Cloud Security Plus Release Notes

Build 4201 (Mar 2024)

Fix:

• Cloud Security Plus initial startup issue has been resolved.

Build 4200 (Jan 2024)

Enhancements:

• The public key certificate for service pack upgrade has been updated.
• Cloud Security Plus now supports TLS 1.2.

Build 4170 (Nov 2023)

Enhancements:

• Internal code refactoring has been done to enhance security.
• The support tab has been revamped for better user experience.
• An AMS Expiry Date field has been added to the License Details pop-up.

Fixes:

• The issue of emails not being sent from Cloud Security Plus has been resolved.
• The TFA email verification configuration issue has been fixed.
• The issue with enabling the HTTPS port has been resolved.

Build 4162 (Jun 2023)

Security fixes:

• This release fixes the TFA authentication bypass security vulnerability (CVE-2023-35785) reported by Thang Nguyen.

Enhancements:

• Mail server configuration issue has been resolved.

Build 4161 (May 2023)

Enhancement:

• Internal code refactoring has been done to enhance security.

Fixes:

• Log360 UEBA log fetch issue during integration has been fixed.
• AD domain user login issues have been resolved.
• User login blocking issues have been fixed.

Build 4160 (Feb 2023)

New Features:

• Two-factor authentication: 2FA has now been enabled to prevent all password related attacks and to enhance login security.
• Security configurations and the security score of the product can now be viewed in a single console.
• If multiple failed login attempts is observed, Cloud Security Plus can automatically block users.
• Super admin can now reset their 2FA and account password.
• An option to download and apply critical security fixes automatically has been added.

Enhancements:

• Integrity check has been added to the product service pack upgrade.
• Notification panel has been enhanced for ease of use.
• An option to receive product downtime notification via email has been added.

Build 4150 (Sep 2022)

Enhancement:

• Enhanced user interface: The applications panel to access other ManageEngine products from Cloud Security Plus has been revamped for better user experience.

Fix:

• Issue in log collection from Google Cloud Platform has been fixed.

Build 4141 (Jul 2022)

Enhancement:

• The web application firewall has been refactored to avoid DOS attacks and to strengthen security.
• In-product notification will be available for future updates and security patch releases.

Build 4140 (Apr 2022)

New features:

• Application & Network Load Balancers are now supported with new report groups.
• Service Pack support provided for product versions 4116 and above.

Enhancement:

• Internal code refactoring has been done to adopt web application firewall and to enhance security.

Build 4131 (Feb 2022)

Enhancement:

• Internal code refactoring has been done to enhance security.

Build 4130 (Jan 2022)

New feature:

• Centralized Technician Management: Technicians accounts can be managed centrally from the Log360 UI.

Build 4122 (Dec 2021)

Fix:

• Due to the recent Apache Log4j vulnerability (CVE-2021-45105), we have updated the Apache’s Log4j (used in Cloud Security Plus in the bundled dependency) to the latest unaffected version in this release.

Build 4121 (Dec 2021)

Fix:

• Due to the recent Apache Log4j vulnerabilities (CVE-2021-45046 and CVE-2021-44228), we have updated the Apache’s Log4j (used in Cloud Security Plus in the bundled dependency) to the latest unaffected version in this release.

Build 4120 (Dec 2021)

Fix:

• This release includes a fix for the Apache Log4j vulnerability (CVE-2021-44228).

Build 4119 (Sep 2021)

Security Issue fix:

• An authentication bypass vulnerability affecting REST API URLs, rated critical, has now been fixed.

Build 4118 (Aug 2021)

Enhancement:

• Cloud Security Plus data can now be integrated with Log360 UEBA add-on for anomaly modeling.

Build 4117 (May 2021)

Fix:

• This release includes fix for the ZVE-2021-1522 CSRF vulnerability observed while updating the server proxy settings, reported by Sahil Dhar.

Build 4116 (Feb 2021)

User Interface Enhancement:

• The apps pane in Cloud Security Plus has been enhanced to make it easier to access.

Fix:

• Domain user profile handling of Cloud Security Plus in Log360.

Build 4115 (Jan 2021)

Fix:

• The integrity of the downloaded scripts and executables can now be verified. This is to ensure they have not been tampered with by malicious entities.

Build 4113 (Aug 2020)

Fix:

• This release includes fixes for the path traversal vulnerability which allows attackers to read arbitrary files on the system where Cloud Security Plus is installed.

Build 4112 (Jun 2020)

New features:

• Support for AWS China Regions (Beijing and Ningxia).
• Chinese language support

Build 4111 (Jun 2020)

Fix:

• Cloud Security Plus now supports the latest version (PostgreSQL 10.12) for its backend database.

Build 4110 (May 2020)

Fix:

• This release includes fixes for the CVE-2020-24786 vulnerability, which allowed unauthenticated changes to integration system configuration, reported by Florian Hauser.

Build 4109 (Apr 2020)

Feature:

• Log360's UEBA add-on can now ingest and analyze data from the Cloud Security Plus component of Log360, and spot behavioral anomalies in AWS, Azure, and Google Cloud Platform.

Build 4108 (Mar 2020)

Feature:

• Active Directory Login: Cloud Security Plus now supports Active Directory login, in addition to the regular local authentication.

Enhancement:

• You can now access the event details for triggered alerts in the console.

Build 4107 (Jan 2020)

Enhancements:

• Azure China Cloud is now supported.
• All Log360 components can now be accessed directly from the Cloud Security Plus console if the "Enable Single Console" setting is enabled in Log360.

Build 4106 (Nov 2019)

New Feature:

• Cloud Security Plus now supports Salesforce Setup Audit Trail logs.

Enhancement:

• Azure Government Cloud is now supported.
• Salesforce reports now display usernames in place of user IDs.
• Salesforce event monitoring logs can now be synced on an hourly basis.

Build 4105 (July 2019)

New Feature:

• Google Cloud Platform logs management: Processes Google Cloud Platform logs to give insights on user activity and all services in the platform.

Enhancement:

• In the Azure cloud platform, Network Security Group logs will also be collected and analyzed for better insights.

Build 4104 (Jun 2019)

Enhancements:

• The reports in the S3 Bucket Activity group have been enhanced for easier monitoring of recently created, modified, and deleted buckets.
• Reports such as S3 Requests By IP and S3 Requests By File have been added for deeper analysis of S3 traffic.
• S3 File Changes Audit reports have been added to audit file creation, deletion, and modification in each configured bucket.

Build 4103 (April 2019)

New Feature:

• Proxy Server Settings: You can now configure Cloud Security Plus to access your cloud platform through a proxy server.

Build 4102 (August 2018)

Enhancement:

• Added authorization and authentication for the Elasticsearch.

Fix:

• Issue in database backup with custom range has been fixed.

Build 4101 (June 2018)

Features:

• Password protection can be enabled for reports that are exported in PDF, HTML and CSV formats.
• Users with administrator privileges can now audit the report export activities.
• Password protection provided for database backups.

Enhancements:

• Option to enable data masking for Personally Identifiable Information (PII) in exported reports.
• Product notifications such as the port used and alerts can now be viewed from within the product by clicking on the notification icon in the header.

Build 4100 (Apr 2018)

Feature:

• Salesforce log management: Processes Salesforce logs to give reports on login, search, content, and user activity.

Enhancements:

• Reports can be selected and pinned to favorites.
• Scheduling of reports has been made easier.

Build 4008 (Feb 2018)

New feature:

Automated AWS log collection

• You only have to create a designated AWS IAM user with the necessary permissions and enter the credentials in Cloud Security Plus for it to start collecting the logs from AWS environment.

Fixes:

• Security issue during login has been fixed.
• Issue which disclosed sensitive information in logs has been fixed.

Build 4007 (Dec 2017)

Feature:

• Cloud Security Plus now supports AWS GovCloud.

Fix:

• The issue in advanced search in the report section has been fixed.

Build 4006 (Sep 2017)

Feature:

• Cloud Security Plus can now collect Classic Elastic Load Balancer (ELB) access logs to generate reports that help analyse the traffic to your ELB and troubleshoot issues.

Enhancement:

• Collect Azure activity logs from multiple Azure subscriptions using a single app.

Build 4005 (Aug 2017)

Features:

• IAM popup: The reports now come with a filter to view actions performed by specific IAM users, roles or groups.
• SIEM integration: Logs collected by Cloud Security Plus can now be forwarded to an external syslog server and to Splunk.

Enhancement:

• Adding CloudTrail as a data source in Cloud Security Plus has been made easier.
• Reports on AWS activity has now been consolidated for easier understanding.
• HTTP and HTTPS port can now be switched from within the product.

Build 4004 (Aug 2017)

Enhancement:

• S3 server access logging can now be enabled for S3 buckets created in the North Virginia region.

Fix:

• Issue with log search page has been fixed.

Build 4003 (May 2017)

Enhancements:

• Integration with ManageEngine Log360

Build 4002 (Apr 2017)

Features:

New reports in AWS log management

• Addition of "IAM Credential Report" under the IAM Reports category.
• Addition of a new report category - Route 53 reports.
  These reports keep track of activities happening in the Domain Name System (DNS) web-service of Amazon. The activities covered include, the creation and deletion of hosted zones, failed Route 53 activity, traffic policy configuration changes and more.

Enhancements:

• Option to enable, disable, and edit technicians.
• Alerts and report scheduling can be enabled, disabled, and edited.
• Improved the efficiency of "Export Report."
• Now get scheduled reports delivered to you via email as attachments.
• Configure mail servers to use TLS and SSL for secure connection.
• ES index archiving is now supported.

Build 4001 (Feb 2017)

Enhancements:

• Additional graphs have been added to the reports.
• An option to send a test mail while configuring an email account.

Fixes:

• Time mismatch in AWS reports.
• Issues in searches with ":" and "OR"
• The issue in deleting an alert.
• Issue while exporting reports with hidden columns.

Build 4000 (Feb 2017)

Features:

• AWS API activity log management: Collects and analyzes CloudTrail and S3 server access logs to provide detailed information on events that occur in Amazon EC2, Web Application Firewalls (WAF), Relational Database Service (RDS), Lambda, Security Token Service (STS), Elastic Block Store (EBS), Virtual Private Cloud (VPC), Elastic Load Balancer (ELB), and Simple Storage Service (S3).
• Azure activity logs management: Processes Azure activity logs to give insights on user activity and any changes made to network security groups, virtual networks, DNS zones, virtual machines, databases, and storage accounts.
• Out-of-the-box reports for monitoring: Comes with 100+ pre-defined reports that help in meeting the security and operational needs of cloud security administrators.
• Report scheduling: Allows users to automate report generation by scheduling the reports at specific time intervals. The solution also provides option to redistribute the reports to administrators over email.
• Alerting: Provides instant email alert notifications for any critical change happening in AWS and Azure environments, such as network configuration changes, security group creations, new user creations and more.