Skip to content

New ServiceNow Handler, Duo Data Connector, CIS Rules, and more
Compare
Choose a tag to compare
@sfc-gh-afedorov sfc-gh-afedorov released this 04 Aug 17:09
· 50 commits to master since this release
v1.9.5
e6fb4e1

Packs

  • minor cleanup in AWS CIS 1.1, 1.13, and 1.12
  • added Azure CIS 1.1, 1.2, 3.3, 4.1, 7.3, 7.4, 8.1, and 8.2
  • fixed errors in Azure CIS 7.1, 7.2

Data Connectors (DC)

  • new Duo Admins Inventory Connector
  • DC schedule can now be generally specified in any connector comment
  • multiple DC's can now be scheduled to run from one CLI command
  • improvement to make Azure log connector more robust to different log types (#414)

Azure Inventory and Configuration (AzIC) Connector

  • adds groups_members, role_assignments, queue_services, queue_services_properties, sql_servers, and sql_servers_auditing_settings collection
  • includes updated values from new Graph API groups, role_definitions, and service_principals endpoints
  • adds mechanism to save arbitrary values as API's change
  • fixed GovCloud authentication bug
  • fixes minor misnamed columns
  • greatlyimproves runtime and reliability

AWS Inventory and Configuration (AWSIC) Connector

  • adds iam_list_groups, iam_list_attached_group_policies, and ec2_describe_route_tables tables
  • adds error column for tracking failed API responses as in AzIC
  • removes vestigial region columns from tables that did not end up populating them (per boto3 client's describe_regions)
  • improves error handling and logging in API retries
  • fixes session expiration errors

AWS CloudTrail Connector

  • fixes timezone translation bug in accounts with default LTZ set to zone other than UTC (#416)

Alert Runner and Processor

  • adds support to run multiple alerts from CLI (#413)
  • adds FROM_TIME env variable that can be used to specify alerting period explicitly instead of relative to the end time (#416)
  • fixes alert deduplication logic bug
  • fixes logging on invalid credentials (#379)
  • fixes handling of to alert queries with lists in actor field

WebUI

  • adds custom db / warehouse / role so a single WebUI deployment can support multiple SnowAlert installations
  • fix buggy data connector form validation
  • dependency updates

Handlers

  • added ServiceNow handler
  • added SQL-based blocks to Slack handler (making UDF use optional)
  • fixed Slack handler exception handling (#401)

Scripts & minor fixes

  • more robust Jira bulk change script
  • pyYAML and pandas vuln updates
  • explicitly empty default region sets to default

External Contributors

Thanks to @bhasampa, @carolinepotts, @Chaitali-Sonparote, @mikeurbanski1, and @GalGreenfield for all your great and minor contributions to this release!

Assets 2
Loading