generated from adobe/aem-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f2b17b5
commit 1b2d519
Showing
3 changed files
with
138 additions
and
88 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
163 changes: 124 additions & 39 deletions
163
...lease-info/features-introduced-in-2025/features-introduced-in-january-2025.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,69 +1,154 @@ | ||
== Features Introduced in January 2024 | ||
|
||
Learn what's new on Prisma® Cloud in January 2024. | ||
|
||
* <<announcement>> | ||
* <<new-features>> | ||
* <<api-ingestions>> | ||
* <<new-policies>> | ||
* <<policy-updates>> | ||
* <<policy-updates-iam>> | ||
* <<new-compliance-benchmarks-and-updates>> | ||
* <<rest-api-updates>> | ||
Learn what's new on Prisma® Cloud in January 2025. | ||
|
||
* <<enhancements>> | ||
* <<intelligence-stream-updates>> | ||
//* <<announcement>> | ||
//* <<new-features>> | ||
//* <<api-ingestions>> | ||
//* <<new-policies>> | ||
//* <<policy-updates>> | ||
//* <<policy-updates-iam>> | ||
//* <<new-compliance-benchmarks-and-updates>> | ||
//* <<rest-api-updates>> | ||
//* <<changes-in-existing-behavior>> | ||
* <<deprecation-notices>> | ||
//* <<deprecation-notices>> | ||
[#announcement] | ||
=== Announcement | ||
//[#announcement] | ||
//=== Announcement | ||
|
||
[cols="50%a,50%a"] | ||
//[cols="50%a,50%a"] | ||
//|=== | ||
//|*Feature* | ||
//|*Description* | ||
//|=== | ||
|
||
[#enhancements] | ||
=== Enhancements | ||
[cols="30%a,70%a"] | ||
|=== | ||
|*Feature* | ||
|*Description* | ||
|
||
|Enhancement to Prevent Action with `fsmon_v2` | ||
//CWP-62711 | ||
|
||
|To improve the handling of file system events for Prevent Action in the Runtime Policy, `fsmon_v2` has been developed. This new version of fsmon manages event timeouts in an efficient way. This enhancement ensures independent handling of each event, reduces bottlenecks, and improves overall performance. | ||
|
||
|=== | ||
NOTE: While `fsmon_v2` brings significant improvements, it is still under active development, and further stability enhancements are planned. | ||
|
||
By default, fsmon_v2 is not enabled. To activate it, set the environment variable `FSMON_V2=true`. | ||
|
||
You can verify the configuration by checking the Defender logs for the message, `Initializing filesystem monitoring agent /usr/local/bin/fsmon_v2`. | ||
|
||
[#new-features] | ||
=== New Features | ||
|
||
[cols="50%a,50%a"] | ||
|"last-connected" Field Added to Defender Stats Logs | ||
//CWP-62666 | ||
|
||
tt:[Secure the Runtime] | ||
|
||
tt:[33.03.138] | ||
|A new field, last-connected, has been added to each Defender stats log. This field records the last confirmed connection time between the Defender and the Console, even when the Connected flag is set to false. The timestamp is represented in epoch seconds (UTC), providing customers with a reliable way to track connection history. | ||
|=== | ||
|
||
[#intelligence-stream-updates] | ||
=== Intelligence Stream Updates | ||
[cols="30%a,70%a"] | ||
|=== | ||
|*Feature* | ||
|*Description* | ||
|Enhancements to Vulnerability Reporting for Red Hat Enterprise Linux (RHEL) Versions 8 and 9 | ||
//CWP-30827 | ||
|
||
|=== | ||
tt:[Secure the Runtime] | ||
|
||
[#policy-updates] | ||
=== Policy Updates | ||
tt:[33.03.138] | ||
|To ensure accurate vulnerability reporting, Intelligence Stream will include RPM module and stream information for RHEL in the reports. This approach improves detection of vulnerabilities and ensures that all associated RPM packages installed by a module are examined during the scan. | ||
|
||
[cols="50%a,50%a"] | ||
|=== | ||
|*Policy Updates* | ||
|*Description* | ||
*What are RPM Modules and Streams?* | ||
|
||
|=== | ||
In Red Hat Enterprise Linux (RHEL), an RPM module is a collection of related RPM packages that represent a software component, such as an application, its dependencies, and helper utilities. Starting with RHEL 6 and 7, modules replaced the Software Collections mechanism. | ||
|
||
Modules are structured in the following way: | ||
|
||
[#new-compliance-benchmarks-and-updates] | ||
=== New Compliance Benchmarks and Updates | ||
* *Module Streams*: Virtual repositories within the AppStream repository. Each stream corresponds to a specific version of the module and receives independent updates. | ||
[cols="50%a,50%a"] | ||
|=== | ||
|*Compliance Benchmark* | ||
|*Description* | ||
* *Stream Activation*: At any time, only one stream of a module can be active, meaning only one version of a component can be installed on a system. | ||
|=== | ||
For example, the notation `python39:3.9/python39` indicates the module `python39`, the stream `3.9`, and the source package `python39`. | ||
|
||
[#rest-api-updates] | ||
=== REST API Updates | ||
*Enhancements to Vulnerability Reporting* | ||
|
||
[cols="37%a,63%a"] | ||
|=== | ||
|*Change* | ||
|*Description* | ||
* *Module-Based Vulnerability Identification*: Scans will report vulnerabilities based on the module and stream configuration. This ensures accurate detection and avoids false positives or false negatives caused by discrepancies in versioning or backported fixes. | ||
* *Inclusion of RPM Module Metadata in Scan Results*: The enhanced implementation associates RPM packages with their respective modules and streams. The Prisma Cloud console will include this module information in vulnerability scan results. | ||
*Benefits of Module-Aware Vulnerability Reporting* | ||
|
||
* *Improved Accuracy*: Matches CVE fixes to the correct module stream. | ||
* *Reduced False Positives*: Avoids misreporting of vulnerabilities fixed in older streams. | ||
* *Comprehensive Coverage*: Links all RPM packages installed by a module to its vulnerabilities. | ||
|Enhanced Vulnerability Reporting for NuGet Packages | ||
//CWP-49786 | ||
|
||
tt:[Secure the Runtime] | ||
|
||
tt:[33.03.138] | ||
|Previously, the scanning process included NuGet packages listed in the `.deps.json` files, which were essential for the runtime environment but not related to the application itself. These unrelated packages result in false positives in vulnerability reporting. | ||
|
||
With this enhancement, the scanning process excludes runtime-specific dependencies that are not directly related to the application. This provides a more accurate view of vulnerabilities directly associated with the application, and reduces false positive alerts. | ||
|
||
*NOTE*: | ||
|
||
* This enhancement requires upgrading Defenders to the latest version. | ||
* The updated Defender accurately identifies package dependencies, which leads to fewer false positives. | ||
* Older Defender versions will remain unaffected by this change, and their behavior remains unchanged. | ||
|=== | ||
|
||
//[#new-features] | ||
//=== New Features | ||
|
||
//[cols="50%a,50%a"] | ||
//|=== | ||
//|*Feature* | ||
//|*Description* | ||
|
||
//|=== | ||
|
||
//[#policy-updates] | ||
//=== Policy Updates | ||
|
||
//[cols="50%a,50%a"] | ||
//|=== | ||
//|*Policy Updates* | ||
//|*Description* | ||
|
||
//|=== | ||
|
||
|
||
//[#new-compliance-benchmarks-and-updates] | ||
//=== New Compliance Benchmarks and Updates | ||
|
||
//[cols="50%a,50%a"] | ||
//|=== | ||
//|*Compliance Benchmark* | ||
//|*Description* | ||
|
||
//|=== | ||
|
||
//[#rest-api-updates] | ||
//=== REST API Updates | ||
|
||
//[cols="37%a,63%a"] | ||
//|=== | ||
//|*Change* | ||
//|*Description* | ||
|
||
|
||
//|=== |