Activities Page Redesign
The Incidents > Activities page provides details on the threat activity within your organization. It can be used to monitor the activity of how users within your organization use cloud services and detect risk trends for the entire organization over time. The Activities page has been redesigned to be more consistent with other MVISION Cloud pages and provide better usability with filters, Omnibar search, Saved Views, and other features. For details, see About Activities.
Configuration Audit Notifications Based on Incident Severity
When you create your service instance, you can configure notifications to be sent based on different Configuration Audit incident severities as per your organization's requirements. This allows you to avoid being inundated with minor severity incidents alerts. For details, see Enable Configuration Audit Notifications.
Essential and Advanced Policy Templates for Container Security
When you go to the Policy > Policy Templates page you can select Recommendation/Benchmark filters for Container Security - Essential and Container Security - Advanced policy templates. The Container Security - Essential are 18 policy templates with the minimum requirements for container security resource discovery and On-Demand Scans. For details, see Policy Templates for Container Security.
In VPC Scans now Support GCP
In VPC Scans now support Google Cloud Platform (GCP). For details, see Create an In VPC Scan.
File Integrity Monitoring now Supports AKS
File Integrity Monitoring now supports Azure Kubernetes Service (AKS). For details, see About File Integrity Monitoring.
Vulnerability Scans now Support AKS
Vulnerability Scans now support Azure Kubernetes Service (AKS) main and secondary nodes for vulnerabilities when you select VM instances. For details, see About Vulnerability Scans.
Vulnerability Policy Wizard Updates
The Vulnerability Policy Wizard has been updated to change the "IS" operator to "IS ONE OF" to allow for more detailed CVE searches. It also saves a step by automatically generating an incident for every event found. For details, see Create a Vulnerability Policy.
Incident Severity Levels Made Consistent for MVISION Cloud and McAfee Enterprise ePO
Incident severity levels have been made consistent between products for MVISION Cloud and McAfee Enterprise ePO. Incident severity levels in MVISION Cloud and in generated reports (PDF) are changed to:
- High > Critical
- Medium > Major
- Low > Minor
- N/A > Info
- N/A > Warning
When you export the incident to CSV or a SIEM integration, the number corresponds to the new severity level as follows:
- 2 > Critical
- 1 > Major
- 0 > Minor
- 4 > Warning
- 3 > Info
New Audit Log Event Types
The new Audit Log Event Types introduced are API Access, AWS Account Authentication, Config Audit AWS Accounts Modified. These new Audit Log Event Types identify the activities when the accounts are added or deleted using MVISION Cloud API. For details, see Audit Log Events.
IaaS Resources Bulk API
This is a new API that returns details for multiple resources in a single call. The number of resources returned in an API call is configurable. For details, see IaaS Resources API.
Policy Incidents Page Download CSV Feature Deprecated
The Download CSV feature on the Policy Incidents page has been deprecated as of MVISION Cloud 5.4.1. You can still download a CSV file from the Policy Incidents Summary.