The Amazon Web Services Dashboard provides a summary of the AWS data you care about at a glance using cards, which are based on Saved Views. To access the Amazon Web Services, go to Dashboards > Amazon Web Services. For details, see About the AWS Dashboard.
Dashboard Card Options
The Storage Card type has been added for use with AWS, and the Add New Card user interface has been updated. For details, see Add a New Card.
DLP Support for Google Team Drives
Skyhigh CASB now allows you to extend DLP control to content shared or uploaded in Google Team Drives. Google Drive DLP policies are automatically expanded to include Google Team Drives, including content-aware policies. As content is shared or uploaded by internal team members, Skyhigh CASB scans the files and compares them to DLP policies.
Administrators and User Managers can create IP Whitelists, which allow access to Skyhigh CASB from a defined list of IP addresses only. This feature supports SAML and non-SAML workflows. For details, see Create an IP Whitelist.
On the Incidents > Policy Incidents page, you can now select the checkbox(es) for incidents you want to delete. Then click Delete in the confirmation dialog. This action cannot be undone. Large requests may take a few moments to process. For details, see Policy Incidents Page.
Policy Incidents Summary Updated User Interface
The user interface for the Policy Incidents Summary page has been updated and improved. For details, see Policy Incidents Summary.
New Policy Templates for AWS
Following is a list of the new policy templates for AWS provided in Skyhigh CASB 4.0 release:
- Untagged Resources
- AWS Config is not enabled
- AWS DNS service must not be used
- Nearing regional limit for elastic IP addresses
- AWS CloudFront CDN not in use
- Insecure Ciphers in CloudFront distribution
- EBS volume does not have recent snapshot
- EBS volumes detected and unattached
- EC2 instance IAM role not enabled
- Single IAM administrator detected
- Custom IAM policy grants too many privileges
- Default access keys in use
- IAM support role check
- RDS event subscription not enabled
- S3 object versioning enabled
- SNS cross account access
- VPC Private Gateway IPSec Limit
- NAT gateway not used
For descriptions of these new policy templates, see the Policy Templates for AWS page.
Updated Audit Log
The Audit Log, located at Settings > Audit Log, provides a list of all events performed by registered application users. It has been updated to allow you to drill down and perform detailed Audit Log analysis using extensive filter and search tools. Then export your findings to a CSV file for accurate reporting. For more information, see About the Audit Log.