February 12, 2022
Support to monitor CloudTrail events from all accounts of an organization based on the organization account configuration. If the organization account and the associated account both are configured individually, duplicate CloudTrail events are generated. For more information, see AWS.
Added a new table upt_cloud_network_interfaces_inventory to capture network interfaces only for AWS.
The rule "AWS EC2 instance termination protection is not enabled" based on the disable_api_termination attribute is deprecated and this attribute is no longer populated.
CIS compliance support for Kubernetes includes managed and self-managed GKE, ECS, and EKS services.
A new tab Search Deployment on the Kubernetes: Deploy-Time Scan page enables search and displays the history of deployed images. For more information, see Containers > Deploy-Time Scan.
A new tab Historical Search on the Kubernetes: Image-Scan Build page enables search and displays the history of images during a build. For more information, see Containers > Image-Scan Build.
Support to kill a container process from the detection graph view based on runtime ID or image tag match. For more information, see Detections.
Running an Investigate query on the upt_vulnerabilities_scanned_image table now displays individual columns for the ignore_cves, ignore_packages, and ignore_no_fix counts. Vulnerabilities Ignored is the sum of these counts, displayed on the Image Scan: Build dashboard. For more information, see Containers > Image-Scan Build.
New Feature Redaction
Added/enhanced the following APIs. For more information, see the API Documentation.
|/flagprofiles/system||Displays MITRE ATT&CK and default flag profiles when the MITRE feature is activated for your account.|
|/alertrules/summary||Provides a summary of alert rules.|
|/eventrules/summary||Provides a summary of event rules.|
|/alertrules/tags||Provides a list of all the unique alert tags.|
|/redaction||Capability to create, assign, view, update, and delete redactions.|