Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

Summer '21 Release

NEW FEATURES

AWS EC2 IMDSv2 Supported

Cloudaware supports AWS EC2 Instance Metadata Service Version 2 (IMDSv2). IMDSv2 protects against Website Application Firewalls, open reverse proxies, SSRF vulnerabilities and open layer 3 firewalls and NATs. 

If version 1 is disabled, Cloudaware switches to version 2 to ensure security for your AWS EC2 instances. You can build reports in Cloudaware to check on AWS IMDS version on your cloud servers. 

UPDATED FEATURES

Cloudaware List Views

Customers can control access to list view creation in their Cloudaware account. Only those with profiles CloudAware Administrator and CloudAware Collector Only, or a user with custom permission listViewEditor can create public list views. The option to create private list views remains without changes.

UPDATED SERVICES

AWS Account

Cloudaware supports checking whether EBS encryption by default is enabled for AWS account in a current region. To demonstrate this, the following fields are added to the object AWS Account Region:

  • Default EBS Encryption KMS Alias

  • Default EBS Encryption KMS Alias ARN

  • Default EBS Encryption KMS Key

  • Default EBS Encryption KMS Key ARN

  • Default EBS Encryption KMS Key ID

AWS IAM

The object AWS IAM OpenID Connect Provider has been added.

The object AWS IAM Instance Profile demonstrates the relation to EC2s to let you overview the relationship between IAM Role and all EC2 instances that have it assigned.

AWS EC2

New AWS network related objects are added:

  • Transit Gateway

  • Transit Gateway VPC Route Table,

  • Transit Gateway Peering

  • Transit Gateway Route Tables

  • Prefix Lists

The field IAM Instance Profile ARN is available on AWS EC2 Instance to indicate the relation between EC2 and an assigned IAM role.

AWS S3

S3 Object Lock settings are detected by Cloudaware by using the following fields: Object Lock Enabled, Default Retention Days, Default Retention Mode, Default Retention Years.

The field Bucket Key Enabled is added to S3 Bucket allowing to define whether the bucket is using a S3 Bucket Key, which is a bucket-level key generated by KMS. These keys are used by AWS S3 service to create unique data keys for objects in a bucket, avoiding the need for additional KMS requests. This reduces KMS operations, and as a result, costs.

AWS Athena

Athena engine v1 should be deprecated by Amazon in August 2021. Cloudaware added the fields Selected Engine Version and Effective Engine Version to objects AWS Athena Work Group and AWS Query Execution to let customers track Athena engine version.

Azure Storage

New utilization metrics showing 30-day data are added to Azure Storage Accounts.

NEW INTEGRATIONS

Snowflake

Spring '21 Release 

NEW FEATURES

Azure Certificate API Authentification

The new object Azure Application stores Application ID (Client ID) and Client Secret required for authentication using AD (for Azure multi-tenant applications).

Policy Templates

Compliance Engine policy templates now can be filtered by the following HIPAA-related labels:

  • hipaa-access-control

  • hipaa-auditing

  • hipaa-encryption

Filters by caTags and JSON Tags

Cloudaware Tag Analyzer has the filter by CaTags added. The preview is available for any number of objects. You can also switch to filtering by JSON tags.

Edit Help Text on Custom Fields

Editing of Help Text tips is supported on custom fields of custom objects.

Edit your Application and Application Tier name

Application and Application Tier names can be edited in Cloudaware Virtual Applications.

NEW SERVICES

Azure SQL Virtual Machines

AWS License Manager

AWS Backup

AWS Global Accelerator

UPDATED SERVICES

AWS API Gateway 

NEW INTEGRATIONS

Rally

Winter '21 Release

NEW FEATURES

Azure Foundation v1.1.0

CIS Benchmarks have released a new CIS Microsoft Azure Foundations Version 1.1.0. New Benchmarks for Azure are deployed in Cloudaware Compliance Engine.

Setup and Developer Console Links Permissions

Setup and Developer Console links are now viewable for admin users only. If you don’t don't have access to them, you won’t won't see them on the menu.

UPDATED SERVICES

in the menu.

NEW SERVICES

AWS Blockchain

NEW INTEGRATIONS

TunHub

TunHub is a secure proxy connection built to link customer's assets located in private cloud to Cloudaware using Breeze Agent. Fine tune the ingress points for Breeze to access SCCM, vCenter, private JIRA, private Kubernetes Clusters and more.

G Suite Directory Integration

Cloudaware supports Google Directory API to allow you to track users who have access to your Google Cloud and Google Projects with Cloudaware G Suite Integration.

UPDATED SERVICES

AWS Snowball 
AWS X-Ray
Azure Application Gateway
Azure Express Route 
Azure App Service
Qualys Integration

Zabbix Integration

New fields added on objects Azure VM, Google GCE Instance and CloudAware Physical server:

  • Zabbix: Is Monitored

  • Zabbix: Incidents, 30-Day

  • Zabbix: Memory Free, N-Day

  • Zabbix: Memory Total, N-Day


Compliance Engine

Clone Policy

Clone your policies and revisioned policies in the tab ''Revisions''. Click the three dots button to use Clone option.

...

Revisions

You can clone a policy and make updates to its code. Once the new policy is saved and/or deployed, track the history of the policy versioning and use Compare Mode for a side-to-side comparison view of policy revisions.

Diff Utility Tool 

Diff Utility, the native Cloudaware Compliance Engine tool, allows you to compare two compliance policies that have a common input object. As a result, you can get a list of objects and see where the status differs. 

Benchmarks Account and Application Filters

CIS Benchmark section can now be filtered by accounts and applications. Use the dropdown menu to keep track of your CIS compliance on a more granular level directly from the UI.

...

Utility Classes

Compliance Engine policies can now be created according to a certain type of input and output objects.
Use case: A company has a tagging policy in place. This tagging policy is used for all object types. If we’d like to check all three tags on objects, we would need to create three policies. Since these policies would have the same logic, you can create and use a utility class instead of coping the logic for three individual policies.

...

New policies for Heroku Cloud

New Heroku Cloud polices are available in Built-In Policy Templates:

  1. Ensure Heroku Application Custom Domains Use Secure Protocol.

  2. Ensure Heroku Team Invite Acceptance Feature Is Turned On.

  3. Ensure Heroku Team Member Two-Factor Authentication is Enabled.

  4. Ensure Heroku Team Membership Capacity Is Not Near Limit.

  5. Ensure No Heroku Applications Use Deprecated Protocol TLS 1.0.

  6. Ensure no Heroku Private Spaces have an Unrestricted Outbound Access on All Ports.

  7. Heroku Deprecated Stack Cedar-14 is in Use.

  8. Heroku Services Credit Recharge Alert (1 day until expiration).

  9. Heroku Services Credit Recharge Alert (14 days until expiration).

  10. Heroku Services Credit Recharge Alert (7 days until expiration).

  11. Heroku Space Peering Connection Request Expiration Alert - 24 Hours.

...