November 2022

IMPROVEMENT Compliance Rulesets Update - 12:00 UTC

Description: New AWS rules, AWS and K8S rules improvements. Three DFTs were fixed.

Removal of four rules:

D9.K8S.OPE.02 - Deprecated due to overlapping with another rule (D9.K8S.NET.32)

D9.K8S.OPE.04 - The rule was deprecated from CIS in version 1.4.1 and it's no longer relevant for the newer CIS versions

D9.AZU.NET.61 - Deprecated due to overlapping with another rule (D9.AZU.NET.19)

A complete list can be found here.

Case ID: IN-6004, DFT-2170, DFT-2221, DFT-2198
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed AWS SNS Topic And SQS encryption key bug - 12:40 UTC

Description: Fixed bug in SNS topic and SQS entities where the cryptoKey was null although it did exist.
Case ID: IN-6063
Known limitations: SNS topic and SQS are supporting KMS key from the same region only.
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS API

fixed AWS IamUser - 13:00 UTC

Description: Fixed D9.AWS.IAM.16 - Compliance check issue where the access keys for AWS IAM root account was not refreshed.
Case ID: DFT-2147
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS ECR Repository - 13:00 UTC

Description: Added ‘replicationConfiguration’, ‘lifecyclePolicy’ and ‘scanningConfiguration’ properties to AWS ECR Repository in Compliance engine & Protected Assets.
Case ID: IN-6006
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS fetchers

fixed AWS VPC - 13:00 UTC

Description: Fixed 'region' property in AWS VPC to be in the correct format.
Case ID: DFT-2224
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

fixed Azure Network Security Group - 13:00 UTC

Description: Fixed 'nsgFlowLog' property in Azure Network Security Group.
Case ID: DFT-2224
Known limitations: N/A
Affected Components: COMPLIANCE ENGINE PROTECTED ASSETS

fixed Protected assets internal asset fix - 12:35 UTC

Description: Security groups throwing exception while clicking on assets fix.

Case ID: DFT-2162

Known limitations: N/A 

Affected Components: UIprotected assets security groups

IMPROVEMENT CloudGuard API Reference Categories - 12:00 UTC

Description: New categories for the CloudGuard API reference website.

Case ID: PLAT-5665

Known limitations: N/A 

Affected Components: API REFERENCE

FEATURE New assessment widget - findings per asset - 09:00 UTC

Description: New table widget, showing the total failed vs passes assessments per asset with a severity breakdown.

Case ID: PLAT-6033

Known limitations: N/A 

Affected Components: assessment history RESULT

fixed Role view in settings doesn’t close - 12:40 UTC

Description: When closing the role popup in roles page, the popup was reopening every time. Now, it is closed when cancelling.
Case ID: PLAT-6545
Known limitations: N/A
Affected Components: roles

fixed Unified Onboarding Permissions - 11:20 UTC

Description: Added permission validation for API: AwsUnifiedOnboarding/StackConfig, only user with role “onboarding” will get proper response.
Case ID: PLAT-6542, DFT-2242
Known limitations: N/A
Affected Components: rolesunified onboarding

IMPROVEMENT Intelligence Rulesets Update - 19:30 UTC

Description: Updating Intelligence rules for AWS, Azure, and Kubernetes. New AWS Rules are related to Crypto-mining and Credentials. A list can be found here
Case ID: IN-5904
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

IMPROVEMENT Compliance Rulesets Update - 09:30 UTC

Description: AWS new rules. A complete list can be found here.
Case ID: IN-5464
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

fixed AWS KMS Key - 9:30 UTC

Description: Fixed bug of KMS keys ID is not unique, key id from now on is Key ARN.
Due to this fix, all the KMS keys will be fetched, including multi-region keys.
Case ID: IN-5505
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS API

IMPROVEMENT AWS Kinesis -15:00 UTC

Description: Added "kmsKeyId" property to AWS Kinesis entity.
Case ID: IN-5851
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS RDSDBSnapshot -15:00 UTC

Description: Added "kmsKeyId" property to AWS RDSDBSnapshot entity.
Case ID: IN-5851
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS SageMakerNotebook -15:00 UTC

Description: Added "kmsKeyId" property to AWS SageMakerNotebook entity.
Case ID: IN-5851
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT AWS ECR Repository -15:00 UTC

Description: Added "Policy" property to AwsEcrRepository entity.
Case ID: DFR-1434
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS

IMPROVEMENT Compliance Rulesets Update - 12:30 UTC

Description: AWS and Azure rules improvements. A complete list can be found here.
Case ID: IN-5949
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED Serverless - Java FSP bug fix - 16:00 UTC

Description: Java FSP failure bug fix.
Case ID: PROT-1531
FSP has been changed. the new version: 1.5.108
Known limitations: N/A 
Affected Components: Serverless

FIXED Serverless - Fix dotnet FSP crash - 17:00 UTC

Description: Fix for dotnet FSP crash due to FileNotFound Exception
Case ID: PROT-1533
FSP has been changed. the new version: 1.5.107
Known limitations: N/A 
Affected Components: Serverless

IMPROVEMENT Compliance Rulesets Update - 10:30 UTC

Description: AWS and Azure rules improvements. Removal of four rules:

1. D9.AZU.MON.50 - Deprecated due to overlapping with another rule (D9.AZU.MON.22)

2. D9.AZU.MON.51 - Deprecated due to overlapping with other rules (D9.AZU.VLAN.01, D9.AZU.MON.22)

3. D9.AWS.IAM.61 - Deprecated due to overlapping with another rule (D9.AWS.IAM.99)

4. D9.AWS.OPE.02 - Insufficient security justification

A complete list can be found here.
Case ID: IN-5872
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

IMPROVEMENT Spectral IAC scan - GA - 10:30 UTC

Description: Set Spectral as default solution for all customers and remove old solution - Shiftleft. IaC and code scan US and EU
Case ID: PLAT-6013
Known limitations: A list of excluded customers still using ShiftLeft solution
Affected Components: IAC ui code scan

fixed AWS SQS- 11:00 UTC

Description: Fixed a bug that tags were not fetched for AWS GOV account.
Case ID: DFT-2175
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS API

IMPROVEMENT Redesign CloudGuard "Get Started" page for Infinity Portal users - 13:30 UTC

Description: New welcome screen design for the Infinity Portal
Case ID: PLAT-4420
Known limitations: N/A
Affected Components: UI

IMPROVEMENT Intelligence Rulesets Update - 15:30 UTC

Description: Updating Intelligence rules for AWS, Azure and Kubernetes. A list can be found here
Case ID: IN-5874
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

fixed Azure Key Vault -15:00 UTC

Description: Fixed a bug in Azure Key Vault’s diagnosticSettings that caused partial data fetching.
Case ID: DFT-2170
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS API

fixed Protected asset sorting while grouped - 12:30 UTC

Description: Now sorting by any field while grouped by any field works as expected.
Case ID: PLAT-5987
Known limitations: N/A 
Affected Components: protected asets

IMPROVEMENT Compliance Rulesets Update - 12:30 UTC

Description: Removal of AWS CloudGuard Containers Security, AWS CloudGuard Serverless Architectures Security and GCP CloudGuard Containers Security rulesets. AWS and Azure rules improvements, adding rules for the AWS SOC2 ruleset, a bug fix. A list can be found here.
Case ID: IN-5775, DFT-2190
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FIXED Continuous Posture - Platform Policy - 20:10 UTC

Description: Fix bug in platform policy creation.
Case ID: PLAT-6242, DFT-2192
Known limitations: N/A 
Affected Components: continuous posture

FIXED Serverless - Fix scan resource for s3 - 12:45 UTC

Description: Enhance node scanner to correctly report resources.
Case ID: PROT-1505
Known limitations: N/A 
Affected Components: Serverless

FIXED Serverless - Java FSP bug fix - 12:45 UTC

Description: Update aws package to latest versions.
Case ID: PROT-1532
FSP has been changed. the new version: 1.5.106
Known limitations: N/A 
Affected Components: Serverless

FIXED Serverless - Nodejs Scanner - fix module not found error - 12:45 UTC

Description: Added fix for module not found error in Nodejs scanner.
FSP has been changed. the new version: 1.5.106
Case ID: PROT-1521
Known limitations: N/A 
Affected Components: Serverless

IMPROVEMENT GSL New functionality - 15:30 UTC

Description: It is now possible to detect strings that might be secrets in entity fields using the containSecrets() function
Case ID: PLAT-6408
Known limitations: N/A
Affected Components: GSL

IMPROVEMENT Intelligence Rulesets Update - 15:30 UTC

Description: Updating Intelligence rules for AWS, Azure and Kubernetes, removal of 1 Kubernetes rule. A list can be found here
Case ID: IN-5740
Known limitations: N/A
Affected Components: INTELLIGENCE RULESETS

FIXED Add rule to azure security group fix - 15:00 UTC

Description: user unable to edit azure network sg in case one of the rule priority was 100.
Case ID: DFT-2210
Known limitations: N/A 
Affected Components: security groups

FIXED Tenable Assets - 06:00 UTC

Description: Canceling Tenable Assets export jobs that are not completed after 24 hours.
Case ID: DFT-2186
Known limitations: N/A 
Affected Components: FETCHERS

FIXED AWS ECS Cluster - 15:00 UTC

Description: Fixed a bug that caused assessment runs failures in AWS ECS Cluster.
Case ID: IN-5748
Known limitations: N/A 
Affected Components: COMPLIANCE ENGINE

IMPROVEMENT AWS VPN Connection - 15:00 UTC

Description: Added ‘options.tunnelOptions’ property’ in AWS VPN Connection in Compliance Engine, Protected Assets and API.
Case ID: DFR-2494
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS API

IMPROVEMENT Compliance Rulesets Update - 15:00 UTC

Description: The first release of the K8S AKS v1.1.0, new AWS rules, AWS rules removal due to rules aggregation. A list can be found here.
Case ID: IN-5733
Known limitations: N/A 
Affected Components: COMPLIANCE RULESETS

FEATURE AWS FSx Snapshot - 14:00 UTC

Description: Added support for "AWS FSx Snapshot" in compliance engine, protected assets, and API.
Case ID: DFR-2320
Known limitations: N/A 
Affected Components: FETCHERS COMPLIANCE ENGINE PROTECTED ASSETS API