Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

NEW FEATURES

OS Services CIS Scans

...

Autumn '22 Release

Cloudaware is now on Azure Marketplace

Cloudaware is designed for managing multi-cloud environments. Adding Microsoft Azure to the portfolio of marketplace platforms that Cloudaware is present on, we aim to engage with customers operating two or more clouds. By subscribing to Cloudaware, customers can centralize Azure expenses and Cloudaware payments under one bill to facilitate procurement processes and extend the cloud management experience. Check out

UPDATED FEATURES

Cloudaware Applications

Customers using SNMP in network management can attach SNMP-enabled devices to Cloudaware Applications. The related network interfaces will be attached cascadingly.

...

NEW SERVICES

Amazon Lex

Amazon Lex is a managed artificial intelligence (AI) service for building conversational interfaces for voice and text applications. Cloudaware supports such objects as AWS Lex Bot, AWS Lex Bot Alias, AWS Lex Bot Locale, AWS Lex Bot Version, AWS Lex Intent, and AWS Lex Slot Type.

Amazon Polly

Amazon Polly uses deep learning technologies to synthesize natural-sounding human speech. Customers leveraging Amazon Polly to build speech-enabled applications can view the following objects in Cloudaware: AWS Polly Lexicon, AWS Polly Lexicon Synthesis Task Link, and AWS Polly Speech Synthesis Task.

GCP Security Command Center

Cloudaware supports GCP Security Command Center, which works similarly to AWS Guard Duty and Microsoft Azure Security Center. By adding the permission 'Security Reviewer' to the Google service account at the organization level, customers can see data from GCP Security Command Center in Cloudaware CMDB.

UPDATED SERVICES

Azure Compute

Customers using Azure Virtual Machine Scale Sets to increase the availability of applications may add standard Azure virtual machines to scale sets in flexible orchestration mode. Microsoft Azure reports such a virtual machine as a regular one and a scale set-specific instance, which leads to the creation of two instance records in the CMDB.

To differentiate Azure virtual machine types when reporting Azure VM Scale Sets, Cloudaware added the following fields: VM Scale Set (lookup) and VM Scale Set ID. Customers can address these fields to identify regular Azure VMs that are part of Azure VM Scale Sets. Learn more

The new field Time Created is added to the Azure Virtual Machine layout to specify the time at which a virtual machine resource was created.

Summer '22 Release

UPDATED FEATURES

AWS Organizations Linked Accounts Billing

Cloudaware discovers AWS Organization member (linked) accounts with enabled cost and usage reports (CUR) by using Master Payer ID in AWS Organization API. Customers can select the primary billing source in Cloudaware CMDB.
If the billing type is not specified, Cloudaware will not collect or display cost-related objects in CMDB.

Compliance Engine

The following policies are available for checking AWS Lambda compliance:

  • AWS Lambda Function without VPC configuration

  • AWS Lambda Function triggered by public S3 buckets

  • AWS Lambda function triggered by public SNS topics

Cloudaware continues developing compliance policies related to AWS Security Hub. Here are examples of the policies that can be deployed on demand:

  • EC2 Instance has a Public IP with exposed DB ports

  • VPC Endpoints should be provided for SQS

  • Use VPC Endpoints to access DynamoDB

  • All Traffic between Lambda and SQS should be encrypted

  • Block public access to AWS Glue Catalog

  • Ensure Dynamo DB Table TTL Status is enabled

  • CodeBuild project environments should have a logging configuration

  • CodeBuild project environments should not have privileged mode enabled

  • VPC Lambda functions should operate in more than one Availability Zone

  • Stateless network firewall rule group should not be empty

  • RDS database clusters should use a custom administrator username

NEW SERVICES
AWS Comprehend
AWS EventBridge
AWS SWF
AWS Transcribe

UPDATED SERVICES

Azure Cosmos DB Resource

Cloudaware retrieves the hierarchy of resource types organized by Microsoft Azure under one object - Azure Cosmos DB Resource:

  • Table

  • Mongo DB
    - Mongo DB Collection

  • Gremlin DB
    - Gremlin Graph

  • Core SQL
    - Core SQL Container

  • Cassandra Keyspace
    - Cassandra Table

Apart from that, Cloudaware discovers Cosmos DB account capacity and utilization metrics. Using this data, customers can identify the most expensive Cosmos DB account having a lot of provisioned throughput capacity but low request unit consumption.

Azure Public SSH Key

Azure SSH public key is used to authenticate to a virtual machine through ssh. The Azure Public SSH Key attributes that Сloudaware collects are listed here (metadata only!)

AWS EBS Snapshot

Cloudaware harvests permissions for AWS EBS snapshots. The checkbox is added to indicate whether a snapshot is publicly accessible. Customers can report publicly available or shared AWS EBS snapshots.

AWS Systems Manager

The objects AWS SSM Document and AWS SSM Document Version are added.

 

UPDATED INTEGRATIONS

TunHub

Cloudaware TunHub integration ensures secure access to Kubernetes, VMware, SCCM, Snowflake, Rancher, Jira, and other infrastructure hosted on internal networks. Cloudaware added an external API for working with TunHub gateways. Using the API, customers can programmatically request the list of TunHub gateways or routes, change settings for a specific gateway, and swap primary and secondary channels.

Use case: To enable the TunHub connection, customers install and run Cloudaware Breeze on an internal instance that has access to private environment. If under internal organizational policies, instances need to be rehydrated every N days, customers can use the external API to programmatically update the primary channel and recreate the TunHub connection once an instance is rehydrated.

Spring '22 Release

NEW FEATURES

Google Billing Accounts

Cloudaware extends Google Cloud Billing API support. Customers can review relationships between GCP Projects and associated Google Billing Accounts in Cloudaware CMDB.

Google BigQuery Integration For Advanced Cost Analysis

Сloudaware Cost Management integrates with Google BigQuery to enhance cost analysis. Customers use Google BigQuery queries to compress, aggregate, filter and optimize billing data to make monthly and daily datasets more efficient before uploading them to the Cloudaware analytics portal. Check the setup guide

Export Application Inventory Using Google BigQuery

Customers can use Google BigQuery to export application inventory from Cloudaware into a single table or create a consolidated table of all AWS resources, e.g. AWS Accounts with child resources. Check the sample use case

UPDATED FEATURES

Cloudaware Virtual Applications

Cloudaware Virtual Applications introduce the new nice, neat and easy-to-use UI. Navigate between clouds, resource types, and tiers and search for specific CIs in the application interface.

...

Moreover, Cloudaware extends the range of objects attachable to Cloudaware Virtual Applications:

  • AWS API Gateway Rest API

  • AWS AppStream Fleet

  • AWS CodeBuild Project

  • AWS ECR Repository

  • AWS Glue Crawler

  • AWS EC2 Launch Configuration

  • AWS CloudFormation Stack

  • AWS SageMaker Notebook Instance

NEW SERVICES

AWS DataSync
AWS Kendra
AWS Service Quotas
AWS Shield Advanced
Azure Log Analytics

UPDATED SERVICES

Compliance Engine

New AWS Glue Catalog related policies added:

  • Block public access to AWS Glue Catalog

  • AWS Glue Catalog should have MFA "on delete" enabled

AWS Direct Connect

New objects are added:

  • AWS Direct Connect Lag

  • AWS Direct Connect Gateway

  • AWS Direct Connect Gateway Association

  • AWS Direct Connect Gateway Attachment

The objects AWS Direct Connect Connection and AWS Direct Connect Virtual Interface are updated to get a set of important fields and tags.

AWS Lambda

On August 10, 2021, AWS introduced a change in the way that asynchronous invocations of AWS Lambda functions work when the function has reserved concurrency set to zero. Lambda functions meeting these criteria will have events sent to a dead letter queue (DLQ) instead of being retried. Cloudaware harvests reserved concurrency configuration settings for AWS Lambda functions to allow reporting to detect functions requiring attention.

AWS SNS

The object AWS SNS Topic is updated to support tags. Customers may attach SNS Topics to application based on a specific tag.

Azure CosmosDB

The object Azure Cosmos DB Resource is added. The object includes the following object types:

  • Table

  • Mongo DB
    Mongo DB Collection

  • Gremlin DB
    Gremlin Graph

  • Core SQL
    Core SQL Container

  • Cassandra Keyspace
    Cassandra Table

NEW INTEGRATIONS

CyberArk

MongoDB Atlas

UPDATED INTEGRATIONS

Rancher

The API capability to programmatically create/update/remove a Rancher integration is added.

Winter '22 Release

NEW FEATURES

Java Discovery Fact For Apache Log4j

Log4Shell is a high severity vulnerability (CVE-2021-44228, CVSSv3 10.0) that impacts multiple versions of the Apache Log4j 2 utility. The vulnerability allows for unauthenticated remote code execution. Currently, the scanning tools are able to detect a limited scope of Log4j vulnerabilities only relevant to Apache HTTP server. Cloudaware has released a custom fact that enables Java discovery to identify vulnerable log4j jar* files. Please note that Breeze is to be installed to enable this type of scans.

OS Services CIS Scans

CIS Kubernetes Benchmark is added to Cloudaware Compliance Engine library. The benchmark allows to evaluate the hardening level of container orchestration deployments.

UPDATED FEATURES

Cloudaware Virtual Applications

The following objects are available for attachment to Cloudaware Virtual Applications:

  • AWS EFS File System

  • AWS EKS Cluster

  • AWS EKS Cluster Pod

  • AWS EMR Cluster

  • AWS Kinesis Firehose Destination

  • AWS Kinesis Stream

  • AWS KMS Key

  • AWS MQ Broker

  • AWS RDS Cluster

  • AWS Secrets Manager Secret

  • AWS SQS Queue

  • Azure SQL Instance

  • Azure SQL Instance Database

External APIs

Cloudaware released API to remove AWS Account. This API allows to mark an AWS Account for removal and automatically approve the removal request. Note that only Admin users are able to leverage this feature.

NEW SERVICES

Azure Data Factory

Azure Analysis Services

Azure Monitor Metrics

UPDATED SERVICES

AWS MSK

The object AWS MSK Configuration Revision is added, with a lookup to objects AWS MSK Cluster, AWS MSK Configuration and AWS MSK Node. This object stores the details related to AWS MSK configuration revision and helps to capture the actual cluster configuration.

...

The following AWS Directory related fields are added to AWS RDS instance and AWS RDS Cluster layouts: Name, FQDN, IAM Role ARN, ID, Status.

AWS Сost Explorer Coverage & and Utilization 

Cloudaware supports new record types for ElastiCache, Elasticsearch, Redshift allowing to track costs for these services in AWS Сost ExplorerRI сoverage and utilization.

NEW INTEGRATIONS

Rancher