5.3.1 Release Notes (March 2021)
Application Control Policies
Using Application Control policies, an SOC admin or an IT admin can create policies to control the use of specific applications on their end users' machines, or endpoints. Using Observe or Enforce mode, you can select the applications to allow and deny users from executing on their machines. Application Control activities are displayed on the Activity Monitoring page. For details, see About Application Control.
Applications for Resources
An application is a logical grouping of Resources that you create based on certain criteria, such as the service, account, or tags assigned to resources. Grouping your Resources in an Application allows you to view open incidents by risk score, so you can prioritize critical issues for analysis and remediation, instead of chasing issues against the entire infrastructure. For details, see About Applications.
Resource Risk
On the Resources page, the Risk column and details modal provides the Resource's risk score and allows you to investigate resources based on your priorities. Click the Risk score (Low: 1-3, Medium: 4-6, High: 7-9) to See Risk Details in the Cloud Card. Filter the table by Risk Type for Low, Medium, and High risk resources. For details, see About Resources.
Vulnerabilities
Vulnerability Assessment for Docker and Kubernetes
When you configure your Vulnerability Scan, you will select if you want to scan Container Images or VM instances. Vulnerability scans now support Docker and Kubernetes. For details, see About Vulnerability Scans.
Vulnerability Policy Management
Use Vulnerability Policies to create Vulnerability Scans to scan your Container Images and VMs. To manage your Vulnerability Policies, go to Policy > Vulnerabilities. For details see, Vulnerability Policy Page.
Vulnerability Cloud Cards for Container Images and VMs
Vulnerability Cloud Cards now provide details for container images and VMs. Click the container image link to see more details in the Cloud Card. Click the VM link to see more details on the Resources page. For details, see Vulnerability Incidents.
CWPP Workload Hardening
As part of Cloud Workload Protection Platform (CWPP), MVISION Cloud helps IT and SOC administrators to periodically assess hardening benchmarks for cloud workloads, so that they continue to meet all compliance requirements. Workload hardening involves making changes to secure the system, such as keeping installed software up-to-date, securing the file system, remediating network misconfigurations, and more. For details, see About Workload Hardening.
Cloud Security Advisor - New Metrics
When MVISION Cloud adds metrics to the Cloud Security Advisor Checklist, they display the label New. MVISION Cloud gives you 90 days to act on the suggestions for the new metric before it is added to your score. For details, see Cloud Security Advisor Checklist.
IP Allow Lists now Support CIDR Formatting
Administrators and User Managers can create IP Allow Lists, which allow access to MVISION Cloud from a defined list of IP addresses only. IP Allow Lists now support CIDR formatting. For details, see Create an IP Allow List.
Download Anomaly Activities
The Anomaly Cloud Card allows you to download the activities associated with Anomalies in the CSV file. For details, see Anomaly Cloud Card.
Revoke Collaboration for External Users in Office 365 Groups
MVISION Cloud supports the bulk remediation for Office 365 groups such as OneDrive and SharePoint. Now, these Office 365 groups can revoke collaboration for external users. For details, see Revoke Collaboration for External Users.
Salesforce Spring 2021 Support
MVISION Cloud v5.3.1 will support Salesforce Spring 2021. For details on the latest or previous release versions of supported CSPs, see Supported Versions of Structured Apps.
Reverse Proxy Certificate Expiration Notification
If the reverse proxy certificate of your cloud service instance is expired or about to expire, then MVISION Cloud sends email notifications to the tenant administrator and MVISION Cloud Support. The email notifications alert you to renew the proxy certificate. For details, see Reverse Proxy Certificate Expiration Notification.
Executive Summary Risk Dashboard and Role Deprecated
The Executive Summary Risk Dashboard has been deprecated. It is superseded by the Cloud Security Advisor for all metrics around MVISION Cloud features and risk calculations for your deployment. For details, see About Cloud Security Advisor.
The Executive Summary RBAC role is also deprecated. Instead, make an Executive user Read Only.
For information on updated RBAC roles, see About User Roles and Access Levels.
Policy Templates Page Last Updated Date Column
On the Policy Templates page, the Last Updated Date column displays the date that the Policy Template was last updated. Sort the column in descending order to find newly added Policy Templates. For details see Policy Templates Page.
Clone a User
On the User Management page, when you create a new user, you can start with an existing user account and clone it. This creates a new account with exactly the same settings. For details, see Clone a User.
MITRE Dashboard Supports New Incident Types
The MITRE Dashboard now supports the new incident types such as File Integrity Incident, Image Hardening, Malware Policy Violation, and Shadow/Web DLP. The Incident Types are mapped with the techniques and tactics in the MITRE Dashboard. For details, see About the MITRE Dashboard.
Office 365 Non-Admin API Access
You can integrate Office 365 API with MVISION Cloud using the Non- Administrator role. For details, see Office 365 API Integration Prerequisites.
User Management APIs
MVISION Cloud Security Administrators manage users with APIs. The User Management APIs give you the ability to perform a wide range of actions to manage users. For details, see User Management APIs.
Encryption as a Service (EaaS) Certificate Configuration
MVISION Cloud provides Encryption as a Service (EaaS) Certificates to encrypt the data for the cloud services. For details, see Configure Encryption as a Service (EaaS) Certificate.