Release Notes 4.2 (2306)
Released November 22, 2023
CoreStack FinOps
FinOps Portal
- Azure Hybrid Benefits has been enhanced to list recommendations for the following Operating Systems: RHEL, SLES, Windows, SQL VMs, and Managed Instances.
- In Cost Posture, the Azure CSP view has been enhanced to provide a hierarchy view diagram as an image. This image can be downloaded as a PDF as well. Similar image and download functionality already exists for the AWS Org view.
Consolidated Charge Report Enhancement for AWS, Azure, OCI
- Included CPU and Memory spec information in the consolidated charge report.
FinOps Lite Contributor Role
- Added FinOps Lite Contributor role in the FinOps bundle. Users with this role can access the modules listed below:
- Account Governance Dashboard: Users can view and manage cloud accounts.
- Cost Posture: Users can view cost posture pages.
- Cost Dashboard: Users have read-only access for the below widgets.
- Spend Summary
- Optimization Summary
CoreStack SecOps
Notification for Security Vulnerabilities
- Added a Notifications section for Vulnerability Assessments that can be configured to send summary emails to configured users or trigger one or more webhook(s)/Teams webhook(s).
- The summary notification provides information about tenant name, service, cloud account name, and account ID/subscription. This notification also provides information about the total number of vulnerabilities for the cloud account and their splits by the respective age of each vulnerability.
Notification for Security Threats
- Added a Notifications section for Threat Management that can be configured to send summary emails to configured users or trigger one or more webhook(s)/Teams webhook(s).
- The summary notification provides information about tenant name, service, cloud account name, and account ID/subscription. This notification also provides information about the total number of new threats from the last sync date til the current date, and their splits by severity and finding types.
Notification for Security Hub
- Users can enable the Notifications section of Security Hub to send summary emails to configured users or trigger one or more webhook(s)/Teams webhook(s).
- The notification provides information about the total new findings in Security Hub for the cloud account from the last sync date til the current date. It includes the split of findings by different products as per severity (critical/high/medium/low).
Compliance Enhancements
- Removed compliance configuration for executing a compliance standard after account onboarding. All accounts should be able to execute compliance standards without configuration.
- Compliance standards execution scheduling has been added as the Schedules tab on the Compliance Standards page. Schedules have been removed from the post account onboarding compliance configuration.
Host Name Inclusion in Compliance Report
- The Compliance Assessment Report is an existing report that shows details about control violations, compliance status of controls as per policy execution and manual controls, and an inventory summary of various services.
- This report now includes the host name and location of resources.
- The assessment status of controls now shows violation or success.
- The compliant percentage for controls is now added.
Tagging Governance - Supported Resources for Azure
- Resource Group
- Network Security Group
- Public IP Address
- Network Watcher
- Azure Route Table
- Private DNS Zone Network Links
- Traffic Manager Profile
- Azure Database for PostgreSQL Servers
- SQL Servers
- Azure Cache for Redis
- Azure Automation Account
- Traffic Manager Profile
MyPolicy Support
- Remediation action can be defined that is triggered to remediate policy violations.
CoreStack CloudOps
Removal of Alarms for Deleted Resources
- When cloud resources are deleted, any alarms created for them through CoreStack will be automatically deleted from both CoreStack and the hyperscaler.
AWS Systems Manager (SSM) Command Documents
- AWS SSM Command Documents are now available in CoreStack.
- Users can execute Command Documents and view their execution history.
All Resource Inventory Details Report
- The All Resource Inventory Details Report is a SQL Server Reporting Services (SSRS) report that can be generated and viewed by users. This report provides information about inventories in a report format. Users can slice and dice the report using filters as well as schedule them to run at certain times.
Service Resource Integration
Below is the list of service resources supported:
| Service Name | Metrics Added | Inventory Support | Activity Support | Relationships Support | Tagging Governance Support |
|---|---|---|---|---|---|
| GCP File Store Enterprise | - | Yes | Yes | - | Yes |
Upload JSON Support
- CoreStack now provides support for uploading Terraform templates through JSON.
Download Job Result
- CoreStack now supports the downloading of executed Terraform job logs.
Frequency Field
- A Frequency field has been added for Azure monitoring templates.
CoreStack Core
Partner Service Admins
- Partner Service Admins can create new tenants and will be able to view any newly added tenants.
Tags at Account Master/Tenant/Cloud Account Levels
- Custom tags (Beta) can now be created at Account Master, Tenant, and Cloud Account levels.
- Tags created at the Account Master level are shown as suggestions, and users can choose the same tags if they want to apply it across all three levels (Account Master, Tenant, and Cloud Account).
- Tags created at the Tenant level are shown as suggestions, and users can choose the same tags if they want to apply it in Tenant and Cloud Account levels.
- Tags created at the Cloud Account level are shown as suggestions to be added at the Cloud Account level only.
Analytics Report Save Feature
- Users can now save views for Analytics reports.
- A view can be comprised of certain selected filter options along with field parameters. These options are saved as a particular view.
- A view can be set as the default view and can be switched later.
- A saved view can be deleted anytime or can be marked as the default view.
CoreStack Assessments
Notification for Assessments After Scan Completion
- Users can enable notifications for Assessments to send summary emails to configured users or trigger one or more webhook(s)/Teams webhook(s).
- After the scan is completed for an assessment, an email notification about the summary of the assessment can be sent to the assessment owner and other configured users, or trigger one or more webhook(s)/ Teams webhook(s).
- The notification shows the number of best practices per status (open, verified, etc.), categorized by Pillar and Severity.
Workload Filter
- Tag Key and Tag Value options have been added to the Workload filter for filtering resources with specific tag keys and values as part of the Workload create functionality.
Workload Assessment Summary Report
- The Workload Assessment Summary Report is a newly added report that provides a high-level overview and perspective based on the current state of an assessment.
MyPolicy Support for CoreStack Assessments
- MyPolicy now supports the functionality to create custom policies for the CoreStack Assessments bundle.
- Engine types supported are: Azure Policy, AWS Config, AWS Organization Policy, GCP Organization Policy, GCP Policy, Oracle Cloud Guard, and Kubernetes Policy.
- Remediation action can be defined that is triggered to remediate policy violations.
Bugs Fixed
- FinOps - Posture Cost Mismatch for AWS: The cost mismatch issue occurred when an AWS management account marked as a member account was displaying the total cost instead of the management total cost from the account summary. This has been fixed.
- FinOps Assessment Report: A bug that caused the assessment report to show cloud accounts that weren't part of the chosen tenant has been fixed.
- Cost Posture: An issue was fixed with pagination that prevented more than 50 entries from being listed in the Cost Posture section.
- Savings: Addressed policy issues related to GCP BigQuery services.
- Executive Dashboard: To improve user experience, issues related to “Permission Denied” instances have been fixed.
- Terraform Templates: An issue with the Save and commit feature has been resolved.
- Policy: The AWS CoreStack Policy AWS Audit S3 Buckets Not Configured with Secure Data Transport Policy has been corrected to address errors that occurred during its execution.
- CoreStack Assessments: AWS policies no longer fail with a namespace problem.
- Templates: Resolved issues related to the execution of Mistral templates for Azure_Enforce_Tags_Policy and Azure_Enforce_Inherit_Tags_From_ResourceGroup_Policy.
- Recommendations: Corrected the SecOps recommendations under the Recommendation section.
- Threats: Amazon GuardDuty configuration issues for accounts onboarded by inactive users have been resolved.
- Notifications: Issues with email notifications of+ credential expiry have been addressed to help ensure a smoother communication experience.
- Access (User Group): When assigning tenants in user groups, the listing of suspended tenants has been fixed.
- Access (User): Default permissions are now enabled for newly created tenants to ensure a seamless experience.
- Inventory: Resolved an alignment issue in downloaded files to ensure accurate data representation.
External APIs
- To see the external APIs which have been added, modified, and removed in this release, refer to: https://docs.corestack.io/docs/external-apis-42-2306
- To see all the available external APIs, refer to: https://docs.corestack.io/reference/authtoken
Known Issues
The below APIs are not working as expected. We will try to fix it before the next release:
- /cost/posture/{tenant_id}/get_cost_hierarchy
Updated 2 months ago