE UI
Alert and Protected Asset Dashboards - 18:35 UTC
Type: Improvement
Description: Adding a few UI/UX changes and new capabilities such as changing widget size and etc.
Known limitations: N/A
Affected Components: UI
Added support with Azure Kubernetes Cluster - 12:37 UTC
Type: Improvement
Description: Added support with Azure Kubernetes Cluster.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS
Internal Configuration Changes - 15:13 UTC
Type: Improvement
Description: Changing some of the component's configurations for internal purposes.
Known limitations: N/A
Affected Components: CROSS SYSTEM
Menu Permission Enforcement Changes - 14:47 UTC
Type: Improvement
Description: Enforcement optimization of menu items for low permission users in order to scale up application load time.
Known limitations: N/A
Affected Components: UI
IAM Safety API Cloud Account Update - Adding AWS ID Support - 15:50 UTC
Type: Improvement
Description: In order to increase usability we added support for both AWS ID or Dome9 ID.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS IAM SAFETY
Rule Engine Improvement - 08:50 UTC
Type: Improvement
Description: Improve error handling.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Compliance Engine - Optimized components scaling capabilities - 12:42 UTC
Type: Improvement
Description: Improved component scaling capabilities.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Compliance Engine - Network functions optimization - 10:55 UTC
Type: Improvement
Description: We improved those functions calculations to handle cases with partial IP's information hence improving the accuracy .
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Logic on-boarding using S3 - 15:47 UTC
Type: Improvement
Description: Switch on-boarding to pull data from S3 on customer side instead of Cloudwatch
Known limitations: N/A
Affected Components: LOG.IC
Azure Load Balancer Details Page Fix - 12:23 UTC
Type: Bug
Description: When moving to a details page of an Azure load balancer asset an error message would popup are page was redirected to protected assets page.
Known limitations: N/A
Affected Components: AZURE
Filter Group Auto Focus On Search - 12:23 UTC
Type: Improvement
Description: Now when opening a filter category you will be auto focus on the search input.
Known limitations: N/A
Affected Components: FILTER PANEL
Entity Inspector (JSON Viewer) insensitive Search - 12:23 UTC
Type: Improvement
Description: Now entity viewer supports search in case insensitive.
Known limitations: N/A
Affected Components: JSON
Add "Sync Now" support for Azure Subnets - 09:58 UTC
Type: Improvement
Description: Now Azure Subnet Fetching supports "Sync Now" Functionality.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
License system integration - 09:35 UTC
Type: Improvement
Description: Adjust integration configuration.
Known limitations: N/A
Affected Components: API
Internal Configuration Changes - 10:56 UTC
Type: Improvement
Description: Changing some of the component's configurations for internal purposes.
Known limitations: N/A
Affected Components: AWS SECURITY GROUP AUTHENTICATION SERVICE
Compliance Engine Improve Monitoring Capabilities - 15:40 UTC
Type: Improvement
Description: Improve internal monitoring capabilities.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS COMPLIANCE CORE SCHEDULED REPORT
AWS Additional Regions Support - Hong Kong and Bahrain - 13:40 UTC
Type: New Feature
Description: Added Support for AWS Hong Kong and Bahrain regions in Compliance Engine.
Known limitations:
The following limitations are valid only to Hong Kong and Bahrain regions:
- Security Groups statistics in home page and in cloud account page, does not include Security Groups from the new regions.
- Security Group Management is not supported - Read Only mode is allowed.
- Clarity is not supported.
- IP Addresses page does not include IPs from the new regions Security Groups.
- Flow logs are not supported.
Affected Components: UI API DATA FETCHERS AWS
Alerts / Protected Assets Dashboard - 14:08 UTC
Type: Improvement
Description: Now each widget supports self filtering state.
Also styling modifications to pages to match checkpoint style guide.
Known limitations: N/A
Affected Components: DASHBOARD
Bug fix - MSP Average Usage Export to CSV - 14:15 UTC
Type: Bug fix
Case ID: DOME-13476
Description: Fix wrong calculation for some fields.
Known limitations: N/A
Affected Components: UI
Rule Engine Improvement - 12:53 UTC
Type: Improvement
Description: Improve scaling.
Known limitations: N/A
Affected Components: COMPLIANCE CORE RULE ENGINE API
Failed to load application on IE11 bug fix - 21:55 UTC
Type: Bug fix
Case ID: DOME-13470
Description: Fixed an issue that preventing the central application from being loaded on IE11 due to using with unsupported function/method.
Known limitations: N/A
Affected Components: UI
Rule Engine Improvement - 12:55 UTC
Type: Improvement
Description: Improve scaling.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS SCHEDULED ASSESSMENT
Rule Engine Improvement - 14:25 UTC
Type: Improvement
Description: Improve error handling.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS COMPLIANCE CORE API
Sub Menu Hider - 12:49 UTC
Type: New Feature
Description: Now you can collapse/expand the sub menu to get more real estate for your data.
Affected Components: UI/UX
Compliance Print Report For GCP Fix - 13:50 UTC
Type: Bug (DFT-725)
Description: Fixed print of assessment history result for GCP accounts.
Affected Components: COMPLIANCE
PREVIEW
AWS EMR Cluster (ElasticMapReduce) - 11:00 UTC
Type: New Feature
Description: Added AWS EMR Cluster entity support.
Known limitations: Only EMR clusters which are visible to all users are supported.
Affected Components: DATA FETCHERS AWS
License system integration - 09:55 UTC
Type: Improvement
Description: Adjust integration configuration.
Known limitations: N/A
Affected Components: API
AWS KMS - 13:30 UTC
Type: Improvement + Bug Fix
Description:
- Updates to AWS KMS entity fetching mechanism, Improved throttling mechanism to handle rate exceeded calls.
- Fixed an issue with AWS KMS tags and key rotation data in compliance engine.
Known limitations: N/A
Affected Components: DATA FETCHERS AWS COMPLIANCE ENGINE
License system integration - 12:40 UTC
Type: Improvement
Description: Adding support with more license types.
Known limitations: N/A
Affected Components: API
Ruleset API Tune Duplicate Logic Enforcement - 12:40 UTC
Type: Bug Fix
Case ID: DOME-13223
Description: Fix an issue when add/save multiple TRUE/FALSE rules in same ruleset.
Known limitations: N/A
Affected Components: API RULESET
OU Scheduled Assessment CSV Report - Bug Fix - 16:55 UTC
Type: Bug Fix
Case ID: DFT-707
Description: Fix an issue when the OU name was not written in the CSV for some customers.
Known limitations: N/A
Affected Components: SCHEDULED ASSESSMENT REPORT
Azure Analysis Services Server - 13:15 UTC
Type: New Feature
Description:
Added Azure Analysis Services Server entity support:
- New compliance entity called AnalysisServiceServer.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Azure Route Table - 13:15 UTC
Type: New Feature
Description:
Added Azure Route Table entity support:
- New compliance entity called RouteTable.
- Azure Subnet will now contain additional field called routeTableData, which contains the associated route table data.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Compliance Content - Bug fix - 08:50 UTC
Type: Bug fix
Case ID: DOME-13359
Description: We fixed a bug in Azure Load Balancer - An empty value in load balancing rule probe caused assessments failures.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
License system integration upgrade - 16:00 UTC
Type: Improvement
Description: Added integration support for our license system.
Known limitations: N/A
Affected Components: LICENSE SYSTEM
Cloud Accounts CSV - 13:26 UTC
Type: Improvement
Description: Added DOME9 ID column to export CSV file
Known limitations: N/A
Affected Components: CLOUD ACCOUNTS
AWS EC2 Backend Integration Upgrade - 09:00 UTC
Type: Improvement
Description: Upgraded the internal SDK used to communicate with AWS EC2 entities to version 3.3.123.2.
Known limitations: N/A
Affected Components: AWS FETCHING SYSTEM
Filter Panel Styling - 14:52 UTC
Type: Improvement
Description: Updated style
Known limitations: N/A
Affected Components: FILTERS
Protected Assets Dashboard Deep Linking Fix - 14:52 UTC
Type: Bug Fix
Description: Clicking on chart value will now open a new tab with the protected assets page with the correct filters
Known limitations: N/A
Affected Components: FILTERS
Kubernetes On Boarding From Cloud Account - 14:52 UTC
Type: Bug Fix
Description: On board to Kubernetes from cloud account page fixed.
Known limitations: N/A
Affected Components: KUBERNETES
MSP Average Usage Export to CSV - 13:45 UTC
Type: Improvement
Description: Add new ability to export the accounts average usage by date.
Known limitations: N/A
Affected Components: API UI
MSP Portal - 13:45 UTC
Type: Improvement
Description: Some change in the UI style.
Known limitations: N/A
Affected Components: UI
Cloud Security Groups API - 12:45 UTC
Type: Bug Fix
Case ID: DOME-13323
Description: Fixed an internal error in CloudSecurityGroup API which caused the call to fail in some scenarios.
Known limitations: N/A
Affected Components: API
Compliance Rulesets Update
Type: Improvement
Description: First release of the GCP Dome9 Network Security Ruleset. In addition we have made bug fixes to existing rules.
5 new rules have been added as part of AWS, Azure and GCP Best Practices rulesets. Click here for details.
Case ID :
DFT-674 - Logic fix - D9.AZU.NET.27 - Ensure that SSH access is restricted from the internet
Known limitations: N/A
Affected Components: COMPLIANCE RULESETS
Protected Assets - AWS EC2 Instances - 17:05 UTC
Type: Bug Fix
Case ID: DFT-624
Description: Fixed an issue which caused an error to be thrown while getting an Instance details.
Known limitations: N/A
Affected Components: UI PROTECTED ASSETS
Cloud Security Groups API - 17:05 UTC
Type: Bug Fix
Case ID: DFT-624
Description: API Access for non-superuser.
Known limitations: N/A
Affected Components: UI CLARITY API
Exposed Security And Authentication Menu Item for Auditor role - 16:20 UTC
Type: Bug Fix
Case ID: DFT-714
Description: Exposed the Security And Authentication menu item for Auditor role based users.
Known limitations: N/A
Affected Components: UI
RDS Asset Page Fix - 14:00 UTC
Type: Bug Fix
Case ID: DOME-13315
Description: Fix exception which preventing the page to load for some customers.
Known limitations: N/A
Affected Components: UI
Compliance Engine Scale Improvements - 13:00 UTC
Type: Improvement
Description: Changed some logic to increase the engine's scale abilities.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS COMPLIANCE CORE
HTTP Endpoint Integration - 09:48 UTC
Type: Improvement
Description: Improve error handling.
Known limitations: N/A
Affected Components: COMPLIANCE INTEGRATIONS
Fixed missing IP Address for Login - 14:15 UTC
Type: Bug Fix
Case ID: DFT-690
Description: Fixed the missing IP for Login events on Audit trail.
Known limitations: N/A
Affected Components: UI
Azure Application Security Groups - 11:00 UTC
Type: New Feature
Description: Adding support for Azure ASG across system.
Known limitations: Clarity - Not supported Yet.
Affected Components: AZURE FETCHING SYSTEM COMPLIANCE UI
MFA Fix Disable Action - 13:11 UTC
Type: Bug Fix
Case ID: DFT-712 and DFT-110
Description: Security and authentication - Cannot disable MFA.
Known limitations: N/A
Affected Components: UI MFA
Email Template Change - 18:28 UTC
Type: Improvement
Description: Email template design improvements to have the same look and feel as Checkpoint design.
Known limitations: N/A
Affected Components: EMAIL NOTIFICATION SCHEDULED REPORT
Azure Virtual Machine Scale Set - 15:50 UTC
Type: New Feature
Description:
Added Azure Virtual Machine Scale Set entity support:
- New compliance entity called VirtualMachineScaleSet.
- Azure Virtual Machine compliance entity will now reflect Scale Set virtual machines as well.
- Two additional fields were added to Azure Virtual Machine compliance entity:
- IsScaleSetVm - To indicate if the Virtual Machine is part of a scale set.
- InstanceId - In case the Virtual Machine is part of a Scale Set, this field will specify the instance ID.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
AWS Regions Data Fetcher - 10:20 UTC
Type: Improvement
Description: New data fetcher to get a list of enabled regions for AWS cloud accounts.
Known limitations: Data fetching for optional regions will be supported on later release.
Affected Components: DATA FETCHERS AWS
Azure Virtual Machine Scale Set - 00:05 UTC
Type: Revert
Description: Reverting this feature due to errors on assessment reports
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Azure Cloud Account API - 13:30 UTC
Type: Improvement
Description: Modification of Azure regions description to reflect Azure convention.
Known limitations: N/A
Affected Components: AZURE CLOUD ACCOUNT API
Cloud Security Group API - 13:30 UTC
Type: Bug fix
Description: API Access for non-superuser.
Known limitations: N/A.
Affected Components: API
Protected Assets - Internal pages cosmetic improvements - 16:35 UTC
Type: Improvement
Description: Some UI improvements for internal tabs representation for several entities for example: EC2 Instances, Lambda functions, ELB, ALB and RDS.
Known limitations: N/A
Affected Components: UI PROTECTED ASSETS
Compliance Engine - 13:25 UTC
Type: Improvement
Description: Adjust some logic for handling with large entities.
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE
Azure Virtual Machine Scale Set - 10:40 UTC
Type: New Feature
Description:
Added Azure Virtual Machine Scale Set entity support:
- New compliance entity called VirtualMachineScaleSet.
- Azure Virtual Machine compliance entity will now reflect Scale Set virtual machines as well.
- Two additional fields were added to Azure Virtual Machine compliance entity:
- IsScaleSetVm - To indicate if the Virtual Machine is part of a scale set.
- InstanceId - In case the Virtual Machine is part of a Scale Set, this field will specify the instance ID.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Logic - a new model for account activity - 10:00 UTC
Type: Improvment
Description:
The model of account activity has changed for a better investigation experience.
Known limitations: N/A
Affected Components: LOG.IC
Logic - Support multi-vendor 13:00 UTC
Type: Improvement
Description: Support switching between vendors.
Known limitations: N/A
Affected Components: LOG.IC
Security Groups - Cloud Account Vendor Icon 15:00 UTC
Type: Bug fix
Description: Missing icons for AWS/AZURE China/Gov accounts.
Known limitations: N/A
Affected Components: FILTERS
Resources Page - Open Support Ticket 15:00 UTC
Type: Bug fix
Description: Resources page was missing open support ticket link
Known limitations: N/A
Affected Components: RESOURCES
Kubernetes On Boarding 15:00 UTC
Type: New Feature
Description: Kubernetes Clusters support is now GA.
Known limitations: N/A
Affected Components: KUBERNETES COMPLIANCE PROTECTED ASSETS
Rollback - Azure Virtual Machine Scale Set - 14:00 UTC
Type: Deployment Revert
Description: Reverted the support for Azure Virtual Machine Scale Set entity after discovering an issue with the entity data fetcher.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
Azure Virtual Machine Scale Set - 12:30 UTC
Type: New Feature
Description:
Added Azure Virtual Machine Scale Set entity support:
- New compliance entity called VirtualMachineScaleSet.
- Azure Virtual Machine compliance entity will now reflect Scale Set virtual machines as well.
- Two additional fields were added to Azure Virtual Machine compliance entity:
- IsScaleSetVm - To indicate if the Virtual Machine is part of a scale set.
- InstanceId - In case the Virtual Machine is part of a Scale Set, this field will specify the instance ID.
Known limitations: N/A
Affected Components: DATA FETCHERS AZURE
AWS Security Groups - 12:30 UTC
Type: Bug fix
Case ID: DFT-657, DFT-624
Description: Under some scenarios, Security Groups are not presented in the Security Groups page and Clarity.
Known limitations: N/A
Affected Components: API CLARITY UI
Compliance Engine - 16:54 UTC
Type: Improvement
Description: Adjust some logic for handling with large entities.
Known limitations: N/A
Affected Components: COMPLIANCE SCHEDULED REPORT COMPLIANCE INTEGRATION
Alerts & Protected Assets Page Sticky Header - 15:15 UTC
Type: Bug Fix
Description: Sticky header on table scroll
Known limitations: N/A
Affected Components: ALERTS PROTECTED ASSETS
Compliance Ruleset - 12:00 UTC
Type: Bug fix
Case ID: DFT-683
Description: Fix returned error status code and message for invalid/bad requests.
Known limitations: N/A
Affected Components: API COMPLIANCE RULESET
Compliance Engine - 11:50 UTC
Type: Improvement
Description: Minor engine improvement for handling with large entities.
Known limitations: N/A
Affected Components: API COMPLIANCE CORE COMPLIANCE INTEGRATION
Compliance Engine - 09:07 UTC
Type: Improvement
Description: Minor engine improvement for handling with large entities.
Known limitations: N/A
Affected Components: API COMPLIANCE CORE
Exclusion Cloud Account Broken Dropdown - 18:57 UTC
Type: Bug fix
Case ID: DOME-19193
Description: Fixed an issue where the Cloud Account dropdown selection was broken for some users.
Known limitations: N/A
Affected Components: UI
Protected Assets - 16:10 UTC
Type: Improvement
Description: Minor improvement to protected assets engine.
Known limitations: N/A
Affected Components: PROTECTED ASSETS
Compliance Engine - 15:05 UTC
Type: Improvement
Description: Minor engine improvement.
Known limitations: N/A
Affected Components: API COMPLIANCE CORE
Compliance Engine - 16:45 UTC
Type: Improvement
Description: Error handling improvement.
Known limitations: N/A
Affected Components: API COMPLIANCE INTEGRATION COMPLIANCE REPORT
AWS IAM Policy - 14:05 UTC
Type: Improvement
Description: Optimizing AWS IAM policy fetching mechanism to reduce the number of API calls.
Known limitations: N/A
Affected Components: DATA FETCHING AWS
Filter Panel Cross Browser Support - 12:12 UTC
Type: Bug Fix
Description: Pages with filter option are now working in FireFox
Known limitations: N/A
Affected Components: FILTERS
Main Menu - Typo fix - 12:12 UTC
Type: Bug Fix
Description: Fixing IP Addresses typo
Known limitations: N/A
Affected Components: TYPO
Alerts Page - 13:38 UTC
Type: Bug Fix
Description: In some specific cases alerts page is displaying 'ALL' alerts in the time range filter, but last 24H alerts is marked.
Known limitations: N/A
Affected Components: ALERTS
Documentation - 13:38 UTC
Type: Improvements
Description: Added status Circuit Breaker documentation link.
Known limitations: N/A
Affected Components: DOCUMENTATION
Range Filter - 13:38 UTC
Type: Improvement
Description: Removed state load/save option from range filter.
Known limitations: N/A
Affected Components: FILTERS
Filter Panel - UX improvements 21:05 UTC
Type: Improvement
Description: New filters, some UX improvements after customer feedback
Known limitations: N/A
Affected Components: FILTERS
New CloudGuard Dome9 Menu - 21:05 UTC
Type: New Feature
Description:
We’ve been working hard to add many new features recently including Alerts, Remediation Support with CloudBots, Dashboards and others.
Now it’s time to get our menus a little bit more organized to help you secure your cloud journey.
The CloudGuard Dome9 Menus are being reorganized for a better user experience. The new menu options are now organized based on our different steps of your cloud journey
- Asset Management
- Posture Management
- Network Security
- IAM Protection
- Log.ic
- Alerting and notification
- Settings
- Resources
We also have added sub menus to help you find things faster. This is only a face lift, it is not affecting any functionality within the product.
Known limitations: N/A
Affected Components: UI
Network Security - Azure Application Security Groups - 11:00 UTC
Type: New Feature
Description: Adding support for Azure ASG on Network Security, Now you can manage your ASG, get tamper protection and change detection.
Known limitations: Compliance engine - Not supported Yet.
Affected Components: NETWORK SECURITY UI