Winter '22 Release
NEW FEATURES
Mass-delete Cloud Accounts
Org Metadata Backup
OS Services CIS Scans
Azure Certificate API Authentification
Cloudaware stores Application ID (Client ID) and Client Secret in the object Azure Application which allows to authenticate using AD (for Azure multi-tenant applications).
The object Azure Application stores Application ID (Client ID) and Client Secret required for authentication using AD (for Azure multi-tenant applications).
NEW SERVICES
Azure Analysis Services
Objects:
Azure Analysis Services Server
Azure Analysis Services Server Admin
Azure Monitor Metrics
…
UPDATED SERVICES
AWS API Gateway
Applications - more objects attachable, what objects?
Add tags to more objects - what objects
External APIs improvements - what's improved?
Dataflow in Billing Processing - elaborate
Azure Storage
AWS Сost Explorer Coverage & Utilization
Cloudaware supports record types for ElastiCache, Elasticsearch, Redshift allowing to track costs for these servcies.
AWS Athena
The fields Selected Engine Version and Effective Engine Version are added to objects AWS Athena Work Group and AWS Query Execution. This allows to track the Athena engine version (v2 was deprecated by Amazon in August 2021).
AWS S3
S2 Object Lock settings are detected by Cloudaware (Object Lock Enabled, Default Retention Days, Default Retention Mode, Default Retention Years)
The field Bucket Key Enabled is added to S2 Bucket allowing to define whether the bucket is using a S3 Bucket Key, which is a bucket-level key generated by KMS. These keys are used by S3 to create unique data keys for objects in a bucket, avoiding the need for additional KMS requests. This reduces KMS operations, and as a result, costs.
AWS MSK
The object AWS MSK Configuration Revision is added, with a lookup to objects AWS MSK Cluster, AWS MSK Configuration, AWS MSK Node. This object stores details related to AWS MSK configuration revision and helps to capture the actual cluster configuration.
AWS RDS
The following AWS Directory fields are added to AWS RDS instance and AWS RDS Cluster layouts: Name, FQDN, IAM Role ARN, ID, Status.
NEW INTEGRATIONS
Rancher
Summer '21 Release
NEW FEATURES
AWS EC2 IMDSv2 Supported
Cloudaware supports AWS EC2 Instance Metadata Service Version 2 (IMDSv2). IMDSv2 protects against Website Application Firewalls, open reverse proxies, SSRF vulnerabilities and open layer 3 firewalls and NATs.
If version 1 is disabled, Cloudaware switches to version 2 to ensure security for your AWS EC2 instances. You can build reports in Cloudaware to check on AWS IMDS version on your cloud servers.
UPDATED FEATURES
Cloudaware Virtual Applications
The following objects can be attached to Cloudaware Virtual Applications:
AWS EFS File System
AWS EKS Cluster
AWS EKS Cluster Pod
AWS EMR Cluster
AWS Kinesis Firehose Destination
AWS Kinesis Stream
AWS KMS Key
AWS MQ Broker
AWS RDS Cluster
AWS Secrets Manager Secret
AWS SQS Queue
Azure SQL Instance
Azure SQL Instance Database
Cloudaware List Views
Customers can control access to list view creation in their Cloudaware account. Only those with profiles CloudAware Administrator and CloudAware Collector Only, or a user with custom permission listViewEditor can create public list views. The option to create private list views remains without changes.
NEW SERVICES
Azure Data Factory
UPDATED SERVICES
AWS EC2
Support for objects:
AWS Availability Zone ID
EC2 Launch Templates
AWS network related objects (Transit Gateway, Transit Gateway VPC Route Tables, Transit Gateway Peering, Transit Gateway Route Tables, Prefix Lists)
The field IAM Instance Profile ARN is available on AWS EC2 Instance to indicate relation between EC2 and an assigned IAM role.
AWS IAM
The object AWS IAM OpenID Connect Provider has been added.
The object AWS IAM Instance Profile demonstrates the relation to EC2s to let you overview the relationship between IAM Role and all EC2 instances that have it assigned.
AWS Account
Cloudaware supports checking whether EBS encryption by default is enabled for AWS account in a current region. To demonstrate this, the following fields are added to the object AWS Account Region:
Default EBS Encryption KMS Alias
Default EBS Encryption KMS Alias ARN
Default EBS Encryption KMS Key
Default EBS Encryption KMS Key ARN
Default EBS Encryption KMS Key ID
NEW INTEGRATIONS
Snowflake
Spring '21 Release
NEW FEATURES
Policy Templates
Compliance Engine policy templates now can be filtered by the following HIPAA-related labels:
hipaa-access-control
hipaa-auditing
hipaa-encryption
Filters by caTags and JSON Tags
Cloudaware Tag Analyzer has the filter by CaTags added. The preview is available for any number of objects. You can also switch to filtering by JSON tags.
Edit Help Text on Custom Fields
Editing of Help Text tips is supported on custom fields of custom objects.
Edit your Application and Application Tier name
Application and Application Tier names can be edited in Cloudaware Virtual Applications.
NEW SERVICES
Azure SQL Virtual Machines
AWS License Manager
AWS Backup
AWS Global Accelerator
NEW INTEGRATIONS
Rally
Winter '21 Release
NEW FEATURES
Azure Foundation v1.1.0
CIS Benchmarks have released a new CIS Microsoft Azure Foundations Version 1.1.0. New Benchmarks for Azure are deployed in Cloudaware Compliance Engine.
Setup and Developer Console Links Permissions
Setup and Developer Console links are now viewable for admin users only. If you don't have access to them, you won't see them in the menu.
NEW SERVICES
AWS Blockchain
NEW INTEGRATIONS
TunHub
TunHub is a secure proxy connection built to link customer's assets located in private cloud to Cloudaware using Breeze Agent. Fine tune the ingress points for Breeze to access SCCM, vCenter, private JIRA, private Kubernetes Clusters and more.
G Suite Directory Integration
Cloudaware supports Google Directory API to allow you to track users who have access to your Google Cloud and Google Projects with Cloudaware G Suite Integration.
UPDATED SERVICES
AWS Snowball
AWS X-Ray
Azure Application Gateway
Azure Express Route
Azure App Service
Qualys Integration
Zabbix Integration
New fields added on objects Azure VM, Google GCE Instance and CloudAware Physical server:
Zabbix: Is Monitored
Zabbix: Incidents, 30-Day
Zabbix: Memory Free, N-Day
Zabbix: Memory Total, N-Day
Compliance Engine
Policy Revisions
You can clone a policy and make updates to its code. Once the new policy is saved and/or deployed, track the history of the policy versioning and use Compare Mode for a side-to-side comparison view of policy revisions.
Diff Utility Tool
Diff Utility, the native Cloudaware Compliance Engine tool, allows you to compare two compliance policies that have a common input object. As a result, you can get a list of objects and see where the status differs.
Benchmarks Account and Application Filters
CIS Benchmark section can now be filtered by accounts and applications. Use the dropdown menu to keep track of your CIS compliance on a more granular level directly from the UI.
Utility Classes
Compliance Engine policies can now be created according to a certain type of input and output objects.
New policies for Heroku Cloud
New Heroku Cloud polices are available in Built-In Policy Templates:
Ensure Heroku Application Custom Domains Use Secure Protocol.
Ensure Heroku Team Invite Acceptance Feature Is Turned On.
Ensure Heroku Team Member Two-Factor Authentication is Enabled.
Ensure Heroku Team Membership Capacity Is Not Near Limit.
Ensure No Heroku Applications Use Deprecated Protocol TLS 1.0.
Ensure no Heroku Private Spaces have an Unrestricted Outbound Access on All Ports.
Heroku Deprecated Stack Cedar-14 is in Use.
Heroku Services Credit Recharge Alert (1 day until expiration).
Heroku Services Credit Recharge Alert (14 days until expiration).
Heroku Services Credit Recharge Alert (7 days until expiration).
Heroku Space Peering Connection Request Expiration Alert - 24 Hours.