Bug fixes

• Server
  • Minor internal improvements.

Requirements

• TEF: 1.57.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The Azure > Storage > Storage Account > Data Protection control would go into an error state when container delete retention policy data was not available in CMDB. This issue is fixed and the control will now work as expected.

Bug fixes

• Fixed control category names for v7.2.10, v7.7.10 and v7.14.1.

What's new?

Control Types

• Azure > CIS v2.0
• Azure > CIS v2.0 > 01 - Identity and Access Management
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 Ensure That 'Number of methods required to reset' is set to '2'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
• Azure > CIS v2.0 > 02 - Microsoft Defender
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
• Azure > CIS v2.0 > 03 - Storage Accounts
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
• Azure > CIS v2.0 > 04 - Database Services
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
• Azure > CIS v2.0 > 05 - Logging and Monitoring
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
• Azure > CIS v2.0 > 06 - Networking
• Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
• Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
• Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
• Azure > CIS v2.0 > 07 - Virtual Machines
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
• Azure > CIS v2.0 > 08 - Key Vault
• Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
• Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
• Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
• Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
• Azure > CIS v2.0 > 09 - Application Services
• Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
• Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
• Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
• Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
• Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
• Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
• Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
• Azure > CIS v2.0 > 10 - Miscellaneous
• Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources

Policy Types

• Azure > CIS v2.0
• Azure > CIS v2.0 > 01 - Identity and Access Management
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.01 - Ensure Security Defaults is enabled on Azure Active Directory > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.02 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.03 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults > 1.01.04 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.01 - Ensure Trusted Locations Are Defined
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.02 - Ensure that an exclusionary Geographic Access Policy is considered > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.03 - Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.04 - Ensure that A Multi-factor Authentication Policy Exists for All Users > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.05 - Ensure Multi-factor Authentication is Required for Risky Sign-ins > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.02 - Conditional Access > 1.02.06 - Ensure Multi-factor Authentication is Required for Azure Management > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.03 - Ensure that 'Users can create Azure AD Tenants' is set to 'No' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.04 - Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.05 - Ensure Guest Users Are Reviewed on a Regular Basis
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.06 - Ensure That 'Number of methods required to reset' is set to '2' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.07 - Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.08 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.09 Ensure that 'Notify users on password resets?' is set to 'Yes' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.11 - Ensure User consent for applications is set to Do not allow user consent > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.14 - Ensure That 'Users Can Register Applications' Is Set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users"
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.19 - Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.23 - Ensure That No Custom Subscription Administrator Roles Exist
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
• Azure > CIS v2.0 > 01 - Identity and Access Management > 1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One' > Attestation
• Azure > CIS v2.0 > 01 - Identity and Access Management > Maximum Attestation Duration
• Azure > CIS v2.0 > 02 - Microsoft Defender
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.01 - Ensure That Microsoft Defender for Servers Is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.02 - Ensure That Microsoft Defender for App Services Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.04 - Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.05 - Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.06 - Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.07 - Ensure That Microsoft Defender for Storage Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.08 - Ensure That Microsoft Defender for Containers Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.09 - Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.10 - Ensure That Microsoft Defender for Key Vault Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.11 - Ensure That Microsoft Defender for DNS Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.12 - Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.13 - Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' > Attestation
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.14 - Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.15 - Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.16 - Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On' > Attestation
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.17 - Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' > Attestation
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.18 - Ensure That 'All users with the following roles' is set to 'Owner'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.20 - Ensure That 'Notify about alerts with the following severity' is Set to 'High'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.21 - Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.22 - Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.02 - Microsoft Defender for IoT > 2.02.01 - Ensure That Microsoft Defender for IoT Hub Is Set To 'On' > Attestation
• Azure > CIS v2.0 > 02 - Microsoft Defender > 2.03 - Microsoft Defender for External Attack Surface Monitoring
• Azure > CIS v2.0 > 02 - Microsoft Defender > Maximum Attestation Duration
• Azure > CIS v2.0 > 03 - Storage Accounts
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.01 - Ensure that 'Secure transfer required' is set to 'Enabled'
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.02 - Ensure that Enable Infrastructure Encryption for Each Storage Account in Azure Storage is Set to enabled
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.03 - Ensure that 'Enable key rotation reminders' is enabled for each Storage Account > Attestation
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.04 - Ensure that Storage Account Access Keys are Periodically Regenerated > Attestation
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.05 - Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.06 - Ensure that Shared Access Signature Tokens Expire Within an Hour > Attestation
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.08 - Ensure Default Network Access Rule for Storage Accounts is Set to Deny
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.09 - Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.10 - Ensure Private Endpoints are used to access Storage Accounts
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.11 - Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.12 - Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.13 - Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
• Azure > CIS v2.0 > 03 - Storage Accounts > 3.15 - Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2"
• Azure > CIS v2.0 > 03 - Storage Accounts > Maximum Attestation Duration
• Azure > CIS v2.0 > 04 - Database Services
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.01 - Ensure that 'Auditing' is set to 'On'
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.02 - Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.03 - Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.04 - Ensure that Azure Active Directory Admin is Configured for SQL Servers
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.05 - Ensure that 'Data encryption' is set to 'On' on a SQL Database
• Azure > CIS v2.0 > 04 - Database Services > 4.01 SQL Server - Auditing > 4.01.06 - Ensure that 'Auditing' Retention is 'greater than 90 days'
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.01 - Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.02 - Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.03 - Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.04 - Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
• Azure > CIS v2.0 > 04 - Database Services > 4.02 SQL Server - Microsoft Defender for SQL > 4.02.05 - Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.01 - Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.02 - Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.03 - Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.04 - Ensure Server Parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.05 - Ensure Server Parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.06 - Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.07 - Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
• Azure > CIS v2.0 > 04 - Database Services > 4.03 PostgreSQL Database Server > 4.03.08 - Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled'
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.01 - Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.02 - Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.03 - Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.04 - MySQL Database > 4.04.04 - Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.01 - Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.02 - Ensure That Private Endpoints Are Used Where Possible
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible
• Azure > CIS v2.0 > 04 - Database Services > 4.05 - Cosmos DB > 4.05.03 - Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible > Attestation
• Azure > CIS v2.0 > 04 - Database Services > Maximum Attestation Duration
• Azure > CIS v2.0 > 05 - Logging and Monitoring
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.03 - Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.04 - Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.05 - Ensure that logging for Azure Key Vault is 'Enabled'
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.01 - Configuring Diagnostic Settings > 5.01.07 - Ensure that logging for Azure AppService 'HTTP logs' is enabled
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.01 - Ensure that Activity Log Alert exists for Create Policy Assignment
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.02 - Ensure that Activity Log Alert exists for Delete Policy Assignment
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.03 - Ensure that Activity Log Alert exists for Create or Update Network Security Group
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.04 - Ensure that Activity Log Alert exists for Delete Network Security Group
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.05 - Ensure that Activity Log Alert exists for Create or Update Security Solution
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.06 - Ensure that Activity Log Alert exists for Delete Security Solution
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.07 - Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.08 - Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.09 - Ensure that Activity Log Alert exists for Create or Update Public IP Address rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.02 - Monitoring using Activity Log Alerts > 5.02.10 - Ensure that Activity Log Alert exists for Delete Public IP Address rule
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.03 - Configuring Application Insights > 5.03.01 - Ensure Application Insights are Configured
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.04 - Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it > Attestation
• Azure > CIS v2.0 > 05 - Logging and Monitoring > 5.05 - Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
• Azure > CIS v2.0 > 05 - Logging and Monitoring > Maximum Attestation Duration
• Azure > CIS v2.0 > 06 - Networking
• Azure > CIS v2.0 > 06 - Networking > 6.01 - Ensure that RDP access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.02 - Ensure that SSH access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.03 - Ensure that UDP access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.04 - Ensure that HTTP(S) access from the Internet is evaluated and restricted
• Azure > CIS v2.0 > 06 - Networking > 6.05 - Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
• Azure > CIS v2.0 > 06 - Networking > 6.06 - Ensure that Network Watcher is 'Enabled'
• Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis
• Azure > CIS v2.0 > 06 - Networking > 6.07 - Ensure that Public IP addresses are Evaluated on a Periodic Basis > Attestation
• Azure > CIS v2.0 > 06 - Networking > Maximum Attestation Duration
• Azure > CIS v2.0 > 07 - Virtual Machines
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.02 - Ensure Virtual Machines are utilizing Managed Disks
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.03 - Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.04 - Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.05 - Ensure that Only Approved Extensions Are Installed > Attestation
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.06 - Ensure that Endpoint Protection for all Virtual Machines is installed > Attestation
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted
• Azure > CIS v2.0 > 07 - Virtual Machines > 7.07 - [Legacy] Ensure that VHDs are Encrypted > Attestation
• Azure > CIS v2.0 > 07 - Virtual Machines > Maximum Attestation Duration
• Azure > CIS v2.0 > 08 - Key Vault
• Azure > CIS v2.0 > 08 - Key Vault > 8.01 - Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.02 - Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.03 - Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.04 - Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults
• Azure > CIS v2.0 > 08 - Key Vault > 8.05 - Ensure the key vault is recoverable
• Azure > CIS v2.0 > 08 - Key Vault > 8.06 - Ensure Role Based Access Control for Azure Key Vault
• Azure > CIS v2.0 > 08 - Key Vault > 8.07 - Ensure that Private Endpoints are Used for Azure Key Vault
• Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services
• Azure > CIS v2.0 > 08 - Key Vault > 8.08 - Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services > Attestation
• Azure > CIS v2.0 > 08 - Key Vault > Maximum Attestation Duration
• Azure > CIS v2.0 > 09 - Application Services
• Azure > CIS v2.0 > 09 - Application Services > 9.01 - Ensure App Service Authentication is set up for apps in Azure App Service
• Azure > CIS v2.0 > 09 - Application Services > 9.02 - Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
• Azure > CIS v2.0 > 09 - Application Services > 9.03 - Ensure Web App is using the latest version of TLS encryption
• Azure > CIS v2.0 > 09 - Application Services > 9.04 - Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On'
• Azure > CIS v2.0 > 09 - Application Services > 9.05 - Ensure that Register with Azure Active Directory is enabled on App Service
• Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.06 - Ensure That 'PHP version' is the Latest, If Used to Run the Web App > Attestation
• Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.07 - Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App > Attestation
• Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.08 - Ensure that 'Java version' is the latest, if used to run the Web App > Attestation
• Azure > CIS v2.0 > 09 - Application Services > 9.09 - Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App
• Azure > CIS v2.0 > 09 - Application Services > 9.10 - Ensure FTP deployments are Disabled
• Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets
• Azure > CIS v2.0 > 09 - Application Services > 9.11 - Ensure Azure Key Vaults are Used to Store Secrets > Attestation
• Azure > CIS v2.0 > 09 - Application Services > Maximum Attestation Duration
• Azure > CIS v2.0 > 10 - Miscellaneous
• Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources
• Azure > CIS v2.0 > 10 - Miscellaneous > 10.01 - Ensure that Resource Locks are set for Mission-Critical Azure Resources > Attestation
• Azure > CIS v2.0 > 10 - Miscellaneous > Maximum Attestation Duration
• Azure > CIS v2.0 > Maximum Attestation Duration

What's new?

• Server
  • Implemented monitoring for worker_factory in the CloudWatch Dashboard widgets "Events Queue Activity" and "Events Queue Backlog".
  • Established a CloudWatch Alarm for the _worker_factory queue.
  • Product, Vendor Tags to the IAM Role resources created by the TE stack.
  • Adjusted the threshold for the CloudWatch Alarm monitoring the _worker queue.

Bug fixes

• Server

  • Now, users with only Turbot/User access will no longer see grants or active grants belonging to other users. This ensures that you only view grants that are relevant to your permissions.
  • Control will move to error if it fails to determine the state at precheck.
  • System resilience has been enhanced through extended TTL settings and refined management of suspended processes, aiming to improve stability and reduce backlog issues.
  • Refined management of various processes to improve stability and reduce backlog issues.

• UI

  • Converted the template_input property of the policy setting in the Terraform plan to YAML format, improving clarity and manageability.

Requirements

• TEF: 1.57.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Moved the Turbot > Process Monitor control to operate within the priority queue, ensuring more timely and efficient processing of critical tasks.
• Updated the Turbot > Workspace > Background Tasks control to modify the next_tick_timestamp for any policy values that previously had incorrect defaults.

Bug fixes

• Minor fixes and improvements.

What's new?

• You can now configure rotation reminders for access keys and soft delete for blobs and containers in storage accounts. To get started, set the Azure > Storage > Storage Account > Access Keys > Rotation Reminder > * and Azure > Storage > Storage Account > Data Protection > Soft Delete > * policies respectively.

Control Types

• Azure > Storage > Storage Account > Access Keys
• Azure > Storage > Storage Account > Access Keys > Rotation Reminder
• Azure > Storage > Storage Account > Data Protection
• Azure > Storage > Storage Account > Data Protection > Soft Delete

Policy Types

• Azure > Storage > Storage Account > Access Keys
• Azure > Storage > Storage Account > Access Keys > Rotation Reminder
• Azure > Storage > Storage Account > Access Keys > Rotation Reminder > Days
• Azure > Storage > Storage Account > Data Protection
• Azure > Storage > Storage Account > Data Protection > Soft Delete
• Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs
• Azure > Storage > Storage Account > Data Protection > Soft Delete > Blobs > Retention Days
• Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers
• Azure > Storage > Storage Account > Data Protection > Soft Delete > Containers > Retention Days

Action Types

• Azure > Storage > Storage Account > Set Data Protection Soft Delete
• Azure > Storage > Storage Account > Update Rotation Reminder

What's new?

• You can now removed unapproved Firewall IP Ranges on SQL servers. To get started, set the Azure > SQL > Server > Firewall > IP Ranges > Approved > * policies.

Control Types

• Azure > SQL > Server > Firewall
• Azure > SQL > Server > Firewall > IP Ranges
• Azure > SQL > Server > Firewall > IP Ranges > Approved

Policy Types

• Azure > SQL > Server > Firewall
• Azure > SQL > Server > Firewall > IP Ranges
• Azure > SQL > Server > Firewall > IP Ranges > Approved
• Azure > SQL > Server > Firewall > IP Ranges > Approved > Compiled Rules
• Azure > SQL > Server > Firewall > IP Ranges > Approved > IP Addresses
• Azure > SQL > Server > Firewall > IP Ranges > Approved > Rules

Action Types

• Azure > SQL > Server > Update Firewall IP Ranges

Bug fixes

• The rotationPeriod and nextRotationTime attributes for Crypto Keys did not update correctly in CMDB when the rotation policy for such keys was removed. This is now fixed.

What's new?

• You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Encryption in Transit > * policies.
• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

Control Types

• Azure > MySQL > Flexible Server > Encryption in Transit

Policy Types

• Azure > MySQL > Flexible Server > Encryption in Transit

Action Types

• Azure > MySQL > Flexible Server > Update Encryption in Transit

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

Policy Types

• Azure > App Service > App Service Plan > Approved > Custom
• Azure > App Service > Function App > Approved > Custom
• Azure > App Service > Web App > Approved > Custom

Bug fixes

• The AWS > VPC > Flow Log > Configured control would sometimes go into an error state for flow logs created via the AWS console, even though they were correctly claimed by a Guardrails stack. This is now fixed.

What's new?

• You can now configure log checkpoints for Flexi Servers. To get started, set the Azure > PostgreSQL > Flexible Server > Audit Logging > * policies.
• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Control Types

• Azure > PostgreSQL > Flexible Server > Audit Logging

Policy Types

• Azure > PostgreSQL > Flexible Server > Audit Logging
• Azure > PostgreSQL > Flexible Server > Audit Logging > Log Checkpoints

Action Types

• Azure > PostgreSQL > Flexible Server > Update Audit Logging

What's new?

• You can now configure expiration for Key Vault Keys and Secrets. To get started, set the Azure > Key Vault > Key > Expiration > * and Azure > Key Vault > Secret > Expiration > * policies respectively.

Control Types

• Azure > Key Vault > Key > Expiration
• Azure > Key Vault > Secret > Expiration

Policy Types

• Azure > Key Vault > Key > Expiration
• Azure > Key Vault > Key > Expiration > Days [Default]
• Azure > Key Vault > Secret > Expiration
• Azure > Key Vault > Secret > Expiration > Days [Default]

Action Types

• Azure > Key Vault > Key > Set Expiration
• Azure > Key Vault > Secret > Set Expiration

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

Bug fixes

• The Azure > Storage > Storage Account > Queue > Logging control would go into a skipped state for storage accounts, irrespective of any policy setting for Logging. This issue is fixed and the control will now work as expected.

What's new?

• You can now delete existing Public IP Addresses which are unapproved for use in the Subscription. To get started, set the Azure > Network > Public IP Address > Approved policy to Enforce: Delete unapproved.

What's new?

• You can now configure Encryption in Transit for Flexi Servers. To get started, set the Azure > PostgresSql > Flexible Server > Encryption in Transit > * policies.

Control Types

• Azure > PostgreSQL > Flexible Server > Encryption in Transit

Policy Types

• Azure > PostgreSQL > Flexible Server > Encryption in Transit

Action Types

• Azure > PostgreSQL > Flexible Server > Update Encryption in Transit

What's new?

• You can now delete existing Entra ID users which are unapproved to be used in the Tenant. To get started, set the Azure > Active Directory > User > Approved policy to Enforce: Delete unapproved.

Policy Types

• Azure > Active Directory > User > Approved > Custom

What's new?

• You can now configure TLS version for Flexi Servers. To get started, set the Azure > MySQL > Flexible Server > Minimum TLS Version > * policies.

What's new?

• Added: Support for Postgres versions 11.21 and 11.22.

What's new?

• Account CMDB data will now also include alternate security contact details.

What's new?

Control Types

• AWS > CIS v2.0
• AWS > CIS v2.0 > 1 - Identity and Access Management
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
• AWS > CIS v2.0 > 2 - Storage
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enabled on S3 buckets
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
• AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
• AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
• AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
• AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
• AWS > CIS v2.0 > 3 - Logging
• AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
• AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
• AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
• AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
• AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
• AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
• AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
• AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
• AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
• AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
• AWS > CIS v2.0 > 4 - Monitoring
• AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
• AWS > CIS v2.0 > 5 - Networking
• AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
• AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
• AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
• AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
• AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
• AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2

Policy Types

• AWS > CIS v2.0
• AWS > CIS v2.0 > 1 - Identity and Access Management
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.01 - Maintain current contact details > Attestation
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.02 - Ensure security contact information is registered
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.03 - Ensure security questions are registered in the AWS account > Attestation
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.05 - Ensure MFA is enabled for the 'root' user account
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.06 - Ensure hardware MFA is enabled for the 'root' user account
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.08 - Ensure IAM password policy requires minimum length of 14 or greater
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.09 - Ensure IAM password policy prevents password reuse
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.15 - Ensure IAM Users Receive Permissions Only Through Groups
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.16 - Ensure IAM policies that allow full ":" administrative privileges are not attached
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.17 - Ensure a support role has been created to manage incidents with AWS Support
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.18 - Ensure IAM instance roles are used for AWS resource access from instances
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.19 - Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.20 - Ensure that IAM Access analyzer is enabled for all regions
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.21 - Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments > Attestation
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.22 - Ensure access to AWSCloudShellFullAccess is restricted > Attestation
• AWS > CIS v2.0 > 1 - Identity and Access Management > Maximum Attestation Duration
• AWS > CIS v2.0 > 2 - Storage
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3)
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.01 - Ensure S3 Bucket Policy is set to deny HTTP requests
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.02 - Ensure MFA Delete is enable on S3 buckets
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.03 - Ensure all data in Amazon S3 has been discovered, classified and secured when required > Attestation
• AWS > CIS v2.0 > 2 - Storage > 2.01 - Simple Storage Service (S3) > 2.01.04 - Ensure that S3 Buckets are configured with 'Block public access (bucket settings)'
• AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2)
• AWS > CIS v2.0 > 2 - Storage > 2.02 - Elastic Compute Cloud (EC2) > 2.02.01 - Ensure EBS Volume Encryption is Enabled in all Regions
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS)
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.01 - Ensure that encryption-at-rest is enabled for RDS Instances
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.02 - Ensure Auto Minor Version Upgrade feature is Enabled for RDS Instances
• AWS > CIS v2.0 > 2 - Storage > 2.03 - Relational Database Service (RDS) > 2.03.03 - Ensure that public access is not given to RDS Instance
• AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS)
• AWS > CIS v2.0 > 2 - Storage > 2.04 - Elastic File System (EFS) > 2.04.01 - Ensure that encryption is enabled for EFS file systems
• AWS > CIS v2.0 > 2 - Storage > Maximum Attestation Duration
• AWS > CIS v2.0 > 3 - Logging
• AWS > CIS v2.0 > 3 - Logging > 3.01 - Ensure CloudTrail is enabled in all regions
• AWS > CIS v2.0 > 3 - Logging > 3.02 - Ensure CloudTrail log file validation is enabled
• AWS > CIS v2.0 > 3 - Logging > 3.03 - Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible
• AWS > CIS v2.0 > 3 - Logging > 3.04 - Ensure CloudTrail trails are integrated with CloudWatch Logs
• AWS > CIS v2.0 > 3 - Logging > 3.05 - Ensure AWS Config is enabled in all regions
• AWS > CIS v2.0 > 3 - Logging > 3.06 - Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket
• AWS > CIS v2.0 > 3 - Logging > 3.07 - Ensure CloudTrail logs are encrypted at rest using KMS CMKs
• AWS > CIS v2.0 > 3 - Logging > 3.08 - Ensure rotation for customer created symmetric CMKs is enabled
• AWS > CIS v2.0 > 3 - Logging > 3.09 - Ensure VPC flow logging is enabled in all VPCs
• AWS > CIS v2.0 > 3 - Logging > 3.10 - Ensure that Object-level logging for write events is enabled for S3 bucket
• AWS > CIS v2.0 > 3 - Logging > 3.11 - Ensure that Object-level logging for read events is enabled for S3 bucket
• AWS > CIS v2.0 > 3 - Logging > Maximum Attestation Duration
• AWS > CIS v2.0 > 4 - Monitoring
• AWS > CIS v2.0 > 4 - Monitoring > 4.01 - Ensure unauthorized API calls are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.02 - Ensure management console sign-in without MFA is monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.03 - Ensure usage of 'root' account is monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.04 - Ensure IAM policy changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.05 - Ensure CloudTrail configuration changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.06 - Ensure AWS Management Console authentication failures are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.07 - Ensure disabling or scheduled deletion of customer created CMKs is monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.08 - Ensure S3 bucket policy changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.09 - Ensure AWS Config configuration changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.10 - Ensure security group changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.11 - Ensure Network Access Control Lists (NACL) changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.12 - Ensure changes to network gateways are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.13 - Ensure route table changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.14 - Ensure VPC changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.15 - Ensure AWS Organizations changes are monitored
• AWS > CIS v2.0 > 4 - Monitoring > 4.16 - Ensure AWS Security Hub is enabled
• AWS > CIS v2.0 > 4 - Monitoring > Maximum Attestation Duration
• AWS > CIS v2.0 > 5 - Networking
• AWS > CIS v2.0 > 5 - Networking > 5.01 - Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports
• AWS > CIS v2.0 > 5 - Networking > 5.02 - Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports
• AWS > CIS v2.0 > 5 - Networking > 5.03 - Ensure no security groups allow ingress from ::/0 to remote server administration ports
• AWS > CIS v2.0 > 5 - Networking > 5.04 - Ensure the default security group of every VPC restricts all traffic
• AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access'
• AWS > CIS v2.0 > 5 - Networking > 5.05 - Ensure routing tables for VPC peering are 'least access' > Attestation
• AWS > CIS v2.0 > 5 - Networking > 5.06 - Ensure that EC2 Metadata Service only allows IMDSv2
• AWS > CIS v2.0 > 5 - Networking > Maximum Attestation Duration
• AWS > CIS v2.0 > Maximum Attestation Duration

Bug fixes

• SQL Instances were sometimes not updated/cleaned up correctly via real-time events in Guardrails. This is now fixed.

What's new?

• You can now manage IMDS defaults for EC2 per region. To get started, set the AWS > EC2 > Account Attributes > Instance Metadata Service Defaults > * policies.

Bug fixes

• The AWS > EC2 > Instance > Approved control would sometimes fail to stop instances that were discovered in Guardrails via real-time events if the AWS > EC2 > Instance > Approved policy was set to Enforce: Stop unapproved if new. This is now fixed.

What's new?

• Storage Account CMDB data will now also include details about the account's blob service properties.

What's new?

• You can now configure connection_throttling parameter for PostgreSQL servers. To get started, set the Azure > PostgreSQL > Server > Audit Logging > Connection Throttling policy.

What's new?

• TLS version and audit log details will now be available in CMDB for Flexi Servers.

What's new?

• Users can now disable unapproved Keys in AWS. To get started, set the AWS > KMS > Key > Approved policy to Enforce: Disable unapproved.

Bug fixes

• In v5.15.1, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > SNS > Subscription > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of real-time events for Subscription from the SNS EventBridge rule created by the Event Handlers. This issue has now been fixed.

Bug fixes

• In v5.13.0, we introduced the policy value Enforce: Enabled but ignore permission errors for the AWS > KMS > Key > CMDB policy, allowing the corresponding CMDB control to ignore permission errors, if any, and proceed to completion. However, configuring the CMDB policy to Enforce: Enabled but ignore permission errors inadvertently introduced a bug, resulting in the removal of the EventBridge Rule for KMS by the Event Handlers. This issue has now been fixed.

Bug fixes

• Server
  • Minor internal improvements.

Requirements

• TEF: 1.57.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Control Types:

  • AWS > ECR > Repository > Policy
  • AWS > ECR > Repository > Policy > Required

• Policy Types:

  • AWS > ECR > Repository > Policy
  • AWS > ECR > Repository > Policy > Required
  • AWS > ECR > Repository > Policy > Required > Items

• Action Types:

  • AWS > ECR > Repository > Update Repository policy

Bug fixes

• Server
  • Account import will be smoother and more consistent than before.

Requirements

• TEF: 1.57.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

• The AWS > VPC > VPC > Stack control failed to claim security group rules correctly if the protocol for such rules was set to All or TCP in the stack's source policy. This issue has been fixed, and the control will now claim such rules correctly.

Bug fixes

• We have updated various policy definitions set during account imports to allow for a smoother account import experience. We recommend upgrading your TE to v5.42.21 or higher to enable these changes to take effect.

Bug fixes

• UI
  • Fixed the AWS login dropdown button to accurately display both existing and new grants.

Requirements

• TEF: 1.57.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Unsupported US Gov cloud regions were inadvertently included in the AWS > SageMaker > Code Repository > Regions policy, which led to the AWS > SageMaker > Code Repository > Discovery control being in an error state for those regions. We've now removed the unsupported US Gov cloud regions from the Regions policy.

What's new?

• Policy Types:
  • AWS > SageMaker > Notebook Instance > Approved > Custom

Bug fixes

• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
• In the previous version, we fixed an issue with the AWS > VPC > VPC > Stack control that prevented it from recognizing security group rules with the port range set to 0 correctly. However, the control still failed to claim existing security group rules available in Guardrails CMDB, due to an inadvertent bug introduced in v5.9.2. This issue has now been fixed, and the control will correctly claim existing security group rules.

Bug fixes

• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

• Previously, Guardrails unnecessarily listened to and processed real-time lists events for various storage resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

Bug fixes

• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.
• The AWS > EC2 > Snapshot > Active and AWS > EC2 > Snapshot > Approved controls will now not attempt to delete a snapshot if it has one or more AMIs attached to it.
• In the previous version, although we fixed a bug to prevent upserting volumes and snapshots with incorrect AKAs, there was still a provision for instances to be upserted with incorrect AKAs. We have now addressed this issue as well, ensuring instances are upserted more correctly and consistently than before.
• The deprecated ec2-reports:* permissions are now removed from the mod.

Bug fixes

• Guardrails will now exclude upserting VPC resources that are shared from other accounts and only upsert resources that belong to the owner account.
• In the previous version, we believed we had resolved an issue with Internet Gateways not being upserted into the CMDB while processing real-time CreateDefaultVpc events. However, we overlooked an edge case in the fix. We have now addressed this issue, ensuring that Internet Gateways will be reliably discovered and upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to version 5.17.1 or higher to enable Guardrails to correctly process real-time CreateDefaultVpc events for Internet Gateways.
• Guardrails failed to filter out real-time events for resource types if their parent resource types' CMDB policy was set to Enforce: Disabled. This is now fixed.

Bug fixes

• The AWS > VPC > VPC > Stack control would sometimes go into an error state after creating security group rules with port range set to 0. This occurred because the control failed to recognize the existing rule in Guardrails CMDB and attempted to create a new rule instead. This issue has been fixed, and the stack control will now work correctly as expected.
• The AWS > VPC > Security Group > CMDB control would sometimes go into an error state for security groups shared from other AWS accounts. We will now exclude shared security groups and only upsert security groups that belong to the owner account.

What's new?

• You can now also manage the IAM Permissions model for Guardrails Users via the AWS > Turbot > IAM > Managed control. The AWS > Turbot > IAM > Managed control is faster and more efficient than the existing AWS > Turbot > IAM control because it utilizes Native AWS APIs rather than Terraform to manage IAM resources. Please note that this feature will work as intended only on TE v5.42.19 or higher and turbot-iam mod v5.11.0 or higher.

• Control Types

  • AWS > Turbot > IAM > Group
  • AWS > Turbot > IAM > Group > Managed
  • AWS > Turbot > IAM > Managed
  • AWS > Turbot > IAM > Policy
  • AWS > Turbot > IAM > Policy > Managed
  • AWS > Turbot > IAM > Role
  • AWS > Turbot > IAM > Role > Managed
  • AWS > Turbot > IAM > User
  • AWS > Turbot > IAM > User > Managed

• Policy Types

  • AWS > Turbot > IAM > Managed

• Policy Types Renamed

  • AWS > IAM > Turbot to AWS > Turbot > IAM

• Action Types

  • AWS > Account > Provision Managed Resources
  • AWS > IAM > Group > Detach and delete
  • AWS > IAM > Group > IAM Group Managed
  • AWS > IAM > Policy > Detach and delete
  • AWS > IAM > Role > IAM Role Managed
  • AWS > IAM > User > IAM User Managed

Bug fixes

The AWS > IAM > Group > CMDB, AWS > IAM > Role > CMDB, and AWS > IAM > User > CMDB controls previously failed to fetch all attachments for groups, roles, and users, respectively, due to the lack of pagination support. This issue has been fixed, and the controls will now correctly fetch all respective attachments.

Bug fixes

• Server

  • Updated the tier for the SSM parameter /tenant/${workspaceFullId} to Advanced.
  • Delete operations for resources is now faster and more efficient than before.
  • Auto mod update control for mods will now look only for recommended versions instead of available and recommended.
  • Fixed policy value resolution to default to the value of resolvedSchema if not available in the schema.

• UI

  • Fixed a table typo in the Steampipe query used in the resources developer tab.
  • Display the AWS login button when setting permissions via the AWS > Turbot > IAM > Managed control.

Requirements

• TEF: 1.57.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The default value for Turbot > IAM > Permissions > Compiled > Levels > Turbot policy will now be evaluated correctly and consistently.

Bug fixes

• SSM Parameters with incorrect names would sometimes be inadvertently upserted in Guardrails CMDB. This issue has now been fixed.

What's new?

• The AWS > S3 > Bucket CMDB data will now also include information about Bucket Intelligent Tiering Configuration.

• A few policy values in the AWS > S3 > Bucket > Encyprion at Rest policy have now been deprecated and will be removed in the next major mod version (v6.0.0) because they are no longer supported by AWS.

  | Deprecated Values
  |- | Check: None
  | Check: None or higher
  | Enforce: None
  | Enforce: None or higher

Bug fixes

• Previously, Guardrails did not upsert Internet Gateways into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and Internet Gateways will now be more reliably upserted into the Guardrails CMDB. We recommend updating the aws-vpc-core mod to v5.17.1 or higher to allow Guardrails to process the CreateDefaultVpc event for Internet Gateways correctly.

Bug fixes

• Previously, Guardrails did not upsert DHCP Options into the CMDB while processing real-time CreateDefaultVpc events. This issue has been fixed, and DHCP Options will now be more reliably upserted into the Guardrails CMDB.

Bug fixes

• Previously, Guardrails unnecessarily listened to and processed real-time lists events for various Dataproc resources. We've now improved our events filter to ignore these lists events, thereby reducing unnecessary processing.

Bug fixes

• The GCP > Turbot > Event Handlers > Pub/Sub stack control previously attempted to create a topic and its IAM member incorrectly when the GCP > Turbot > Event Handlers > Logging > Unique Writer Identity policy was set to Enforce: Unique Identity, but the project number for the project was not available. This is fixed and the control will transition to an Invalid state until Guardrails can correctly fetch the project number.

What's new?

• Control Types:

  • GCP > Pub/Sub > Topic > Labels

• Policy Types:

  • GCP > Pub/Sub > Topic > Labels
  • GCP > Pub/Sub > Topic > Labels > Template

• Action Types

  • GCP > Pub/Sub > Topic > Set Labels

Bug fixes

• In a previous version (v5.6.2), we introduced a change in the AWS > S3 > Bucket > Encryption in Transit and AWS > S3 > Bucket > Encryption at Rest control to wait for a few minutes before applying the respective policies to new buckets created via Cloudformation Stacks. We've now extended this feature to all buckets regardless of how they were created, to ensure that IaC changes can be correctly applied to buckets without interference from immediate policy enforcements.

What's new?

• Added support for Advanced Tier for SSM Parameters.
• Increased the visibility timeout from 60 seconds to 7200 seconds and decreased the message retention period to 7 days for runnable DLQ.

What's new?

• Added: Support for Postgres versions 14.9, 14.10, 15.4 and 15.5.
• Added: Support for Redis 7.1.
• Added: m6gd.medium to instance type parameter for RDS.
• Added: Support for Advanced Tier for SSM Parameters.
• Removed: t4.micro and t4.small from instance type parameter for RDS.

Note

To use the latest RDS certificate in commercial cloud, please upgrade TE to 5.42.3 or higher and update the RDS CA Certificate for Commercial Cloud parameter.

Bug fixes

• Server

  • Added: Support for AWS Custom Group Levels.
  • Updated: The DLQ lambda timeout has been updated to 2 minutes instead of 1 minute.
  • Updated: The Events DLQ visibility timeout has been increased from 15 minutes to 4 hours.
  • Updated: The Events DLQ MessageRetentionPeriod has been decreased from 14 days to 7 days.

• UI

  • Added: Action button to run immediate policy value.

Requirements

• TEF: 1.57.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Added support for group permission levels.

What's new?

• Control Types:

  • GCP > Firebase > Android App > ServiceNow
  • GCP > Firebase > Android App > ServiceNow > Configuration Item
  • GCP > Firebase > Android App > ServiceNow > Table
  • GCP > Firebase > Firebase Project > ServiceNow
  • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
  • GCP > Firebase > Firebase Project > ServiceNow > Table
  • GCP > Firebase > Web App > ServiceNow
  • GCP > Firebase > Web App > ServiceNow > Configuration Item
  • GCP > Firebase > Web App > ServiceNow > Table
  • GCP > Firebase > iOS App > ServiceNow
  • GCP > Firebase > iOS App > ServiceNow > Configuration Item
  • GCP > Firebase > iOS App > ServiceNow > Table

• Policy Types:

  • GCP > Firebase > Android App > ServiceNow
  • GCP > Firebase > Android App > ServiceNow > Configuration Item
  • GCP > Firebase > Android App > ServiceNow > Configuration Item > Record
  • GCP > Firebase > Android App > ServiceNow > Configuration Item > Table Definition
  • GCP > Firebase > Android App > ServiceNow > Table
  • GCP > Firebase > Android App > ServiceNow > Table > Definition
  • GCP > Firebase > Firebase Project > ServiceNow
  • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item
  • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Record
  • GCP > Firebase > Firebase Project > ServiceNow > Configuration Item > Table Definition
  • GCP > Firebase > Firebase Project > ServiceNow > Table
  • GCP > Firebase > Firebase Project > ServiceNow > Table > Definition
  • GCP > Firebase > Web App > ServiceNow
  • GCP > Firebase > Web App > ServiceNow > Configuration Item
  • GCP > Firebase > Web App > ServiceNow > Configuration Item > Record
  • GCP > Firebase > Web App > ServiceNow > Configuration Item > Table Definition
  • GCP > Firebase > Web App > ServiceNow > Table
  • GCP > Firebase > Web App > ServiceNow > Table > Definition
  • GCP > Firebase > iOS App > ServiceNow
  • GCP > Firebase > iOS App > ServiceNow > Configuration Item
  • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Record
  • GCP > Firebase > iOS App > ServiceNow > Configuration Item > Table Definition
  • GCP > Firebase > iOS App > ServiceNow > Table
  • GCP > Firebase > iOS App > ServiceNow > Table > Definition

What's new?

• The AWS > Secrets Manager > Secret > CMDB control would go into an error state if Guardrails did not have permissions to describe a secret. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > Secrets Manager > Secret > CMDB policy to Enforce: Enabled but ignore permission errors.

What's new?

• You can now attach custom IAM Groups to Guardrails users if the AWS > Turbot > Permissions policy is set to Enforce: User Mode. To get started, set the AWS > Turbot > Permissions > Custom Group Levels [Account] policy and then attach the custom group to a user via the Grant Permission button on the Permissions page. Please note that this feature will work as intended only on TE v5.42.18 or higher and turbot-iam mod v5.11.0 or higher.

• Policy Types:

  • AWS > Turbot > Permissions > Custom Group Levels [Account]

• Policy Types renamed:

  • AWS > Turbot > Permissions > Custom Levels [Account] to AWS > Turbot > Permissions > Custom Role Levels [Account]
  • AWS > Turbot > Permissions > Custom Levels [Folder] to AWS > Turbot > Permissions > Custom Role Levels [Folder]

What's new?

• Control Types:

  • GCP > Network > Address > ServiceNow
  • GCP > Network > Address > ServiceNow > Configuration Item
  • GCP > Network > Address > ServiceNow > Table
  • GCP > Network > Backend Bucket > ServiceNow
  • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
  • GCP > Network > Backend Bucket > ServiceNow > Table
  • GCP > Network > Backend Service > ServiceNow
  • GCP > Network > Backend Service > ServiceNow > Configuration Item
  • GCP > Network > Backend Service > ServiceNow > Table
  • GCP > Network > Firewall > ServiceNow
  • GCP > Network > Firewall > ServiceNow > Configuration Item
  • GCP > Network > Firewall > ServiceNow > Table
  • GCP > Network > Forwarding Rule > ServiceNow
  • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
  • GCP > Network > Forwarding Rule > ServiceNow > Table
  • GCP > Network > Global Address > ServiceNow
  • GCP > Network > Global Address > ServiceNow > Configuration Item
  • GCP > Network > Global Address > ServiceNow > Table
  • GCP > Network > Global Forwarding Rule > ServiceNow
  • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
  • GCP > Network > Global Forwarding Rule > ServiceNow > Table
  • GCP > Network > Interconnect > ServiceNow
  • GCP > Network > Interconnect > ServiceNow > Configuration Item
  • GCP > Network > Interconnect > ServiceNow > Table
  • GCP > Network > Packet Mirroring > ServiceNow
  • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
  • GCP > Network > Packet Mirroring > ServiceNow > Table
  • GCP > Network > Region Backend Service > ServiceNow
  • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
  • GCP > Network > Region Backend Service > ServiceNow > Table
  • GCP > Network > Region SSL Certificate > ServiceNow
  • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
  • GCP > Network > Region SSL Certificate > ServiceNow > Table
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
  • GCP > Network > Region URL Map > ServiceNow
  • GCP > Network > Region URL Map > ServiceNow > Configuration Item
  • GCP > Network > Region URL Map > ServiceNow > Table
  • GCP > Network > Route > ServiceNow
  • GCP > Network > Route > ServiceNow > Configuration Item
  • GCP > Network > Route > ServiceNow > Table
  • GCP > Network > Router > ServiceNow
  • GCP > Network > Router > ServiceNow > Configuration Item
  • GCP > Network > Router > ServiceNow > Table
  • GCP > Network > SSL Certificate > ServiceNow
  • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
  • GCP > Network > SSL Certificate > ServiceNow > Table
  • GCP > Network > SSL Policy > ServiceNow
  • GCP > Network > SSL Policy > ServiceNow > Configuration Item
  • GCP > Network > SSL Policy > ServiceNow > Table
  • GCP > Network > Target HTTPS Proxy > ServiceNow
  • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
  • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
  • GCP > Network > Target Pool > ServiceNow
  • GCP > Network > Target Pool > ServiceNow > Configuration Item
  • GCP > Network > Target Pool > ServiceNow > Table
  • GCP > Network > Target SSL Proxy > ServiceNow
  • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
  • GCP > Network > Target SSL Proxy > ServiceNow > Table
  • GCP > Network > Target TCP Proxy > ServiceNow
  • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
  • GCP > Network > Target TCP Proxy > ServiceNow > Table
  • GCP > Network > Target VPN Gateway > ServiceNow
  • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
  • GCP > Network > Target VPN Gateway > ServiceNow > Table
  • GCP > Network > URL Map > ServiceNow
  • GCP > Network > URL Map > ServiceNow > Configuration Item
  • GCP > Network > URL Map > ServiceNow > Table
  • GCP > Network > VPN Tunnel > ServiceNow
  • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
  • GCP > Network > VPN Tunnel > ServiceNow > Table

• Policy Types:

  • GCP > Network > Address > ServiceNow
  • GCP > Network > Address > ServiceNow > Configuration Item
  • GCP > Network > Address > ServiceNow > Configuration Item > Record
  • GCP > Network > Address > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Address > ServiceNow > Table
  • GCP > Network > Address > ServiceNow > Table > Definition
  • GCP > Network > Backend Bucket > ServiceNow
  • GCP > Network > Backend Bucket > ServiceNow > Configuration Item
  • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Record
  • GCP > Network > Backend Bucket > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Backend Bucket > ServiceNow > Table
  • GCP > Network > Backend Bucket > ServiceNow > Table > Definition
  • GCP > Network > Backend Service > ServiceNow
  • GCP > Network > Backend Service > ServiceNow > Configuration Item
  • GCP > Network > Backend Service > ServiceNow > Configuration Item > Record
  • GCP > Network > Backend Service > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Backend Service > ServiceNow > Table
  • GCP > Network > Backend Service > ServiceNow > Table > Definition
  • GCP > Network > Firewall > ServiceNow
  • GCP > Network > Firewall > ServiceNow > Configuration Item
  • GCP > Network > Firewall > ServiceNow > Configuration Item > Record
  • GCP > Network > Firewall > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Firewall > ServiceNow > Table
  • GCP > Network > Firewall > ServiceNow > Table > Definition
  • GCP > Network > Forwarding Rule > ServiceNow
  • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item
  • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Record
  • GCP > Network > Forwarding Rule > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Forwarding Rule > ServiceNow > Table
  • GCP > Network > Forwarding Rule > ServiceNow > Table > Definition
  • GCP > Network > Global Address > ServiceNow
  • GCP > Network > Global Address > ServiceNow > Configuration Item
  • GCP > Network > Global Address > ServiceNow > Configuration Item > Record
  • GCP > Network > Global Address > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Global Address > ServiceNow > Table
  • GCP > Network > Global Address > ServiceNow > Table > Definition
  • GCP > Network > Global Forwarding Rule > ServiceNow
  • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item
  • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Record
  • GCP > Network > Global Forwarding Rule > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Global Forwarding Rule > ServiceNow > Table
  • GCP > Network > Global Forwarding Rule > ServiceNow > Table > Definition
  • GCP > Network > Interconnect > ServiceNow
  • GCP > Network > Interconnect > ServiceNow > Configuration Item
  • GCP > Network > Interconnect > ServiceNow > Configuration Item > Record
  • GCP > Network > Interconnect > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Interconnect > ServiceNow > Table
  • GCP > Network > Interconnect > ServiceNow > Table > Definition
  • GCP > Network > Packet Mirroring > ServiceNow
  • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item
  • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Record
  • GCP > Network > Packet Mirroring > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Packet Mirroring > ServiceNow > Table
  • GCP > Network > Packet Mirroring > ServiceNow > Table > Definition
  • GCP > Network > Region Backend Service > ServiceNow
  • GCP > Network > Region Backend Service > ServiceNow > Configuration Item
  • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Record
  • GCP > Network > Region Backend Service > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Region Backend Service > ServiceNow > Table
  • GCP > Network > Region Backend Service > ServiceNow > Table > Definition
  • GCP > Network > Region SSL Certificate > ServiceNow
  • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item
  • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Record
  • GCP > Network > Region SSL Certificate > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Region SSL Certificate > ServiceNow > Table
  • GCP > Network > Region SSL Certificate > ServiceNow > Table > Definition
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Record
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table
  • GCP > Network > Region Target HTTPS Proxy > ServiceNow > Table > Definition
  • GCP > Network > Region URL Map > ServiceNow
  • GCP > Network > Region URL Map > ServiceNow > Configuration Item
  • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Record
  • GCP > Network > Region URL Map > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Region URL Map > ServiceNow > Table
  • GCP > Network > Region URL Map > ServiceNow > Table > Definition
  • GCP > Network > Route > ServiceNow
  • GCP > Network > Route > ServiceNow > Configuration Item
  • GCP > Network > Route > ServiceNow > Configuration Item > Record
  • GCP > Network > Route > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Route > ServiceNow > Table
  • GCP > Network > Route > ServiceNow > Table > Definition
  • GCP > Network > Router > ServiceNow
  • GCP > Network > Router > ServiceNow > Configuration Item
  • GCP > Network > Router > ServiceNow > Configuration Item > Record
  • GCP > Network > Router > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Router > ServiceNow > Table
  • GCP > Network > Router > ServiceNow > Table > Definition
  • GCP > Network > SSL Certificate > ServiceNow
  • GCP > Network > SSL Certificate > ServiceNow > Configuration Item
  • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Record
  • GCP > Network > SSL Certificate > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > SSL Certificate > ServiceNow > Table
  • GCP > Network > SSL Certificate > ServiceNow > Table > Definition
  • GCP > Network > SSL Policy > ServiceNow
  • GCP > Network > SSL Policy > ServiceNow > Configuration Item
  • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Record
  • GCP > Network > SSL Policy > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > SSL Policy > ServiceNow > Table
  • GCP > Network > SSL Policy > ServiceNow > Table > Definition
  • GCP > Network > Target HTTPS Proxy > ServiceNow
  • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item
  • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Record
  • GCP > Network > Target HTTPS Proxy > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Target HTTPS Proxy > ServiceNow > Table
  • GCP > Network > Target HTTPS Proxy > ServiceNow > Table > Definition
  • GCP > Network > Target Pool > ServiceNow
  • GCP > Network > Target Pool > ServiceNow > Configuration Item
  • GCP > Network > Target Pool > ServiceNow > Configuration Item > Record
  • GCP > Network > Target Pool > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Target Pool > ServiceNow > Table
  • GCP > Network > Target Pool > ServiceNow > Table > Definition
  • GCP > Network > Target SSL Proxy > ServiceNow
  • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item
  • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Record
  • GCP > Network > Target SSL Proxy > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Target SSL Proxy > ServiceNow > Table
  • GCP > Network > Target SSL Proxy > ServiceNow > Table > Definition
  • GCP > Network > Target TCP Proxy > ServiceNow
  • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item
  • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Record
  • GCP > Network > Target TCP Proxy > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Target TCP Proxy > ServiceNow > Table
  • GCP > Network > Target TCP Proxy > ServiceNow > Table > Definition
  • GCP > Network > Target VPN Gateway > ServiceNow
  • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item
  • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Record
  • GCP > Network > Target VPN Gateway > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Target VPN Gateway > ServiceNow > Table
  • GCP > Network > Target VPN Gateway > ServiceNow > Table > Definition
  • GCP > Network > URL Map > ServiceNow
  • GCP > Network > URL Map > ServiceNow > Configuration Item
  • GCP > Network > URL Map > ServiceNow > Configuration Item > Record
  • GCP > Network > URL Map > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > URL Map > ServiceNow > Table
  • GCP > Network > URL Map > ServiceNow > Table > Definition
  • GCP > Network > VPN Tunnel > ServiceNow
  • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item
  • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Record
  • GCP > Network > VPN Tunnel > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > VPN Tunnel > ServiceNow > Table
  • GCP > Network > VPN Tunnel > ServiceNow > Table > Definition

Bug fixes

• The AWS > VPC > VPC > Stack control would sometimes fail to claim existing Flow Logs in Guardrails CMDB. This is now fixed.

What's new?

• Control Types:

  • GCP > IAM > Project Role > ServiceNow
  • GCP > IAM > Project Role > ServiceNow > Configuration Item
  • GCP > IAM > Project Role > ServiceNow > Table
  • GCP > IAM > Project User > ServiceNow
  • GCP > IAM > Project User > ServiceNow > Configuration Item
  • GCP > IAM > Project User > ServiceNow > Table
  • GCP > IAM > Service Account > ServiceNow
  • GCP > IAM > Service Account > ServiceNow > Configuration Item
  • GCP > IAM > Service Account > ServiceNow > Table
  • GCP > IAM > Service Account Key > ServiceNow
  • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
  • GCP > IAM > Service Account Key > ServiceNow > Table
  • GCP > Project > Policy > ServiceNow
  • GCP > Project > Policy > ServiceNow > Configuration Item
  • GCP > Project > Policy > ServiceNow > Table

• Policy Types:

  • GCP > IAM > Project Role > ServiceNow
  • GCP > IAM > Project Role > ServiceNow > Configuration Item
  • GCP > IAM > Project Role > ServiceNow > Configuration Item > Record
  • GCP > IAM > Project Role > ServiceNow > Configuration Item > Table Definition
  • GCP > IAM > Project Role > ServiceNow > Table
  • GCP > IAM > Project Role > ServiceNow > Table > Definition
  • GCP > IAM > Project User > ServiceNow
  • GCP > IAM > Project User > ServiceNow > Configuration Item
  • GCP > IAM > Project User > ServiceNow > Configuration Item > Record
  • GCP > IAM > Project User > ServiceNow > Configuration Item > Table Definition
  • GCP > IAM > Project User > ServiceNow > Table
  • GCP > IAM > Project User > ServiceNow > Table > Definition
  • GCP > IAM > Service Account > ServiceNow
  • GCP > IAM > Service Account > ServiceNow > Configuration Item
  • GCP > IAM > Service Account > ServiceNow > Configuration Item > Record
  • GCP > IAM > Service Account > ServiceNow > Configuration Item > Table Definition
  • GCP > IAM > Service Account > ServiceNow > Table
  • GCP > IAM > Service Account > ServiceNow > Table > Definition
  • GCP > IAM > Service Account Key > ServiceNow
  • GCP > IAM > Service Account Key > ServiceNow > Configuration Item
  • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Record
  • GCP > IAM > Service Account Key > ServiceNow > Configuration Item > Table Definition
  • GCP > IAM > Service Account Key > ServiceNow > Table
  • GCP > IAM > Service Account Key > ServiceNow > Table > Definition
  • GCP > Project > Policy > ServiceNow
  • GCP > Project > Policy > ServiceNow > Configuration Item
  • GCP > Project > Policy > ServiceNow > Configuration Item > Record
  • GCP > Project > Policy > ServiceNow > Configuration Item > Table Definition
  • GCP > Project > Policy > ServiceNow > Table
  • GCP > Project > Policy > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Functions > Function > ServiceNow
  • GCP > Functions > Function > ServiceNow > Configuration Item
  • GCP > Functions > Function > ServiceNow > Table

• Policy Types:

  • GCP > Functions > Function > ServiceNow
  • GCP > Functions > Function > ServiceNow > Configuration Item
  • GCP > Functions > Function > ServiceNow > Configuration Item > Record
  • GCP > Functions > Function > ServiceNow > Configuration Item > Table Definition
  • GCP > Functions > Function > ServiceNow > Table
  • GCP > Functions > Function > ServiceNow > Table > Definition

Bug fixes

• The AWS > SNS > Subscription > CMDB control would go into an error state if Guardrails did not have permissions to describe a subscription. Users can now ignore such permission errors and allow the CMDB control to run its course to completion. To get started, set the AWS > SNS > Subscription > CMDB policy to Enforce: Enabled but ignore permission errors.

What's new?

• Control Types:

  • GCP > Project > ServiceNow
  • GCP > Project > ServiceNow > Configuration Item
  • GCP > Project > ServiceNow > Table

• Policy Types:

  • GCP > Project > ServiceNow
  • GCP > Project > ServiceNow > Configuration Item
  • GCP > Project > ServiceNow > Configuration Item > Record
  • GCP > Project > ServiceNow > Configuration Item > Table Definition
  • GCP > Project > ServiceNow > Table
  • GCP > Project > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Memorystore > Instance > ServiceNow
  • GCP > Memorystore > Instance > ServiceNow > Configuration Item
  • GCP > Memorystore > Instance > ServiceNow > Table

• Policy Types:

  • GCP > Memorystore > Instance > ServiceNow
  • GCP > Memorystore > Instance > ServiceNow > Configuration Item
  • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Record
  • GCP > Memorystore > Instance > ServiceNow > Configuration Item > Table Definition
  • GCP > Memorystore > Instance > ServiceNow > Table
  • GCP > Memorystore > Instance > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Storage > Object > ServiceNow
  • GCP > Storage > Object > ServiceNow > Configuration Item
  • GCP > Storage > Object > ServiceNow > Table

• Policy Types:

  • GCP > Storage > Object > ServiceNow
  • GCP > Storage > Object > ServiceNow > Configuration Item
  • GCP > Storage > Object > ServiceNow > Configuration Item > Record
  • GCP > Storage > Object > ServiceNow > Configuration Item > Table Definition
  • GCP > Storage > Object > ServiceNow > Table
  • GCP > Storage > Object > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Secret Manager > Secret > ServiceNow
  • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
  • GCP > Secret Manager > Secret > ServiceNow > Table

• Policy Types:

  • GCP > Secret Manager > Secret > ServiceNow
  • GCP > Secret Manager > Secret > ServiceNow > Configuration Item
  • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Record
  • GCP > Secret Manager > Secret > ServiceNow > Configuration Item > Table Definition
  • GCP > Secret Manager > Secret > ServiceNow > Table
  • GCP > Secret Manager > Secret > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Scheduler > Job > ServiceNow
  • GCP > Scheduler > Job > ServiceNow > Configuration Item
  • GCP > Scheduler > Job > ServiceNow > Table

• Policy Types:

  • GCP > Scheduler > Job > ServiceNow
  • GCP > Scheduler > Job > ServiceNow > Configuration Item
  • GCP > Scheduler > Job > ServiceNow > Configuration Item > Record
  • GCP > Scheduler > Job > ServiceNow > Configuration Item > Table Definition
  • GCP > Scheduler > Job > ServiceNow > Table
  • GCP > Scheduler > Job > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Dataproc > Cluster > ServiceNow
  • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
  • GCP > Dataproc > Cluster > ServiceNow > Table
  • GCP > Dataproc > Job > ServiceNow
  • GCP > Dataproc > Job > ServiceNow > Configuration Item
  • GCP > Dataproc > Job > ServiceNow > Table
  • GCP > Dataproc > Workflow Template > ServiceNow
  • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
  • GCP > Dataproc > Workflow Template > ServiceNow > Table

• Policy Types:

  • GCP > Dataproc > Cluster > ServiceNow
  • GCP > Dataproc > Cluster > ServiceNow > Configuration Item
  • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Record
  • GCP > Dataproc > Cluster > ServiceNow > Configuration Item > Table Definition
  • GCP > Dataproc > Cluster > ServiceNow > Table
  • GCP > Dataproc > Cluster > ServiceNow > Table > Definition
  • GCP > Dataproc > Job > ServiceNow
  • GCP > Dataproc > Job > ServiceNow > Configuration Item
  • GCP > Dataproc > Job > ServiceNow > Configuration Item > Record
  • GCP > Dataproc > Job > ServiceNow > Configuration Item > Table Definition
  • GCP > Dataproc > Job > ServiceNow > Table
  • GCP > Dataproc > Job > ServiceNow > Table > Definition
  • GCP > Dataproc > Workflow Template > ServiceNow
  • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item
  • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Record
  • GCP > Dataproc > Workflow Template > ServiceNow > Configuration Item > Table Definition
  • GCP > Dataproc > Workflow Template > ServiceNow > Table
  • GCP > Dataproc > Workflow Template > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Composer > Environment > ServiceNow
  • GCP > Composer > Environment > ServiceNow > Configuration Item
  • GCP > Composer > Environment > ServiceNow > Table

• Policy Types:

  • GCP > Composer > Environment > ServiceNow
  • GCP > Composer > Environment > ServiceNow > Configuration Item
  • GCP > Composer > Environment > ServiceNow > Configuration Item > Record
  • GCP > Composer > Environment > ServiceNow > Configuration Item > Table Definition
  • GCP > Composer > Environment > ServiceNow > Table
  • GCP > Composer > Environment > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Monitoring > Alert Policy > ServiceNow
  • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
  • GCP > Monitoring > Alert Policy > ServiceNow > Table
  • GCP > Monitoring > Group > ServiceNow
  • GCP > Monitoring > Group > ServiceNow > Configuration Item
  • GCP > Monitoring > Group > ServiceNow > Table
  • GCP > Monitoring > Notification Channel > ServiceNow
  • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
  • GCP > Monitoring > Notification Channel > ServiceNow > Table

• Policy Types:

  • GCP > Monitoring > Alert Policy > ServiceNow
  • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item
  • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Record
  • GCP > Monitoring > Alert Policy > ServiceNow > Configuration Item > Table Definition
  • GCP > Monitoring > Alert Policy > ServiceNow > Table
  • GCP > Monitoring > Alert Policy > ServiceNow > Table > Definition
  • GCP > Monitoring > Group > ServiceNow
  • GCP > Monitoring > Group > ServiceNow > Configuration Item
  • GCP > Monitoring > Group > ServiceNow > Configuration Item > Record
  • GCP > Monitoring > Group > ServiceNow > Configuration Item > Table Definition
  • GCP > Monitoring > Group > ServiceNow > Table
  • GCP > Monitoring > Group > ServiceNow > Table > Definition
  • GCP > Monitoring > Notification Channel > ServiceNow
  • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item
  • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Record
  • GCP > Monitoring > Notification Channel > ServiceNow > Configuration Item > Table Definition
  • GCP > Monitoring > Notification Channel > ServiceNow > Table
  • GCP > Monitoring > Notification Channel > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > DNS > Managed Zone > ServiceNow
  • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
  • GCP > DNS > Managed Zone > ServiceNow > Table

• Policy Types:

  • GCP > DNS > Managed Zone > ServiceNow
  • GCP > DNS > Managed Zone > ServiceNow > Configuration Item
  • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Record
  • GCP > DNS > Managed Zone > ServiceNow > Configuration Item > Table Definition
  • GCP > DNS > Managed Zone > ServiceNow > Table
  • GCP > DNS > Managed Zone > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Datapipeline > Pipeline > ServiceNow
  • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
  • GCP > Datapipeline > Pipeline > ServiceNow > Table

• Policy Types:

  • GCP > Datapipeline > Pipeline > ServiceNow
  • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item
  • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Record
  • GCP > Datapipeline > Pipeline > ServiceNow > Configuration Item > Table Definition
  • GCP > Datapipeline > Pipeline > ServiceNow > Table
  • GCP > Datapipeline > Pipeline > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Dataflow > Job > ServiceNow
  • GCP > Dataflow > Job > ServiceNow > Configuration Item
  • GCP > Dataflow > Job > ServiceNow > Table

• Policy Types:

  • GCP > Dataflow > Job > ServiceNow
  • GCP > Dataflow > Job > ServiceNow > Configuration Item
  • GCP > Dataflow > Job > ServiceNow > Configuration Item > Record
  • GCP > Dataflow > Job > ServiceNow > Configuration Item > Table Definition
  • GCP > Dataflow > Job > ServiceNow > Table
  • GCP > Dataflow > Job > ServiceNow > Table > Definition

Bug fixes

• The GCP > Compute Engine > Instance Template > CMDB control would sometimes go into an error state due to a bad internal build. This is fixed and the control will now work as expected.

Bug fixes

• Due to an inadvertently introduced issue with an internal build for Azure > Subscription, importing subscriptions encountered schema validation problems. This issue has been resolved, and you can now successfully import subscriptions as before.

Bug fixes

• In the previous version, while we improved on the way we discovered missing Snapshots and Volumes while processing their update events, we inadvertently introduced a bug where some resources were upserted with incorrect AKAs. Such resources with malformed AKAs should now be cleaned up automatically from the environment, and Guardrails will now discover resources more correctly and consistently than before.
• In a previous version (v5.31.4), we implemented a feature to Discover Instances while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

What's new?

• Added support for ap-northeast-3 in the AWS > Account > Regions policy.

What's new?

• Added support for af-south-1, ap-northeast-3, ap-south-2, ap-southeast-3, ap-southeast-4, ca-west-1, eu-central-2, eu-south-1, eu-south-2, il-central-1 and me-central-1 regions in the AWS > Logs > Regions policy.

What's new?

• You can now configure Block Public Access for Snapshots. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for Snapshots policy.

• You can now also disable Block Public Access for AMIs. To get started, set the AWS > EC2 > Account Attributes > Block Public Access for AMIs policy.

• AWS/EC2/Admin, AWS/EC2/Metadata and AWS/EC2/Operator now includes permissions for Verified Access Endpoints, Verified Access Groups and Verified Access Trust Providers.

• Control Types:

  • AWS > EC2 > Account Attributes > Block Public Access for Snapshots

• Policy Types:

  • AWS > EC2 > Account Attributes > Block Public Access for Snapshots

• Action Types:

  • AWS > EC2 > Account Attributes > Update Block Public Access for Snapshots

Bug fixes

• In a previous version (v5.31.4), we implemented a feature to Discover Snapshots and Volumes while processing their update events respectively, if those resources were missing from Guardrails CMDB. In busy environments, this would sometimes cause unnecessary Lambda executions. We've now improved this behavior to upsert the missing resources in a lighter and faster way.

What's new?

• Updated: MaxPalyloadSize parameter description.
• Updated: Turbot Policy Parameter to add back Deny: * for HTTP in SNS Policy.

What's new?

• Added: Postgres versions 13.12 and 13.13.
• Updated: CloudWatch Alarms will now use TEF SNS topic.

Bug fixes

• Server
  • Added the Deny:* policy for HTTP traffic back to the turbot-policy-parameter custom lambda code.
  • Event DLQ should not set the control or policy value to error if there has been a new process started for the control or policy value.
  • Run next should drop the events in case of recursive loop.
  • Add additional retryable throttling codes for actions.

Requirements

• TEF: 1.55.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

v1.10.1 of the Terraform Provider for Guardrails is now available.

Bug fixes

• resource/turbot_file: terraform apply failed to update content of an existing File in Guardrails. This is now fixed.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

• Policy Types:

  • GCP > Logging > Exclusion > Approved > Custom
  • GCP > Logging > Metric > Approved > Custom
  • GCP > Logging > Sink > Approved > Custom

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Policy Types:

  • GCP > Kubernetes Engine > Region Cluster > Approved > Custom
  • GCP > Kubernetes Engine > Region Node Pool > Approved > Custom
  • GCP > Kubernetes Engine > Zone Cluster > Approved > Custom
  • GCP > Kubernetes Engine > Zone Node Pool > Approved > Custom

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Resource's metadata will now also include createdBy details in Turbot CMDB.

• Policy Types:

  • GCP > Dataflow > Job > Approved > Custom

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

• The AWS > EC2 > Key Pair > Discovery control would sometimes go into an error state if a Key Pair alias included escape characters. This is now fixed.

• Control Types renamed:

  • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration

• Policy Types renamed:

  • AWS > EC2 > Volume > Configuration to AWS > EC2 > Volume > Performance Configuration
  • AWS > EC2 > Volume > Configuration > IOPS Capacity to AWS > EC2 > Volume > Performance Configuration > IOPS Capacity
  • AWS > EC2 > Volume > Configuration > Throughput to AWS > EC2 > Volume > Performance Configuration > Throughput
  • AWS > EC2 > Volume > Configuration > Type to AWS > EC2 > Volume > Performance Configuration > Type

• Action Types renamed:

  • AWS > EC2 > Volume > Update Configuration to AWS > EC2 > Volume > Update Performance Configuration

Bug fixes

• The Turbot > Policy Setting Expiration control will now run every 12 hours to manage policy setting expirations more consistently than before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

Bug fixes

• The Org policy details in the Project CMDB data will now be properly and consistently sorted.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

• Policy Types:

  • GCP > Scheduler > Job > Approved > Custom

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Resource's metadata will now also include createdBy details in Turbot CMDB.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Control Types:

  • GCP > Cloud Run > Service > ServiceNow
  • GCP > Cloud Run > Service > ServiceNow > Configuration Item
  • GCP > Cloud Run > Service > ServiceNow > Table

• Policy Types:

  • GCP > Cloud Run > Service > ServiceNow
  • GCP > Cloud Run > Service > ServiceNow > Configuration Item
  • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Record
  • GCP > Cloud Run > Service > ServiceNow > Configuration Item > Table Definition
  • GCP > Cloud Run > Service > ServiceNow > Table
  • GCP > Cloud Run > Service > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Spanner > Database > ServiceNow
  • GCP > Spanner > Database > ServiceNow > Configuration Item
  • GCP > Spanner > Database > ServiceNow > Table
  • GCP > Spanner > Instance > ServiceNow
  • GCP > Spanner > Instance > ServiceNow > Configuration Item
  • GCP > Spanner > Instance > ServiceNow > Table

• Policy Types:

  • GCP > Spanner > Database > ServiceNow
  • GCP > Spanner > Database > ServiceNow > Configuration Item
  • GCP > Spanner > Database > ServiceNow > Configuration Item > Record
  • GCP > Spanner > Database > ServiceNow > Configuration Item > Table Definition
  • GCP > Spanner > Database > ServiceNow > Table
  • GCP > Spanner > Database > ServiceNow > Table > Definition
  • GCP > Spanner > Instance > ServiceNow
  • GCP > Spanner > Instance > ServiceNow > Configuration Item
  • GCP > Spanner > Instance > ServiceNow > Configuration Item > Record
  • GCP > Spanner > Instance > ServiceNow > Configuration Item > Table Definition
  • GCP > Spanner > Instance > ServiceNow > Table
  • GCP > Spanner > Instance > ServiceNow > Table > Definition

What's new?

• Control Types:

  • AWS > EC2 > Volume > Configuration

• Policy Types:

  • AWS > EC2 > Volume > Configuration
  • AWS > EC2 > Volume > Configuration > IOPS Capacity
  • AWS > EC2 > Volume > Configuration > Throughput
  • AWS > EC2 > Volume > Configuration > Type

• Action Types:

  • AWS > EC2 > Volume > Update Configuration

What's new?

• Server
  • You can now update API size limit via the MAX_PAYLOAD_SIZE parameter.

Requirements

• TEF: 1.55.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.
• Rebranded to a Turbot Guardrails Mod. To maintain compatibility, none of the existing resource types, control types or policy types have changed, your existing configurations and settings will continue to work as before.

What's new?

• Resource Types:

  • AWS > Kinesis > Kinesis Video Stream

• Control Types:

  • AWS > Kinesis > Kinesis Video Stream > Active
  • AWS > Kinesis > Kinesis Video Stream > Approved
  • AWS > Kinesis > Kinesis Video Stream > CMDB
  • AWS > Kinesis > Kinesis Video Stream > Discovery
  • AWS > Kinesis > Kinesis Video Stream > Tags

• Policy Types:

  • AWS > Kinesis > Kinesis Video Stream > Active
  • AWS > Kinesis > Kinesis Video Stream > Active > Age
  • AWS > Kinesis > Kinesis Video Stream > Active > Budget
  • AWS > Kinesis > Kinesis Video Stream > Active > Last Modified
  • AWS > Kinesis > Kinesis Video Stream > Approved
  • AWS > Kinesis > Kinesis Video Stream > Approved > Budget
  • AWS > Kinesis > Kinesis Video Stream > Approved > Custom
  • AWS > Kinesis > Kinesis Video Stream > Approved > Regions
  • AWS > Kinesis > Kinesis Video Stream > Approved > Usage
  • AWS > Kinesis > Kinesis Video Stream > CMDB
  • AWS > Kinesis > Kinesis Video Stream > Regions
  • AWS > Kinesis > Kinesis Video Stream > Tags
  • AWS > Kinesis > Kinesis Video Stream > Tags > Template

• Action Types:

  • AWS > Kinesis > Kinesis Video Stream > Delete
  • AWS > Kinesis > Kinesis Video Stream > Delete from AWS
  • AWS > Kinesis > Kinesis Video Stream > Router
  • AWS > Kinesis > Kinesis Video Stream > Set Tags
  • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control
  • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Active control [90 days]
  • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control
  • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Approved control [90 days]
  • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control
  • AWS > Kinesis > Kinesis Video Stream > Skip alarm for Tags control [90 days]
  • AWS > Kinesis > Kinesis Video Stream > Update Tags

What's new?

• Control Types:

  • GCP > Logging > Exclusion > ServiceNow
  • GCP > Logging > Exclusion > ServiceNow > Configuration Item
  • GCP > Logging > Exclusion > ServiceNow > Table
  • GCP > Logging > Metric > ServiceNow
  • GCP > Logging > Metric > ServiceNow > Configuration Item
  • GCP > Logging > Metric > ServiceNow > Table
  • GCP > Logging > Sink > ServiceNow
  • GCP > Logging > Sink > ServiceNow > Configuration Item
  • GCP > Logging > Sink > ServiceNow > Table

• Policy Types:

  • GCP > Logging > Exclusion > ServiceNow
  • GCP > Logging > Exclusion > ServiceNow > Configuration Item
  • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Record
  • GCP > Logging > Exclusion > ServiceNow > Configuration Item > Table Definition
  • GCP > Logging > Exclusion > ServiceNow > Table
  • GCP > Logging > Exclusion > ServiceNow > Table > Definition
  • GCP > Logging > Metric > ServiceNow
  • GCP > Logging > Metric > ServiceNow > Configuration Item
  • GCP > Logging > Metric > ServiceNow > Configuration Item > Record
  • GCP > Logging > Metric > ServiceNow > Configuration Item > Table Definition
  • GCP > Logging > Metric > ServiceNow > Table
  • GCP > Logging > Metric > ServiceNow > Table > Definition
  • GCP > Logging > Sink > ServiceNow
  • GCP > Logging > Sink > ServiceNow > Configuration Item
  • GCP > Logging > Sink > ServiceNow > Configuration Item > Record
  • GCP > Logging > Sink > ServiceNow > Configuration Item > Table Definition
  • GCP > Logging > Sink > ServiceNow > Table
  • GCP > Logging > Sink > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Compute Engine > HTTP Health Check > ServiceNow
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
  • GCP > Compute Engine > Health Check > ServiceNow
  • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > Health Check > ServiceNow > Table
  • GCP > Compute Engine > Instance Template > ServiceNow
  • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
  • GCP > Compute Engine > Instance Template > ServiceNow > Table
  • GCP > Compute Engine > Node Group > ServiceNow
  • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
  • GCP > Compute Engine > Node Group > ServiceNow > Table
  • GCP > Compute Engine > Node Template > ServiceNow
  • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
  • GCP > Compute Engine > Node Template > ServiceNow > Table
  • GCP > Compute Engine > Project > ServiceNow
  • GCP > Compute Engine > Project > ServiceNow > Configuration Item
  • GCP > Compute Engine > Project > ServiceNow > Table
  • GCP > Compute Engine > Region Disk > ServiceNow
  • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
  • GCP > Compute Engine > Region Disk > ServiceNow > Table
  • GCP > Compute Engine > Region Health Check > ServiceNow
  • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > Region Health Check > ServiceNow > Table

• Policy Types:

  • GCP > Compute Engine > HTTP Health Check > ServiceNow
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table
  • GCP > Compute Engine > HTTP Health Check > ServiceNow > Table > Definition
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table
  • GCP > Compute Engine > HTTPS Health Check > ServiceNow > Table > Definition
  • GCP > Compute Engine > Health Check > ServiceNow
  • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Health Check > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Health Check > ServiceNow > Table
  • GCP > Compute Engine > Health Check > ServiceNow > Table > Definition
  • GCP > Compute Engine > Instance Template > ServiceNow
  • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item
  • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Instance Template > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Instance Template > ServiceNow > Table
  • GCP > Compute Engine > Instance Template > ServiceNow > Table > Definition
  • GCP > Compute Engine > Node Group > ServiceNow
  • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item
  • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Node Group > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Node Group > ServiceNow > Table
  • GCP > Compute Engine > Node Group > ServiceNow > Table > Definition
  • GCP > Compute Engine > Node Template > ServiceNow
  • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item
  • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Node Template > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Node Template > ServiceNow > Table
  • GCP > Compute Engine > Node Template > ServiceNow > Table > Definition
  • GCP > Compute Engine > Project > ServiceNow
  • GCP > Compute Engine > Project > ServiceNow > Configuration Item
  • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Project > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Project > ServiceNow > Table
  • GCP > Compute Engine > Project > ServiceNow > Table > Definition
  • GCP > Compute Engine > Region Disk > ServiceNow
  • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item
  • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Region Disk > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Region Disk > ServiceNow > Table
  • GCP > Compute Engine > Region Disk > ServiceNow > Table > Definition
  • GCP > Compute Engine > Region Health Check > ServiceNow
  • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item
  • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Region Health Check > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Region Health Check > ServiceNow > Table
  • GCP > Compute Engine > Region Health Check > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > SQL > Backup > ServiceNow
  • GCP > SQL > Backup > ServiceNow > Configuration Item
  • GCP > SQL > Backup > ServiceNow > Table
  • GCP > SQL > Database > ServiceNow
  • GCP > SQL > Database > ServiceNow > Configuration Item
  • GCP > SQL > Database > ServiceNow > Table

• Policy Types:

  • GCP > SQL > Backup > ServiceNow
  • GCP > SQL > Backup > ServiceNow > Configuration Item
  • GCP > SQL > Backup > ServiceNow > Configuration Item > Record
  • GCP > SQL > Backup > ServiceNow > Configuration Item > Table Definition
  • GCP > SQL > Backup > ServiceNow > Table
  • GCP > SQL > Backup > ServiceNow > Table > Definition
  • GCP > SQL > Database > ServiceNow
  • GCP > SQL > Database > ServiceNow > Configuration Item
  • GCP > SQL > Database > ServiceNow > Configuration Item > Record
  • GCP > SQL > Database > ServiceNow > Configuration Item > Table Definition
  • GCP > SQL > Database > ServiceNow > Table
  • GCP > SQL > Database > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > KMS > Crypto Key > ServiceNow
  • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
  • GCP > KMS > Crypto Key > ServiceNow > Table
  • GCP > KMS > Key Ring > ServiceNow
  • GCP > KMS > Key Ring > ServiceNow > Configuration Item
  • GCP > KMS > Key Ring > ServiceNow > Table

• Policy Types:

  • GCP > KMS > Crypto Key > ServiceNow
  • GCP > KMS > Crypto Key > ServiceNow > Configuration Item
  • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Record
  • GCP > KMS > Crypto Key > ServiceNow > Configuration Item > Table Definition
  • GCP > KMS > Crypto Key > ServiceNow > Table
  • GCP > KMS > Crypto Key > ServiceNow > Table > Definition
  • GCP > KMS > Key Ring > ServiceNow
  • GCP > KMS > Key Ring > ServiceNow > Configuration Item
  • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Record
  • GCP > KMS > Key Ring > ServiceNow > Configuration Item > Table Definition
  • GCP > KMS > Key Ring > ServiceNow > Table
  • GCP > KMS > Key Ring > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > BigQuery > Dataset > ServiceNow
  • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
  • GCP > BigQuery > Dataset > ServiceNow > Table
  • GCP > BigQuery > Table > ServiceNow
  • GCP > BigQuery > Table > ServiceNow > Configuration Item
  • GCP > BigQuery > Table > ServiceNow > Table

• Policy Types:

  • GCP > BigQuery > Dataset > ServiceNow
  • GCP > BigQuery > Dataset > ServiceNow > Configuration Item
  • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Record
  • GCP > BigQuery > Dataset > ServiceNow > Configuration Item > Table Definition
  • GCP > BigQuery > Dataset > ServiceNow > Table
  • GCP > BigQuery > Dataset > ServiceNow > Table > Definition
  • GCP > BigQuery > Table > ServiceNow
  • GCP > BigQuery > Table > ServiceNow > Configuration Item
  • GCP > BigQuery > Table > ServiceNow > Configuration Item > Record
  • GCP > BigQuery > Table > ServiceNow > Configuration Item > Table Definition
  • GCP > BigQuery > Table > ServiceNow > Table
  • GCP > BigQuery > Table > ServiceNow > Table > Definition

Bug fixes

• Server
  • Updated: Enhanced IAM policy for tighter access around custom Lambda.
  • Fixed: Turbot > Workspace > Health Control should not break if there is no input.

Requirements

• TEF: 1.55.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Control Types:

  • GCP > Bigtable > Cluster > ServiceNow
  • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
  • GCP > Bigtable > Cluster > ServiceNow > Table
  • GCP > Bigtable > Instance > ServiceNow
  • GCP > Bigtable > Instance > ServiceNow > Configuration Item
  • GCP > Bigtable > Instance > ServiceNow > Table
  • GCP > Bigtable > Table > ServiceNow
  • GCP > Bigtable > Table > ServiceNow > Configuration Item
  • GCP > Bigtable > Table > ServiceNow > Table

• Policy Types:

  • GCP > Bigtable > Cluster > ServiceNow
  • GCP > Bigtable > Cluster > ServiceNow > Configuration Item
  • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Record
  • GCP > Bigtable > Cluster > ServiceNow > Configuration Item > Table Definition
  • GCP > Bigtable > Cluster > ServiceNow > Table
  • GCP > Bigtable > Cluster > ServiceNow > Table > Definition
  • GCP > Bigtable > Instance > ServiceNow
  • GCP > Bigtable > Instance > ServiceNow > Configuration Item
  • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Record
  • GCP > Bigtable > Instance > ServiceNow > Configuration Item > Table Definition
  • GCP > Bigtable > Instance > ServiceNow > Table
  • GCP > Bigtable > Instance > ServiceNow > Table > Definition
  • GCP > Bigtable > Table > ServiceNow
  • GCP > Bigtable > Table > ServiceNow > Configuration Item
  • GCP > Bigtable > Table > ServiceNow > Configuration Item > Record
  • GCP > Bigtable > Table > ServiceNow > Configuration Item > Table Definition
  • GCP > Bigtable > Table > ServiceNow > Table
  • GCP > Bigtable > Table > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > App Engine > Application > ServiceNow
  • GCP > App Engine > Application > ServiceNow > Configuration Item
  • GCP > App Engine > Application > ServiceNow > Table
  • GCP > App Engine > Firewall Rule > ServiceNow
  • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
  • GCP > App Engine > Firewall Rule > ServiceNow > Table
  • GCP > App Engine > Instance > ServiceNow
  • GCP > App Engine > Instance > ServiceNow > Configuration Item
  • GCP > App Engine > Instance > ServiceNow > Table
  • GCP > App Engine > Service > ServiceNow
  • GCP > App Engine > Service > ServiceNow > Configuration Item
  • GCP > App Engine > Service > ServiceNow > Table
  • GCP > App Engine > Version > ServiceNow
  • GCP > App Engine > Version > ServiceNow > Configuration Item
  • GCP > App Engine > Version > ServiceNow > Table

• Policy Types:

  • GCP > App Engine > Application > ServiceNow
  • GCP > App Engine > Application > ServiceNow > Configuration Item
  • GCP > App Engine > Application > ServiceNow > Configuration Item > Record
  • GCP > App Engine > Application > ServiceNow > Configuration Item > Table Definition
  • GCP > App Engine > Application > ServiceNow > Table
  • GCP > App Engine > Application > ServiceNow > Table > Definition
  • GCP > App Engine > Firewall Rule > ServiceNow
  • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item
  • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Record
  • GCP > App Engine > Firewall Rule > ServiceNow > Configuration Item > Table Definition
  • GCP > App Engine > Firewall Rule > ServiceNow > Table
  • GCP > App Engine > Firewall Rule > ServiceNow > Table > Definition
  • GCP > App Engine > Instance > ServiceNow
  • GCP > App Engine > Instance > ServiceNow > Configuration Item
  • GCP > App Engine > Instance > ServiceNow > Configuration Item > Record
  • GCP > App Engine > Instance > ServiceNow > Configuration Item > Table Definition
  • GCP > App Engine > Instance > ServiceNow > Table
  • GCP > App Engine > Instance > ServiceNow > Table > Definition
  • GCP > App Engine > Service > ServiceNow
  • GCP > App Engine > Service > ServiceNow > Configuration Item
  • GCP > App Engine > Service > ServiceNow > Configuration Item > Record
  • GCP > App Engine > Service > ServiceNow > Configuration Item > Table Definition
  • GCP > App Engine > Service > ServiceNow > Table
  • GCP > App Engine > Service > ServiceNow > Table > Definition
  • GCP > App Engine > Version > ServiceNow
  • GCP > App Engine > Version > ServiceNow > Configuration Item
  • GCP > App Engine > Version > ServiceNow > Configuration Item > Record
  • GCP > App Engine > Version > ServiceNow > Configuration Item > Table Definition
  • GCP > App Engine > Version > ServiceNow > Table
  • GCP > App Engine > Version > ServiceNow > Table > Definition

Bug fixes

• The GCP > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the GCP > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

Bug fixes

• The Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller controls now include a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Event Poller and Azure > Turbot > Management Group Event Poller policies are set to Disabled respectively. You won’t notice any difference and the controls should run lighter and quicker than before.

Bug fixes

• The Azure > Turbot > Directory Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the Azure > Turbot > Directory Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

Bug fixes

• The AWS > Turbot > Event Poller control now includes a precheck condition to avoid running GraphQL input queries when the AWS > Turbot > Event Poller policy is set to Disabled. You won’t notice any difference and the control should run lighter and quicker than before.

What's new?

• Resource Types:

  • AWS > OpenSearch

• Policy Types:

  • AWS > OpenSearch > API Enabled
  • AWS > OpenSearch > Approved Regions [Default]
  • AWS > OpenSearch > Enabled
  • AWS > OpenSearch > Permissions
  • AWS > OpenSearch > Permissions > Levels
  • AWS > OpenSearch > Permissions > Levels > Modifiers
  • AWS > OpenSearch > Permissions > Lockdown
  • AWS > OpenSearch > Permissions > Lockdown > API Boundary
  • AWS > OpenSearch > Regions
  • AWS > OpenSearch > Tags Template [Default]
  • AWS > Turbot > Permissions > Compiled > API Boundary > @turbot/aws-opensearch
  • AWS > Turbot > Permissions > Compiled > Levels > @turbot/aws-opensearch
  • AWS > Turbot > Permissions > Compiled > Service Permissions > @turbot/aws-opensearch

What's new?

• Control Types:

  • Azure > Resource Group > ServiceNow
  • Azure > Resource Group > ServiceNow > Configuration Item
  • Azure > Resource Group > ServiceNow > Table
  • Azure > Subscription > ServiceNow
  • Azure > Subscription > ServiceNow > Configuration Item
  • Azure > Subscription > ServiceNow > Table
  • Azure > Tenant > ServiceNow
  • Azure > Tenant > ServiceNow > Configuration Item
  • Azure > Tenant > ServiceNow > Table

• Policy Types:

  • Azure > Resource Group > ServiceNow
  • Azure > Resource Group > ServiceNow > Configuration Item
  • Azure > Resource Group > ServiceNow > Configuration Item > Record
  • Azure > Resource Group > ServiceNow > Configuration Item > Table Definition
  • Azure > Resource Group > ServiceNow > Table
  • Azure > Resource Group > ServiceNow > Table > Definition
  • Azure > Subscription > ServiceNow
  • Azure > Subscription > ServiceNow > Configuration Item
  • Azure > Subscription > ServiceNow > Configuration Item > Record
  • Azure > Subscription > ServiceNow > Configuration Item > Table Definition
  • Azure > Subscription > ServiceNow > Table
  • Azure > Subscription > ServiceNow > Table > Definition
  • Azure > Tenant > ServiceNow
  • Azure > Tenant > ServiceNow > Configuration Item
  • Azure > Tenant > ServiceNow > Configuration Item > Record
  • Azure > Tenant > ServiceNow > Configuration Item > Table Definition
  • Azure > Tenant > ServiceNow > Table
  • Azure > Tenant > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Network > Private Endpoints > ServiceNow
  • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
  • Azure > Network > Private Endpoints > ServiceNow > Table

• Policy Types:

  • Azure > Network > Private Endpoints > ServiceNow
  • Azure > Network > Private Endpoints > ServiceNow > Configuration Item
  • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Record
  • Azure > Network > Private Endpoints > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Private Endpoints > ServiceNow > Table
  • Azure > Network > Private Endpoints > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Automation > Automation Account > ServiceNow
  • Azure > Automation > Automation Account > ServiceNow > Configuration Item
  • Azure > Automation > Automation Account > ServiceNow > Table
  • Azure > Automation > Runbook > ServiceNow
  • Azure > Automation > Runbook > ServiceNow > Configuration Item
  • Azure > Automation > Runbook > ServiceNow > Table

• Policy Types:

  • Azure > Automation > Automation Account > ServiceNow
  • Azure > Automation > Automation Account > ServiceNow > Configuration Item
  • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Record
  • Azure > Automation > Automation Account > ServiceNow > Configuration Item > Table Definition
  • Azure > Automation > Automation Account > ServiceNow > Table
  • Azure > Automation > Automation Account > ServiceNow > Table > Definition
  • Azure > Automation > Runbook > ServiceNow
  • Azure > Automation > Runbook > ServiceNow > Configuration Item
  • Azure > Automation > Runbook > ServiceNow > Configuration Item > Record
  • Azure > Automation > Runbook > ServiceNow > Configuration Item > Table Definition
  • Azure > Automation > Runbook > ServiceNow > Table
  • Azure > Automation > Runbook > ServiceNow > Table > Definition

What's new?

• Added support for aws_network_interface_sg_attachment Terraform resource for AWS > EC2 > Network Interface.

Bug fixes

• The AWS > EC2 > Instance > CMDB control would sometimes trigger multiple times if EnclaveOptions was not set as part of the AWS > EC2 > Instance > CMDB > Attributes policy. This would result in unnecessary Lambda runs for the control. The EnclaveOptions attribute is now available in the CMDB data by default and the EnclaveOptions policy value in AWS > EC2 > Instance > CMDB > Attributes policy has now been deprecated, and will be removed in the next major version.

What's new?

• Updated: Launch Template to prevent association of Network Interface with public IPs.

What's new?

• Control Types:

  • Azure > Storage > Container > ServiceNow
  • Azure > Storage > Container > ServiceNow > Configuration Item
  • Azure > Storage > Container > ServiceNow > Table
  • Azure > Storage > FileShare > ServiceNow
  • Azure > Storage > FileShare > ServiceNow > Configuration Item
  • Azure > Storage > FileShare > ServiceNow > Table
  • Azure > Storage > Queue > ServiceNow
  • Azure > Storage > Queue > ServiceNow > Configuration Item
  • Azure > Storage > Queue > ServiceNow > Table

• Policy Types:

  • Azure > Storage > Container > ServiceNow
  • Azure > Storage > Container > ServiceNow > Configuration Item
  • Azure > Storage > Container > ServiceNow > Configuration Item > Record
  • Azure > Storage > Container > ServiceNow > Configuration Item > Table Definition
  • Azure > Storage > Container > ServiceNow > Table
  • Azure > Storage > Container > ServiceNow > Table > Definition
  • Azure > Storage > FileShare > ServiceNow
  • Azure > Storage > FileShare > ServiceNow > Configuration Item
  • Azure > Storage > FileShare > ServiceNow > Configuration Item > Record
  • Azure > Storage > FileShare > ServiceNow > Configuration Item > Table Definition
  • Azure > Storage > FileShare > ServiceNow > Table
  • Azure > Storage > FileShare > ServiceNow > Table > Definition
  • Azure > Storage > Queue > ServiceNow
  • Azure > Storage > Queue > ServiceNow > Configuration Item
  • Azure > Storage > Queue > ServiceNow > Configuration Item > Record
  • Azure > Storage > Queue > ServiceNow > Configuration Item > Table Definition
  • Azure > Storage > Queue > ServiceNow > Table
  • Azure > Storage > Queue > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Recovery Service > Backup > ServiceNow
  • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
  • Azure > Recovery Service > Backup > ServiceNow > Table
  • Azure > Recovery Service > Vault > ServiceNow
  • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
  • Azure > Recovery Service > Vault > ServiceNow > Table

• Policy Types:

  • Azure > Recovery Service > Backup > ServiceNow
  • Azure > Recovery Service > Backup > ServiceNow > Configuration Item
  • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Record
  • Azure > Recovery Service > Backup > ServiceNow > Configuration Item > Table Definition
  • Azure > Recovery Service > Backup > ServiceNow > Table
  • Azure > Recovery Service > Backup > ServiceNow > Table > Definition
  • Azure > Recovery Service > Vault > ServiceNow
  • Azure > Recovery Service > Vault > ServiceNow > Configuration Item
  • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Record
  • Azure > Recovery Service > Vault > ServiceNow > Configuration Item > Table Definition
  • Azure > Recovery Service > Vault > ServiceNow > Table
  • Azure > Recovery Service > Vault > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Monitor > Action Group > ServiceNow
  • Azure > Monitor > Action Group > ServiceNow > Configuration Item
  • Azure > Monitor > Action Group > ServiceNow > Table
  • Azure > Monitor > Alerts > ServiceNow
  • Azure > Monitor > Alerts > ServiceNow > Configuration Item
  • Azure > Monitor > Alerts > ServiceNow > Table
  • Azure > Monitor > Log Profile > ServiceNow
  • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
  • Azure > Monitor > Log Profile > ServiceNow > Table

• Policy Types:

  • Azure > Monitor > Action Group > ServiceNow
  • Azure > Monitor > Action Group > ServiceNow > Configuration Item
  • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Record
  • Azure > Monitor > Action Group > ServiceNow > Configuration Item > Table Definition
  • Azure > Monitor > Action Group > ServiceNow > Table
  • Azure > Monitor > Action Group > ServiceNow > Table > Definition
  • Azure > Monitor > Alerts > ServiceNow
  • Azure > Monitor > Alerts > ServiceNow > Configuration Item
  • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Record
  • Azure > Monitor > Alerts > ServiceNow > Configuration Item > Table Definition
  • Azure > Monitor > Alerts > ServiceNow > Table
  • Azure > Monitor > Alerts > ServiceNow > Table > Definition
  • Azure > Monitor > Log Profile > ServiceNow
  • Azure > Monitor > Log Profile > ServiceNow > Configuration Item
  • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Record
  • Azure > Monitor > Log Profile > ServiceNow > Configuration Item > Table Definition
  • Azure > Monitor > Log Profile > ServiceNow > Table
  • Azure > Monitor > Log Profile > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Kubernetes Engine > Region Cluster > ServiceNow
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table

• Policy Types:

  • GCP > Kubernetes Engine > Region Cluster > ServiceNow
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Record
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Configuration Item > Table Definition
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table
  • GCP > Kubernetes Engine > Region Cluster > ServiceNow > Table > Definition
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Record
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Configuration Item > Table Definition
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table
  • GCP > Kubernetes Engine > Region Node Pool > ServiceNow > Table > Definition
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Record
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Configuration Item > Table Definition
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table
  • GCP > Kubernetes Engine > Zone Cluster > ServiceNow > Table > Definition
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Record
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Configuration Item > Table Definition
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table
  • GCP > Kubernetes Engine > Zone Node Pool > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > IAM > Role Assignment > ServiceNow
  • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
  • Azure > IAM > Role Assignment > ServiceNow > Table
  • Azure > IAM > Role Definition > ServiceNow
  • Azure > IAM > Role Definition > ServiceNow > Configuration Item
  • Azure > IAM > Role Definition > ServiceNow > Table

• Policy Types:

  • Azure > IAM > Role Assignment > ServiceNow
  • Azure > IAM > Role Assignment > ServiceNow > Configuration Item
  • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Record
  • Azure > IAM > Role Assignment > ServiceNow > Configuration Item > Table Definition
  • Azure > IAM > Role Assignment > ServiceNow > Table
  • Azure > IAM > Role Assignment > ServiceNow > Table > Definition
  • Azure > IAM > Role Definition > ServiceNow
  • Azure > IAM > Role Definition > ServiceNow > Configuration Item
  • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Record
  • Azure > IAM > Role Definition > ServiceNow > Configuration Item > Table Definition
  • Azure > IAM > Role Definition > ServiceNow > Table
  • Azure > IAM > Role Definition > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Data Factory > Dataset > ServiceNow
  • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
  • Azure > Data Factory > Dataset > ServiceNow > Table
  • Azure > Data Factory > Factory > ServiceNow
  • Azure > Data Factory > Factory > ServiceNow > Configuration Item
  • Azure > Data Factory > Factory > ServiceNow > Table
  • Azure > Data Factory > Pipeline > ServiceNow
  • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
  • Azure > Data Factory > Pipeline > ServiceNow > Table

• Policy Types:

  • Azure > Data Factory > Dataset > ServiceNow
  • Azure > Data Factory > Dataset > ServiceNow > Configuration Item
  • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Record
  • Azure > Data Factory > Dataset > ServiceNow > Configuration Item > Table Definition
  • Azure > Data Factory > Dataset > ServiceNow > Table
  • Azure > Data Factory > Dataset > ServiceNow > Table > Definition
  • Azure > Data Factory > Factory > ServiceNow
  • Azure > Data Factory > Factory > ServiceNow > Configuration Item
  • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Record
  • Azure > Data Factory > Factory > ServiceNow > Configuration Item > Table Definition
  • Azure > Data Factory > Factory > ServiceNow > Table
  • Azure > Data Factory > Factory > ServiceNow > Table > Definition
  • Azure > Data Factory > Pipeline > ServiceNow
  • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item
  • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Record
  • Azure > Data Factory > Pipeline > ServiceNow > Configuration Item > Table Definition
  • Azure > Data Factory > Pipeline > ServiceNow > Table
  • Azure > Data Factory > Pipeline > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Databricks > Workspace > ServiceNow
  • Azure > Databricks > Workspace > ServiceNow > Configuration Item
  • Azure > Databricks > Workspace > ServiceNow > Table

• Policy Types:

  • Azure > Databricks > Workspace > ServiceNow
  • Azure > Databricks > Workspace > ServiceNow > Configuration Item
  • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Record
  • Azure > Databricks > Workspace > ServiceNow > Configuration Item > Table Definition
  • Azure > Databricks > Workspace > ServiceNow > Table
  • Azure > Databricks > Workspace > ServiceNow > Table > Definition

Bug fixes

• Server
  • Minor internal improvements.

Requirements

• TEF: 1.51.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• Server
  • The scheduled actions would sometimes fail to work for the firehose-aws-sns mod due an inadvertent bug introduced in TE v5.42.10. This is now fixed.

Requirements

• TEF: 1.51.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Control Types:

  • Azure > Active Directory > Application > ServiceNow
  • Azure > Active Directory > Application > ServiceNow > Configuration Item
  • Azure > Active Directory > Application > ServiceNow > Table
  • Azure > Active Directory > Client Secret > ServiceNow
  • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
  • Azure > Active Directory > Client Secret > ServiceNow > Table
  • Azure > Active Directory > Custom Domain > ServiceNow
  • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
  • Azure > Active Directory > Custom Domain > ServiceNow > Table
  • Azure > Active Directory > Directory > ServiceNow
  • Azure > Active Directory > Directory > ServiceNow > Configuration Item
  • Azure > Active Directory > Directory > ServiceNow > Table
  • Azure > Active Directory > Group > ServiceNow
  • Azure > Active Directory > Group > ServiceNow > Configuration Item
  • Azure > Active Directory > Group > ServiceNow > Table
  • Azure > Active Directory > Service Principal > ServiceNow
  • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
  • Azure > Active Directory > Service Principal > ServiceNow > Table
  • Azure > Active Directory > User > ServiceNow
  • Azure > Active Directory > User > ServiceNow > Configuration Item
  • Azure > Active Directory > User > ServiceNow > Table

• Policy Types:

  • Azure > Active Directory > Application > ServiceNow
  • Azure > Active Directory > Application > ServiceNow > Configuration Item
  • Azure > Active Directory > Application > ServiceNow > Configuration Item > Record
  • Azure > Active Directory > Application > ServiceNow > Configuration Item > Table Definition
  • Azure > Active Directory > Application > ServiceNow > Table
  • Azure > Active Directory > Application > ServiceNow > Table > Definition
  • Azure > Active Directory > Client Secret > ServiceNow
  • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item
  • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Record
  • Azure > Active Directory > Client Secret > ServiceNow > Configuration Item > Table Definition
  • Azure > Active Directory > Client Secret > ServiceNow > Table
  • Azure > Active Directory > Client Secret > ServiceNow > Table > Definition
  • Azure > Active Directory > Custom Domain > ServiceNow
  • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item
  • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Record
  • Azure > Active Directory > Custom Domain > ServiceNow > Configuration Item > Table Definition
  • Azure > Active Directory > Custom Domain > ServiceNow > Table
  • Azure > Active Directory > Custom Domain > ServiceNow > Table > Definition
  • Azure > Active Directory > Directory > ServiceNow
  • Azure > Active Directory > Directory > ServiceNow > Configuration Item
  • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Record
  • Azure > Active Directory > Directory > ServiceNow > Configuration Item > Table Definition
  • Azure > Active Directory > Directory > ServiceNow > Table
  • Azure > Active Directory > Directory > ServiceNow > Table > Definition
  • Azure > Active Directory > Group > ServiceNow
  • Azure > Active Directory > Group > ServiceNow > Configuration Item
  • Azure > Active Directory > Group > ServiceNow > Configuration Item > Record
  • Azure > Active Directory > Group > ServiceNow > Configuration Item > Table Definition
  • Azure > Active Directory > Group > ServiceNow > Table
  • Azure > Active Directory > Group > ServiceNow > Table > Definition
  • Azure > Active Directory > Service Principal > ServiceNow
  • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item
  • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Record
  • Azure > Active Directory > Service Principal > ServiceNow > Configuration Item > Table Definition
  • Azure > Active Directory > Service Principal > ServiceNow > Table
  • Azure > Active Directory > Service Principal > ServiceNow > Table > Definition
  • Azure > Active Directory > User > ServiceNow
  • Azure > Active Directory > User > ServiceNow > Configuration Item
  • Azure > Active Directory > User > ServiceNow > Configuration Item > Record
  • Azure > Active Directory > User > ServiceNow > Configuration Item > Table Definition
  • Azure > Active Directory > User > ServiceNow > Table
  • Azure > Active Directory > User > ServiceNow > Table > Definition

What's new?

• Control Types:

  • GCP > Pub/Sub > Snapshot > ServiceNow
  • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
  • GCP > Pub/Sub > Snapshot > ServiceNow > Table
  • GCP > Pub/Sub > Subscription > ServiceNow
  • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
  • GCP > Pub/Sub > Subscription > ServiceNow > Table
  • GCP > Pub/Sub > Topic > ServiceNow
  • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
  • GCP > Pub/Sub > Topic > ServiceNow > Table

• Policy Types:

  • GCP > Pub/Sub > Snapshot > ServiceNow
  • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item
  • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Record
  • GCP > Pub/Sub > Snapshot > ServiceNow > Configuration Item > Table Definition
  • GCP > Pub/Sub > Snapshot > ServiceNow > Table
  • GCP > Pub/Sub > Snapshot > ServiceNow > Table > Definition
  • GCP > Pub/Sub > Subscription > ServiceNow
  • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item
  • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Record
  • GCP > Pub/Sub > Subscription > ServiceNow > Configuration Item > Table Definition
  • GCP > Pub/Sub > Subscription > ServiceNow > Table
  • GCP > Pub/Sub > Subscription > ServiceNow > Table > Definition
  • GCP > Pub/Sub > Topic > ServiceNow
  • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item
  • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Record
  • GCP > Pub/Sub > Topic > ServiceNow > Configuration Item > Table Definition
  • GCP > Pub/Sub > Topic > ServiceNow > Table
  • GCP > Pub/Sub > Topic > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Synapse Analytics > SQL Pool > ServiceNow
  • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
  • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
  • Azure > Synapse Analytics > Workspace > ServiceNow
  • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
  • Azure > Synapse Analytics > Workspace > ServiceNow > Table

• Policy Types:

  • Azure > Synapse Analytics > SQL Pool > ServiceNow
  • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item
  • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Record
  • Azure > Synapse Analytics > SQL Pool > ServiceNow > Configuration Item > Table Definition
  • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table
  • Azure > Synapse Analytics > SQL Pool > ServiceNow > Table > Definition
  • Azure > Synapse Analytics > Workspace > ServiceNow
  • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item
  • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Record
  • Azure > Synapse Analytics > Workspace > ServiceNow > Configuration Item > Table Definition
  • Azure > Synapse Analytics > Workspace > ServiceNow > Table
  • Azure > Synapse Analytics > Workspace > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Search Management > Search Service > ServiceNow
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item
  • Azure > Search Management > Search Service > ServiceNow > Table

• Policy Types:

  • Azure > Search Management > Search Service > ServiceNow
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
  • Azure > Search Management > Search Service > ServiceNow > Table
  • Azure > Search Management > Search Service > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Service Bus > Namespace > ServiceNow
  • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
  • Azure > Service Bus > Namespace > ServiceNow > Table
  • Azure > Service Bus > Queue > ServiceNow
  • Azure > Service Bus > Queue > ServiceNow > Configuration Item
  • Azure > Service Bus > Queue > ServiceNow > Table
  • Azure > Service Bus > Topic > ServiceNow
  • Azure > Service Bus > Topic > ServiceNow > Configuration Item
  • Azure > Service Bus > Topic > ServiceNow > Table

• Policy Types:

  • Azure > Service Bus > Namespace > ServiceNow
  • Azure > Service Bus > Namespace > ServiceNow > Configuration Item
  • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Record
  • Azure > Service Bus > Namespace > ServiceNow > Configuration Item > Table Definition
  • Azure > Service Bus > Namespace > ServiceNow > Table
  • Azure > Service Bus > Namespace > ServiceNow > Table > Definition
  • Azure > Service Bus > Queue > ServiceNow
  • Azure > Service Bus > Queue > ServiceNow > Configuration Item
  • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Record
  • Azure > Service Bus > Queue > ServiceNow > Configuration Item > Table Definition
  • Azure > Service Bus > Queue > ServiceNow > Table
  • Azure > Service Bus > Queue > ServiceNow > Table > Definition
  • Azure > Service Bus > Topic > ServiceNow
  • Azure > Service Bus > Topic > ServiceNow > Configuration Item
  • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Record
  • Azure > Service Bus > Topic > ServiceNow > Configuration Item > Table Definition
  • Azure > Service Bus > Topic > ServiceNow > Table
  • Azure > Service Bus > Topic > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Load Balancer > Load Balance > ServiceNow
  • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
  • Azure > Load Balancer > Load Balance > ServiceNow > Table

• Policy Types:

  • Azure > Load Balancer > Load Balance > ServiceNow
  • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item
  • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Record
  • Azure > Load Balancer > Load Balance > ServiceNow > Configuration Item > Table Definition
  • Azure > Load Balancer > Load Balance > ServiceNow > Table
  • Azure > Load Balancer > Load Balance > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > DNS > Record Set > ServiceNow
  • Azure > DNS > Record Set > ServiceNow > Configuration Item
  • Azure > DNS > Record Set > ServiceNow > Table
  • Azure > DNS > Zone > ServiceNow
  • Azure > DNS > Zone > ServiceNow > Configuration Item
  • Azure > DNS > Zone > ServiceNow > Table

• Policy Types:

  • Azure > DNS > Record Set > ServiceNow
  • Azure > DNS > Record Set > ServiceNow > Configuration Item
  • Azure > DNS > Record Set > ServiceNow > Configuration Item > Record
  • Azure > DNS > Record Set > ServiceNow > Configuration Item > Table Definition
  • Azure > DNS > Record Set > ServiceNow > Table
  • Azure > DNS > Record Set > ServiceNow > Table > Definition
  • Azure > DNS > Zone > ServiceNow
  • Azure > DNS > Zone > ServiceNow > Configuration Item
  • Azure > DNS > Zone > ServiceNow > Configuration Item > Record
  • Azure > DNS > Zone > ServiceNow > Configuration Item > Table Definition
  • Azure > DNS > Zone > ServiceNow > Table
  • Azure > DNS > Zone > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Cosmos DB > Database Account > ServiceNow
  • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
  • Azure > Cosmos DB > Database Account > ServiceNow > Table
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
  • Azure > Cosmos DB > MongoDB Database > ServiceNow
  • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
  • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
  • Azure > Cosmos DB > SQL Container > ServiceNow
  • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
  • Azure > Cosmos DB > SQL Container > ServiceNow > Table
  • Azure > Cosmos DB > SQL Database > ServiceNow
  • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
  • Azure > Cosmos DB > SQL Database > ServiceNow > Table

• Policy Types:

  • Azure > Cosmos DB > Database Account > ServiceNow
  • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item
  • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Record
  • Azure > Cosmos DB > Database Account > ServiceNow > Configuration Item > Table Definition
  • Azure > Cosmos DB > Database Account > ServiceNow > Table
  • Azure > Cosmos DB > Database Account > ServiceNow > Table > Definition
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Record
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Configuration Item > Table Definition
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table
  • Azure > Cosmos DB > MongoDB Collection > ServiceNow > Table > Definition
  • Azure > Cosmos DB > MongoDB Database > ServiceNow
  • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item
  • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Record
  • Azure > Cosmos DB > MongoDB Database > ServiceNow > Configuration Item > Table Definition
  • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table
  • Azure > Cosmos DB > MongoDB Database > ServiceNow > Table > Definition
  • Azure > Cosmos DB > SQL Container > ServiceNow
  • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item
  • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Record
  • Azure > Cosmos DB > SQL Container > ServiceNow > Configuration Item > Table Definition
  • Azure > Cosmos DB > SQL Container > ServiceNow > Table
  • Azure > Cosmos DB > SQL Container > ServiceNow > Table > Definition
  • Azure > Cosmos DB > SQL Database > ServiceNow
  • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item
  • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Record
  • Azure > Cosmos DB > SQL Database > ServiceNow > Configuration Item > Table Definition
  • Azure > Cosmos DB > SQL Database > ServiceNow > Table
  • Azure > Cosmos DB > SQL Database > ServiceNow > Table > Definition

What's new?

• Server
  • Updated: Enhanced IAM policy for tighter access around Mod Lambda SNS topic.

Requirements

• TEF: 1.51.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Control Types:

  • Azure > Search Management > Search Service > ServiceNow
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item
  • Azure > Search Management > Search Service > ServiceNow > Table

• Policy Types:

  • Azure > Search Management > Search Service > ServiceNow
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Record
  • Azure > Search Management > Search Service > ServiceNow > Configuration Item > Table Definition
  • Azure > Search Management > Search Service > ServiceNow > Table
  • Azure > Search Management > Search Service > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Network Watcher > Flow Log > ServiceNow
  • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
  • Azure > Network Watcher > Flow Log > ServiceNow > Table
  • Azure > Network Watcher > Network Watcher > ServiceNow
  • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
  • Azure > Network Watcher > Network Watcher > ServiceNow > Table

• Policy Types:

  • Azure > Network Watcher > Flow Log > ServiceNow
  • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item
  • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Record
  • Azure > Network Watcher > Flow Log > ServiceNow > Configuration Item > Table Definition
  • Azure > Network Watcher > Flow Log > ServiceNow > Table
  • Azure > Network Watcher > Flow Log > ServiceNow > Table > Definition
  • Azure > Network Watcher > Network Watcher > ServiceNow
  • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item
  • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Record
  • Azure > Network Watcher > Network Watcher > ServiceNow > Configuration Item > Table Definition
  • Azure > Network Watcher > Network Watcher > ServiceNow > Table
  • Azure > Network Watcher > Network Watcher > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Front Door > Front Door > ServiceNow
  • Azure > Front Door > Front Door > ServiceNow > Configuration Item
  • Azure > Front Door > Front Door > ServiceNow > Table

• Policy Types:

  • Azure > Front Door > Front Door > ServiceNow
  • Azure > Front Door > Front Door > ServiceNow > Configuration Item
  • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Record
  • Azure > Front Door > Front Door > ServiceNow > Configuration Item > Table Definition
  • Azure > Front Door > Front Door > ServiceNow > Table
  • Azure > Front Door > Front Door > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Application Insights > Application Insight > ServiceNow
  • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
  • Azure > Application Insights > Application Insight > ServiceNow > Table

• Policy Types:

  • Azure > Application Insights > Application Insight > ServiceNow
  • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item
  • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Record
  • Azure > Application Insights > Application Insight > ServiceNow > Configuration Item > Table Definition
  • Azure > Application Insights > Application Insight > ServiceNow > Table
  • Azure > Application Insights > Application Insight > ServiceNow > Table > Definition

What's new?

• We've updated the runtime of the lambda functions to Node 18. You wouldn't notice any difference and things will continue to work smoothly and consistently as before.

What's new?

• Control Types:

  • Azure > Security Center > Security Center > ServiceNow
  • Azure > Security Center > Security Center > ServiceNow > Configuration Item
  • Azure > Security Center > Security Center > ServiceNow > Table

• Policy Types:

  • Azure > Security Center > Security Center > ServiceNow
  • Azure > Security Center > Security Center > ServiceNow > Configuration Item
  • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Record
  • Azure > Security Center > Security Center > ServiceNow > Configuration Item > Table Definition
  • Azure > Security Center > Security Center > ServiceNow > Table
  • Azure > Security Center > Security Center > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Firewall > Firewall > ServiceNow
  • Azure > Firewall > Firewall > ServiceNow > Configuration Item
  • Azure > Firewall > Firewall > ServiceNow > Table

• Policy Types:

  • Azure > Firewall > Firewall > ServiceNow
  • Azure > Firewall > Firewall > ServiceNow > Configuration Item
  • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Record
  • Azure > Firewall > Firewall > ServiceNow > Configuration Item > Table Definition
  • Azure > Firewall > Firewall > ServiceNow > Table
  • Azure > Firewall > Firewall > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Application Gateway Service > Application Gateway > ServiceNow
  • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
  • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table

• Policy Types:

  • Azure > Application Gateway Service > Application Gateway > ServiceNow
  • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item
  • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Record
  • Azure > Application Gateway Service > Application Gateway > ServiceNow > Configuration Item > Table Definition
  • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table
  • Azure > Application Gateway Service > Application Gateway > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > API Management > API Management Service > ServiceNow
  • Azure > API Management > API Management Service > ServiceNow > Configuration Item
  • Azure > API Management > API Management Service > ServiceNow > Table

• Policy Types:

  • Azure > API Management > API Management Service > ServiceNow
  • Azure > API Management > API Management Service > ServiceNow > Configuration Item
  • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Record
  • Azure > API Management > API Management Service > ServiceNow > Configuration Item > Table Definition
  • Azure > API Management > API Management Service > ServiceNow > Table
  • Azure > API Management > API Management Service > ServiceNow > Table > Definition

What's new?

• Server

  • Updated: The directory API to support Require Signed Assertion Response.

• UI:

  • Added: Introduced UI options for Require Signed Assertion Response for enhanced security in SAML authentication.

Requirements

• TEF: 1.51.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Enhanced Security and Compatibility Guide for SAML Authentication

Description: The recent update to @node-saml/passport-saml mandates the signing of the assertion response. To ensure backward compatibility, we have introduced a new configuration option in the UI:

• Require Signed Assertion Response

By default, this option is set to Disabled to maintain compatibility with existing setups.

Recommendations: We recommend enabling this option as it adds an additional layer of security. However, please be aware that enabling this setting might impact the SAML login functionality.

What's new?

• Control Types:

  • Azure > Relay > Namespace > ServiceNow
  • Azure > Relay > Namespace > ServiceNow > Configuration Item
  • Azure > Relay > Namespace > ServiceNow > Table

• Policy Types:

  • Azure > Relay > Namespace > ServiceNow
  • Azure > Relay > Namespace > ServiceNow > Configuration Item
  • Azure > Relay > Namespace > ServiceNow > Configuration Item > Record
  • Azure > Relay > Namespace > ServiceNow > Configuration Item > Table Definition
  • Azure > Relay > Namespace > ServiceNow > Table
  • Azure > Relay > Namespace > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table

• Policy Types:

  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow
  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item
  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Record
  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Configuration Item > Table Definition
  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table
  • Azure > Log Analytics > Log Analytics Workspace > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > App Service > App Service Plan > ServiceNow
  • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
  • Azure > App Service > App Service Plan > ServiceNow > Table
  • Azure > App Service > Function App > ServiceNow
  • Azure > App Service > Function App > ServiceNow > Configuration Item
  • Azure > App Service > Function App > ServiceNow > Table
  • Azure > App Service > Web App > ServiceNow
  • Azure > App Service > Web App > ServiceNow > Configuration Item
  • Azure > App Service > Web App > ServiceNow > Table

• Policy Types:

  • Azure > App Service > App Service Plan > ServiceNow
  • Azure > App Service > App Service Plan > ServiceNow > Configuration Item
  • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Record
  • Azure > App Service > App Service Plan > ServiceNow > Configuration Item > Table Definition
  • Azure > App Service > App Service Plan > ServiceNow > Table
  • Azure > App Service > App Service Plan > ServiceNow > Table > Definition
  • Azure > App Service > Function App > ServiceNow
  • Azure > App Service > Function App > ServiceNow > Configuration Item
  • Azure > App Service > Function App > ServiceNow > Configuration Item > Record
  • Azure > App Service > Function App > ServiceNow > Configuration Item > Table Definition
  • Azure > App Service > Function App > ServiceNow > Table
  • Azure > App Service > Function App > ServiceNow > Table > Definition
  • Azure > App Service > Web App > ServiceNow
  • Azure > App Service > Web App > ServiceNow > Configuration Item
  • Azure > App Service > Web App > ServiceNow > Configuration Item > Record
  • Azure > App Service > Web App > ServiceNow > Configuration Item > Table Definition
  • Azure > App Service > Web App > ServiceNow > Table
  • Azure > App Service > Web App > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > SignalR Service > SignalR > ServiceNow
  • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
  • Azure > SignalR Service > SignalR > ServiceNow > Table

• Policy Types:

  • Azure > SignalR Service > SignalR > ServiceNow
  • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item
  • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Record
  • Azure > SignalR Service > SignalR > ServiceNow > Configuration Item > Table Definition
  • Azure > SignalR Service > SignalR > ServiceNow > Table
  • Azure > SignalR Service > SignalR > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > AKS > Managed Cluster > ServiceNow
  • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
  • Azure > AKS > Managed Cluster > ServiceNow > Table

• Policy Types:

  • Azure > AKS > Managed Cluster > ServiceNow
  • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item
  • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Record
  • Azure > AKS > Managed Cluster > ServiceNow > Configuration Item > Table Definition
  • Azure > AKS > Managed Cluster > ServiceNow > Table
  • Azure > AKS > Managed Cluster > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > SQL > Database > ServiceNow
  • Azure > SQL > Database > ServiceNow > Configuration Item
  • Azure > SQL > Database > ServiceNow > Table
  • Azure > SQL > Elastic Pool > ServiceNow
  • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
  • Azure > SQL > Elastic Pool > ServiceNow > Table

• Policy Types:

  • Azure > SQL > Database > ServiceNow
  • Azure > SQL > Database > ServiceNow > Configuration Item
  • Azure > SQL > Database > ServiceNow > Configuration Item > Record
  • Azure > SQL > Database > ServiceNow > Configuration Item > Table Definition
  • Azure > SQL > Database > ServiceNow > Table
  • Azure > SQL > Database > ServiceNow > Table > Definition
  • Azure > SQL > Elastic Pool > ServiceNow
  • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item
  • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Record
  • Azure > SQL > Elastic Pool > ServiceNow > Configuration Item > Table Definition
  • Azure > SQL > Elastic Pool > ServiceNow > Table
  • Azure > SQL > Elastic Pool > ServiceNow > Table > Definition

What's new?

• Control Types:
  • Azure > Network > Application Security Group > ServiceNow
  • Azure > Network > Application Security Group > ServiceNow > Configuration Item
  • Azure > Network > Application Security Group > ServiceNow > Table
  • Azure > Network > Express Route Circuits > ServiceNow
  • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
  • Azure > Network > Express Route Circuits > ServiceNow > Table
  • Azure > Network > Network Interface > ServiceNow
  • Azure > Network > Network Interface > ServiceNow > Configuration Item
  • Azure > Network > Network Interface > ServiceNow > Table
  • Azure > Network > Private DNS Zones > ServiceNow
  • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
  • Azure > Network > Private DNS Zones > ServiceNow > Table
  • Azure > Network > Public IP Address > ServiceNow
  • Azure > Network > Public IP Address > ServiceNow > Configuration Item
  • Azure > Network > Public IP Address > ServiceNow > Table
  • Azure > Network > Route Table > ServiceNow
  • Azure > Network > Route Table > ServiceNow > Configuration Item
  • Azure > Network > Route Table > ServiceNow > Table
  • Azure > Network > Virtual Network Gateway > ServiceNow
  • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
  • Azure > Network > Virtual Network Gateway > ServiceNow > Table

• Policy Types:
  • Azure > Network > Application Security Group > ServiceNow
  • Azure > Network > Application Security Group > ServiceNow > Configuration Item
  • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Record
  • Azure > Network > Application Security Group > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Application Security Group > ServiceNow > Table
  • Azure > Network > Application Security Group > ServiceNow > Table > Definition
  • Azure > Network > Express Route Circuits > ServiceNow
  • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item
  • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Record
  • Azure > Network > Express Route Circuits > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Express Route Circuits > ServiceNow > Table
  • Azure > Network > Express Route Circuits > ServiceNow > Table > Definition
  • Azure > Network > Network Interface > ServiceNow
  • Azure > Network > Network Interface > ServiceNow > Configuration Item
  • Azure > Network > Network Interface > ServiceNow > Configuration Item > Record
  • Azure > Network > Network Interface > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Network Interface > ServiceNow > Table
  • Azure > Network > Network Interface > ServiceNow > Table > Definition
  • Azure > Network > Private DNS Zones > ServiceNow
  • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item
  • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Record
  • Azure > Network > Private DNS Zones > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Private DNS Zones > ServiceNow > Table
  • Azure > Network > Private DNS Zones > ServiceNow > Table > Definition
  • Azure > Network > Public IP Address > ServiceNow
  • Azure > Network > Public IP Address > ServiceNow > Configuration Item
  • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Record
  • Azure > Network > Public IP Address > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Public IP Address > ServiceNow > Table
  • Azure > Network > Public IP Address > ServiceNow > Table > Definition
  • Azure > Network > Route Table > ServiceNow
  • Azure > Network > Route Table > ServiceNow > Configuration Item
  • Azure > Network > Route Table > ServiceNow > Configuration Item > Record
  • Azure > Network > Route Table > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Route Table > ServiceNow > Table
  • Azure > Network > Route Table > ServiceNow > Table > Definition
  • Azure > Network > Virtual Network Gateway > ServiceNow
  • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item
  • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Record
  • Azure > Network > Virtual Network Gateway > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Virtual Network Gateway > ServiceNow > Table
  • Azure > Network > Virtual Network Gateway > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > Key Vault > Key > ServiceNow
  • Azure > Key Vault > Key > ServiceNow > Configuration Item
  • Azure > Key Vault > Key > ServiceNow > Table
  • Azure > Key Vault > Secret > ServiceNow
  • Azure > Key Vault > Secret > ServiceNow > Configuration Item
  • Azure > Key Vault > Secret > ServiceNow > Table
  • Azure > Key Vault > Vault > ServiceNow
  • Azure > Key Vault > Vault > ServiceNow > Configuration Item
  • Azure > Key Vault > Vault > ServiceNow > Table

• Policy Types:

  • Azure > Key Vault > Key > ServiceNow
  • Azure > Key Vault > Key > ServiceNow > Configuration Item
  • Azure > Key Vault > Key > ServiceNow > Configuration Item > Record
  • Azure > Key Vault > Key > ServiceNow > Configuration Item > Table Definition
  • Azure > Key Vault > Key > ServiceNow > Table
  • Azure > Key Vault > Key > ServiceNow > Table > Definition
  • Azure > Key Vault > Secret > ServiceNow
  • Azure > Key Vault > Secret > ServiceNow > Configuration Item
  • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Record
  • Azure > Key Vault > Secret > ServiceNow > Configuration Item > Table Definition
  • Azure > Key Vault > Secret > ServiceNow > Table
  • Azure > Key Vault > Secret > ServiceNow > Table > Definition
  • Azure > Key Vault > Vault > ServiceNow
  • Azure > Key Vault > Vault > ServiceNow > Configuration Item
  • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Record
  • Azure > Key Vault > Vault > ServiceNow > Configuration Item > Table Definition
  • Azure > Key Vault > Vault > ServiceNow > Table
  • Azure > Key Vault > Vault > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > PostgreSQL > Flexible Server > ServiceNow
  • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
  • Azure > PostgreSQL > Flexible Server > ServiceNow > Table

• Policy Types:

  • Azure > PostgreSQL > Flexible Server > ServiceNow
  • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item
  • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Record
  • Azure > PostgreSQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
  • Azure > PostgreSQL > Flexible Server > ServiceNow > Table
  • Azure > PostgreSQL > Flexible Server > ServiceNow > Table > Definition

What's new?

• Control Types:

  • Azure > MySQL > Flexible Server > ServiceNow
  • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
  • Azure > MySQL > Flexible Server > ServiceNow > Table

• Policy Types:

  • Azure > MySQL > Flexible Server > ServiceNow
  • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item
  • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Record
  • Azure > MySQL > Flexible Server > ServiceNow > Configuration Item > Table Definition
  • Azure > MySQL > Flexible Server > ServiceNow > Table
  • Azure > MySQL > Flexible Server > ServiceNow > Table > Definition

What's new?

• Control Types:

  • AWS > KMS > Key > ServiceNow
  • AWS > KMS > Key > ServiceNow > Configuration Item
  • AWS > KMS > Key > ServiceNow > Table

• Policy Types:

  • AWS > KMS > Key > ServiceNow
  • AWS > KMS > Key > ServiceNow > Configuration Item
  • AWS > KMS > Key > ServiceNow > Configuration Item > Record
  • AWS > KMS > Key > ServiceNow > Configuration Item > Table Definition
  • AWS > KMS > Key > ServiceNow > Table
  • AWS > KMS > Key > ServiceNow > Table > Definition

What's new?

• Control Types:

  • AWS > CloudWatch > Alarm > ServiceNow
  • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
  • AWS > CloudWatch > Alarm > ServiceNow > Table

• Policy Types:

  • AWS > CloudWatch > Alarm > ServiceNow
  • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item
  • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Record
  • AWS > CloudWatch > Alarm > ServiceNow > Configuration Item > Table Definition
  • AWS > CloudWatch > Alarm > ServiceNow > Table
  • AWS > CloudWatch > Alarm > ServiceNow > Table > Definition

What's new?

• Control Types:

  • AWS > CloudTrail > Trail > ServiceNow
  • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
  • AWS > CloudTrail > Trail > ServiceNow > Table

• Policy Types:

  • AWS > CloudTrail > Trail > ServiceNow
  • AWS > CloudTrail > Trail > ServiceNow > Configuration Item
  • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Record
  • AWS > CloudTrail > Trail > ServiceNow > Configuration Item > Table Definition
  • AWS > CloudTrail > Trail > ServiceNow > Table
  • AWS > CloudTrail > Trail > ServiceNow > Table > Definition

Bug fixes

• The AWS > RDS > DB Instance > Discovery control would sometimes upsert DocumentDB Instances as RDS Instances in Guardrails CMDB. This is fixed and the control will now filter out DocumentDB Instances while upserting resources in CMDB.

What's new?

• Added support for latest lambda runtimes in the AWS > Lambda > Function > Allowed Runtime > Values policy.

What's new?

• Control Types:

  • AWS > IAM > Root > Approved

• Policy Types:

  • AWS > IAM > Root > Approved
  • AWS > IAM > Root > Approved > Custom
  • AWS > IAM > Root > Approved > Usage

• Action Types:

  • AWS > IAM > Root > Skip alarm for Approved control
  • AWS > IAM > Root > Skip alarm for Approved control [90 days]

Bug fixes

• The AWS > IAM > Account Password Policy > CMDB control would incorrectly go into an Alarm state when Guardrails was denied access to fetch the Account Password Policy data. This is fixed and the control will now move to an Error state instead for such cases.
• Guardrails stack controls would sometimes fail to update IAM resources if the Terraform plan in the stack's source policy was updated. This is fixed and the stack controls will now update such resources correctly, as expected. Please note that this fix will only work for workspaces on TE v5.42.0 or higher.

Bug fixes

• README.md file is now available for users to check details about resource types that the mod covers.

What's new?

• AWS/CloudFront/Admin and AWS/CloudFront/Metadata will now also include permissions for CloudFront KeyValueStore.

Bug fixes

• Server
  • Guardrails will now process notifications correctly for a matching watch created via @turbot/sdk.

Requirements

• TEF: 1.51.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

What's new?

• Policy Types:

  • ServiceNow > Turbot > Watches > GCP

• Control Types:

  • ServiceNow > Turbot > Watches > GCP

• Action Types:

  • ServiceNow > Turbot > Watches > GCP Archive And Delete Record

What's new?

• Policy Types:

  • GCP > Storage > Bucket > ServiceNow
  • GCP > Storage > Bucket > ServiceNow > Configuration Item
  • GCP > Storage > Bucket > ServiceNow > Configuration Item > Record
  • GCP > Storage > Bucket > ServiceNow > Configuration Item > Table Definition
  • GCP > Storage > Bucket > ServiceNow > Table
  • GCP > Storage > Bucket > ServiceNow > Table > Definition

• Control Types:

  • GCP > Storage > Bucket > ServiceNow
  • GCP > Storage > Bucket > ServiceNow > Configuration Item
  • GCP > Storage > Bucket > ServiceNow > Table

What's new?

• Policy Types:

  • GCP > SQL > Instance > ServiceNow
  • GCP > SQL > Instance > ServiceNow > Configuration Item
  • GCP > SQL > Instance > ServiceNow > Configuration Item > Record
  • GCP > SQL > Instance > ServiceNow > Configuration Item > Table Definition
  • GCP > SQL > Instance > ServiceNow > Table
  • GCP > SQL > Instance > ServiceNow > Table > Definition

• Control Types:

  • GCP > SQL > Instance > ServiceNow
  • GCP > SQL > Instance > ServiceNow > Configuration Item
  • GCP > SQL > Instance > ServiceNow > Table

What's new?

• Policy Types:

  • GCP > Network > Network > ServiceNow
  • GCP > Network > Network > ServiceNow > Configuration Item
  • GCP > Network > Network > ServiceNow > Configuration Item > Record
  • GCP > Network > Network > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Network > ServiceNow > Table
  • GCP > Network > Network > ServiceNow > Table > Definition
  • GCP > Network > Subnetwork > ServiceNow
  • GCP > Network > Subnetwork > ServiceNow > Configuration Item
  • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Record
  • GCP > Network > Subnetwork > ServiceNow > Configuration Item > Table Definition
  • GCP > Network > Subnetwork > ServiceNow > Table
  • GCP > Network > Subnetwork > ServiceNow > Table > Definition

• Control Types:

  • GCP > Network > Network > ServiceNow
  • GCP > Network > Network > ServiceNow > Configuration Item
  • GCP > Network > Network > ServiceNow > Table
  • GCP > Network > Subnetwork > ServiceNow
  • GCP > Network > Subnetwork > ServiceNow > Configuration Item
  • GCP > Network > Subnetwork > ServiceNow > Table

What's new?

• Policy Types:

  • GCP > Compute Engine > Disk > ServiceNow
  • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
  • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Disk > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Disk > ServiceNow > Table
  • GCP > Compute Engine > Disk > ServiceNow > Table > Definition
  • GCP > Compute Engine > Image > ServiceNow
  • GCP > Compute Engine > Image > ServiceNow > Configuration Item
  • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Image > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Image > ServiceNow > Table
  • GCP > Compute Engine > Image > ServiceNow > Table > Definition
  • GCP > Compute Engine > Instance > ServiceNow
  • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
  • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Instance > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Instance > ServiceNow > Table
  • GCP > Compute Engine > Instance > ServiceNow > Table > Definition
  • GCP > Compute Engine > Snapshot > ServiceNow
  • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
  • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Record
  • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item > Table Definition
  • GCP > Compute Engine > Snapshot > ServiceNow > Table
  • GCP > Compute Engine > Snapshot > ServiceNow > Table > Definition

• Control Types:

  • GCP > Compute Engine > Disk > ServiceNow
  • GCP > Compute Engine > Disk > ServiceNow > Configuration Item
  • GCP > Compute Engine > Disk > ServiceNow > Table
  • GCP > Compute Engine > Image > ServiceNow
  • GCP > Compute Engine > Image > ServiceNow > Configuration Item
  • GCP > Compute Engine > Image > ServiceNow > Table
  • GCP > Compute Engine > Instance > ServiceNow
  • GCP > Compute Engine > Instance > ServiceNow > Configuration Item
  • GCP > Compute Engine > Instance > ServiceNow > Table
  • GCP > Compute Engine > Snapshot > ServiceNow
  • GCP > Compute Engine > Snapshot > ServiceNow > Configuration Item
  • GCP > Compute Engine > Snapshot > ServiceNow > Table

What's new?

• Policy Types:

  • ServiceNow > Turbot > Watches > Azure

• Control Types:

  • ServiceNow > Turbot > Watches > Azure

• Action Types:

  • ServiceNow > Turbot > Watches > Azure Archive And Delete Record

What's new?

• Policy Types:

  • Azure > Storage > Storage Account > ServiceNow
  • Azure > Storage > Storage Account > ServiceNow > Configuration Item
  • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Record
  • Azure > Storage > Storage Account > ServiceNow > Configuration Item > Table Definition
  • Azure > Storage > Storage Account > ServiceNow > Table
  • Azure > Storage > Storage Account > ServiceNow > Table > Definition

• Control Types:

  • Azure > Storage > Storage Account > ServiceNow
  • Azure > Storage > Storage Account > ServiceNow > Configuration Item
  • Azure > Storage > Storage Account > ServiceNow > Table

What's new?

• Policy Types:

  • Azure > SQL > Server > ServiceNow
  • Azure > SQL > Server > ServiceNow > Configuration Item
  • Azure > SQL > Server > ServiceNow > Configuration Item > Record
  • Azure > SQL > Server > ServiceNow > Configuration Item > Table Definition
  • Azure > SQL > Server > ServiceNow > Table
  • Azure > SQL > Server > ServiceNow > Table > Definition

• Control Types:

  • Azure > SQL > Server > ServiceNow
  • Azure > SQL > Server > ServiceNow > Configuration Item
  • Azure > SQL > Server > ServiceNow > Table

What's new?

• Policy Types:

  • Azure > PostgreSQL > Server > ServiceNow
  • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
  • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Record
  • Azure > PostgreSQL > Server > ServiceNow > Configuration Item > Table Definition
  • Azure > PostgreSQL > Server > ServiceNow > Table
  • Azure > PostgreSQL > Server > ServiceNow > Table > Definition

• Control Types:

  • Azure > PostgreSQL > Server > ServiceNow
  • Azure > PostgreSQL > Server > ServiceNow > Configuration Item
  • Azure > PostgreSQL > Server > ServiceNow > Table

What's new?

• Policy Types:

  • Azure > Network > Network Security Group > ServiceNow
  • Azure > Network > Network Security Group > ServiceNow > Configuration Item
  • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Record
  • Azure > Network > Network Security Group > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Network Security Group > ServiceNow > Table
  • Azure > Network > Network Security Group > ServiceNow > Table > Definition
  • Azure > Network > Subnet > ServiceNow
  • Azure > Network > Subnet > ServiceNow > Configuration Item
  • Azure > Network > Subnet > ServiceNow > Configuration Item > Record
  • Azure > Network > Subnet > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Subnet > ServiceNow > Table
  • Azure > Network > Subnet > ServiceNow > Table > Definition
  • Azure > Network > Virtual Network > ServiceNow
  • Azure > Network > Virtual Network > ServiceNow > Configuration Item
  • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Record
  • Azure > Network > Virtual Network > ServiceNow > Configuration Item > Table Definition
  • Azure > Network > Virtual Network > ServiceNow > Table
  • Azure > Network > Virtual Network > ServiceNow > Table > Definition

• Control Types:

  • Azure > Network > Network Security Group > ServiceNow
  • Azure > Network > Network Security Group > ServiceNow > Configuration Item
  • Azure > Network > Network Security Group > ServiceNow > Table
  • Azure > Network > Subnet > ServiceNow
  • Azure > Network > Subnet > ServiceNow > Configuration Item
  • Azure > Network > Subnet > ServiceNow > Table
  • Azure > Network > Virtual Network > ServiceNow
  • Azure > Network > Virtual Network > ServiceNow > Configuration Item
  • Azure > Network > Virtual Network > ServiceNow > Table

What's new?

• Policy Types:

  • Azure > MySQL > Server > ServiceNow
  • Azure > MySQL > Server > ServiceNow > Configuration Item
  • Azure > MySQL > Server > ServiceNow > Configuration Item > Record
  • Azure > MySQL > Server > ServiceNow > Configuration Item > Table Definition
  • Azure > MySQL > Server > ServiceNow > Table
  • Azure > MySQL > Server > ServiceNow > Table > Definition

• Control Types:

  • Azure > MySQL > Server > ServiceNow
  • Azure > MySQL > Server > ServiceNow > Configuration Item
  • Azure > MySQL > Server > ServiceNow > Table

What's new?

• Policy Types:

  • Azure > Compute > Availability Set > ServiceNow
  • Azure > Compute > Availability Set > ServiceNow > Configuration Item
  • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Record
  • Azure > Compute > Availability Set > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Availability Set > ServiceNow > Table
  • Azure > Compute > Availability Set > ServiceNow > Table > Definition
  • Azure > Compute > Disk > ServiceNow
  • Azure > Compute > Disk > ServiceNow > Configuration Item
  • Azure > Compute > Disk > ServiceNow > Configuration Item > Record
  • Azure > Compute > Disk > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Disk > ServiceNow > Table
  • Azure > Compute > Disk > ServiceNow > Table > Definition
  • Azure > Compute > Disk Encryption Set > ServiceNow
  • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
  • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Record
  • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Disk Encryption Set > ServiceNow > Table
  • Azure > Compute > Disk Encryption Set > ServiceNow > Table > Definition
  • Azure > Compute > Image > ServiceNow
  • Azure > Compute > Image > ServiceNow > Configuration Item
  • Azure > Compute > Image > ServiceNow > Configuration Item > Record
  • Azure > Compute > Image > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Image > ServiceNow > Table
  • Azure > Compute > Image > ServiceNow > Table > Definition
  • Azure > Compute > Snapshot > ServiceNow
  • Azure > Compute > Snapshot > ServiceNow > Configuration Item
  • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Record
  • Azure > Compute > Snapshot > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Snapshot > ServiceNow > Table
  • Azure > Compute > Snapshot > ServiceNow > Table > Definition
  • Azure > Compute > Ssh Public Key > ServiceNow
  • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
  • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Record
  • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Ssh Public Key > ServiceNow > Table
  • Azure > Compute > Ssh Public Key > ServiceNow > Table > Definition
  • Azure > Compute > Virtual Machine > ServiceNow
  • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
  • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Record
  • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Virtual Machine > ServiceNow > Table
  • Azure > Compute > Virtual Machine > ServiceNow > Table > Definition
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Record
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item > Table Definition
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table > Definition

• Control Types:

  • Azure > Compute > Availability Set > ServiceNow
  • Azure > Compute > Availability Set > ServiceNow > Configuration Item
  • Azure > Compute > Availability Set > ServiceNow > Table
  • Azure > Compute > Disk > ServiceNow
  • Azure > Compute > Disk > ServiceNow > Configuration Item
  • Azure > Compute > Disk > ServiceNow > Table
  • Azure > Compute > Disk Encryption Set > ServiceNow
  • Azure > Compute > Disk Encryption Set > ServiceNow > Configuration Item
  • Azure > Compute > Disk Encryption Set > ServiceNow > Table
  • Azure > Compute > Image > ServiceNow
  • Azure > Compute > Image > ServiceNow > Configuration Item
  • Azure > Compute > Image > ServiceNow > Table
  • Azure > Compute > Snapshot > ServiceNow
  • Azure > Compute > Snapshot > ServiceNow > Configuration Item
  • Azure > Compute > Snapshot > ServiceNow > Table
  • Azure > Compute > Ssh Public Key > ServiceNow
  • Azure > Compute > Ssh Public Key > ServiceNow > Configuration Item
  • Azure > Compute > Ssh Public Key > ServiceNow > Table
  • Azure > Compute > Virtual Machine > ServiceNow
  • Azure > Compute > Virtual Machine > ServiceNow > Configuration Item
  • Azure > Compute > Virtual Machine > ServiceNow > Table
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Configuration Item
  • Azure > Compute > Virtual Machine Scale Set > ServiceNow > Table

Bug fixes

• The ServiceNow > Turbot > Watches > AWS control would fail to delete/archive records in ServiceNow. This is now fixed.

Bug fixes

• Server
  • Updated TE stack to enable propagation of custom tags to ECS tasks.
  • Updated @turbot/aws-sdk to 5.13.0, @turbot/fn to 5.21.0 and aws-sdk to 2.922.

Requirements

• TEF: 1.51.0
• TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3

Bug fixes

• The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
• The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
• The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

• The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
• The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
• The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

• The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
• The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
• The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

• The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
• The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
• The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

• The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
• The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
• The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

• The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
• The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
• The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

• The Table control did not allow extending the resource's Table from any other Table in ServiceNow but the cmdb_ci* Table. This is fixed and users will now be able to extend the resource's Table off of any Table in ServiceNow.
• The Configuration Item control would sometimes go into an invalid state if the corresponding Table was not found in ServiceNow. The control will now go to an error state instead, which will allow Guardrails to retry running the control automatically.
• The Configuration Item control would sometimes fail to detect if any columns were missing from the corresponding Table before creating a record in ServiceNow. This is fixed and the control will now work correctly as expected.

Bug fixes

• The Discovery controls for Application, Cost Center and User would sometimes upsert resources with incorrect AKAs for a freshly imported ServiceNow Instance in Guardrails CMDB. This is fixed and the controls will now work as expected.

Bug fixes

• The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

• The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

• The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

• The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

• The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.

Bug fixes

• The ServiceNow Table control would sometimes fail to create tables correctly in ServiceNow. This is now fixed.