● A new dashboard enables you to monitor endpoint anomalies● The Detections page includes the Anomaly Present filter for refining the detection list based on anomaly presence
○ Enhanced the existing graph view for roles to view the identities that a particular role can access including the effective permissions.
● Added support for the Event Hubs service for Activity Logs and NSG Flow logs and the following telemetry tables:
○ azure_eventhub_namespace
○ azure_eventhub_hub
○ azure_eventhub_consumer_group
● Attack path enhancements:
○ Added support for AKS service only for Load balancer for internet exposure to view the Security Graph for all security risks associated with each container.
○ Lateral Movement from exposed VM to other VMs via Managed Identity.
● Cloud Discovery dashboard enhancements:
○ Added Key vault and key association
○ Added AKS service
● Added support to provide manual remediation for exposed nodes. You can modify/delete rules, add access restriction rules, and more for all internet services or exposed nodes. The detailed steps help in fixing these issues via both Console and CLI, offering flexibility in your remediation approach.
● Added support to view Effective Permissions for Indirect Resources connected to roles in the Azure Effective Permissions Graph.
● Revamped the top bar for Azure Identity Risks for a more intuitive experience.● Added new table gcp_secret_manager_secret_policy_binding for the Secret Manager Policy Binding service.
API | Description |
/threatbooks | Support for the POST method to update threatbooks |