FinOps

Dashboard Drilldown and Filters

• Added the ability to drill down into multiple data dimensions within Cost dashboard widgets, along with a new filter option for cloud account types (Individual vs. Org), to aid users in analyzing their cost data to find the root causes of any issues or insights,
  • Users can select chart areas in the current Cost dashboard widgets to access a drill down panel and choose which data dimensions to drill down to.
  • Cost dashboard filters now include Account Type as an option that allows users to filter by Account View (individual cloud accounts such as AWS Member, Azure Subscription, etc.) or Organization View (parent cloud accounts such as AWS Management, Azure EA, etc.).
• Added a new Product and Resource Category Trends widget to the Cost dashboard that displays Product Category spend over a time range

AWS and Azure Savings Plan Support

• Integrated Savings Plans for AWS and Azure into our cost management platform to help users manage their cloud costs more effectively and get useful insights from the platform on any recommendations, purchases, and utilization related to savings plans.
  • Added support for AWS savings plan recommendations, purchases, and utilization data.
  • Added support for Azure savings plan recommendations, purchases, and utilization data.
• Introduced a new user guide for setting up Savings Plans for AWS and Azure, including special instructions for enabling Savings Plan settings for Azure accounts, including Azure EA Accounts.

Cost Optimization: Usage Recommendations

• Added comprehensive rightsizing support for OCI VMs and EBS, covering both standard and custom SKUs.
• OCI is now supported for Schedule Recommendations.
• Applied AI/ML models are now being implemented instead of statistical methods to facilitate more precise and actionable rightsizing recommendations for all cloud resources across AWS, Azure, GCP, and OCI, providing a richer experience and more impactful recommendations for users.
  • This feature integrates K-Nearest Neighbors (KNN) and XGBoost-based right-sizing algorithms that analyze historical usage data and predict right-sizing impacts to provide more precise recommendations and ensure optimal resource allocation without compromising service quality
• Introduced a new algorithm for OCI custom SKU rightsizing which deals with custom SKUs in terms of configurable memory and CPU number.
• Enhanced rightsizing recommendations to include ranking based on safety factors (in order of Memory, CPU, and Clock Frequency), followed by cost savings, to aid in decision-making for users.
• Integrated 35 Azure Advisor recommendations and 12 AWS Advisor recommendations.
• Clock frequency, if applicable, is now displayed for cost optimization compute recommendations.

Cost Optimization Dashboard: Potential Savings Improvements

• The Cost Optimization dashboard will now show de-duplicated total potential savings values for resources across all recommendations, including schedule recommendation details.
  1. Potential savings values have been de-duplicated across all recommendation types for a resource, to more accurately convey savings calculations.
  2. Now only the highest potential savings amount from all applicable recommendations for a resource will be considered.
  3. Enabled support for Schedule Recommendation savings in the Cost Optimization dashboard so users can understand the potential savings impacts across all optimize usage recommendation types.

Audit Log

• The Audit Log feature has been enhanced to include FinOps action by providing a comprehensive record of all write operations performed within the system, ensuring transparency and accountability.
  • Audit logs have been added for all relevant operations, including Approve and Reject recommendations.

SecOps

Compliance Standards

• New CIS standards introduced:
  • CIS Azure 2.1
  • CIS AWS 3.0
  • CIS GCP 3.0
• PCI DSS upgraded with 4.0
• Compliance Standard Logo column has been added on the Compliance Posture page.
• Security Dashboard now supports OCI threats and vulnerabilities.

Upcoming Changes

The following Compliance standards will be de-commissioned in upcoming release – 2404:

• CIS AWS 1.3
• CIS AWS 1.4
• CIS Azure
• CIS Azure 1.3
• CIS Azure 1.5
• CIS Azure 1.5 - CS
• PCI DSS 3.2

Assessments

Assessment Reports

• Assessment reports are now available in a new reporting framework under Assessments > Reports.
• Three reports are now available, namely:
  • Workload Assessment Detailed Report
  • Workload Assessment Summary Report
  • Workload Assessment Issue Report
• Each of these reports provide flexibility for users by allowing them to:
  • Generate reports based on the applicable filters selected (mandatory and optional).
  • Preview reports.
  • Download reports in PDF format.

Assessment UI

• Added the ability to re-scan at the pillar level.
• Assessment policy violations popup has received the following enhancements:
  • Ability to filter by pillar.
  • Ability to download the results (both summary and detailed as a .csv file).
  • Display of resource count against each violated policy.
  • Ability to search by policy against each cloud account.

Assessment Framework

• Azure Framework updated with Nov 2023 changes.
• Well Architected Framework for OCI introduced.
• Well Architected Framework for Azure Open AI introduced.

Upcoming Changes

• AWS Well-Architected Framework, April 2023 will be de-commissioned.
• AWS Well-Architected Framework, October 2023 will be de-commissioned and replaced with AWS Well-Architected Framework, Jun 2024.

Policies

General Policy Updates

• Remediation actions have been added for 23 policies.
• In the Remediation tab when creating a new custom policy, users can now click a plus symbol to expand an action and view more details about it.

FinOps Policy Updates

• Display names have been standardized for Cost policies.
• 34 Cost policies have had their description revised.
• Thresholds can now be configured for idle policies, which allows partners to offer recommendations to their users based on their individual requirements.
• Improvements made to Cost policy content and email template content to enhance accuracy and clarity.

SecOps Policy Updates

• The following new Policies have been added:
  • 49 new OCI security policies of type CoreStack policy.
  • 2 new AWS security policies of type CoreStack policy related to expiry date check.
  • 6 new Azure policies related to Open AI Services.
  • 10 new expiry policies.
• 114 display names have been standardized for encryption policies.

Platform

GCP Organization Account Onboarding

• Administrator users can now onboard a GCP Organization Account, including any associated Billing Accounts, Folder hierarchies, and Linked Projects, all in a single step from within the platform, enabling users to onboard all their Linked Projects simultaneously and govern all the resources within their Organization Account.
  • Note: Users must grant all necessary permissions in their GCP cloud environment before onboarding.
• Onboarding with product selection during the organization account setup will inherit all product configurations for the associated projects, excluding cost details. The cost information will only be fetched when the corresponding billing account is onboarded by the user.
• Once the cost processing is completed for the linked billing account, it will automatically map the cost details to the related projects.
  • This process sets up and configures a GCP organization account to centrally manage resources and permissions, and automatically onboards all linked projects and folder hierarchies within the organization.
• For the service account that is used to onboard the GCP organization account in the platform, the permission "Folder viewer" is required. Without this permission, GCP organization accounts will not be onboarded.

Multi-SSO Support at Master Account Level

• Enhanced multi-SSO support at the account master level with OKTA, Azure AD, ADFS, and CoreStack, equipped with an auto sign-up feature.
  • This enables users to seamlessly access their respective single or multi-tenant environments as consumers, streamlining the login process and fortifying security through centralized authentication.

Help Section White-Labeling

• Users now have the option to customize the Help links in the platform navigation sidebar to more closely align with the branding and design needs of their company, which can help provide a more consistent and familiar experience for their users as well as reinforce brand identity.
  • Customization can be enabled/disabled in the Account Management page in Settings.

ServiceNow Enhancement - Tenant Field Mapping

• This enhancement enables users to map any field in ServiceNow with a tenant in the platform to ensure that incident creation is not missing any details.

Service Integrations

Please refer to the link below to view a full list of services that have been included in our inventory as part of this release:

• List of Service Integrations (v4.4 - 2402)

Tagging Governance

• The Tagging Governance feature is now available in SecOps and Assessments products.
• Tagging support is now available for the following AWS resources:
  • AWS_XRay Component - Groups Resources
  • AWS_Xray Component - Sampling_Rules Resources
  • AWS_XRay Component Component - ManagedInstancelnventory Resources
  • DMS Component - ReplicationSubnetGroups Resources
  • IAM Component Resources

Azure EA - Cost Usage API Deprecation

• Azure API key-based onboarding is decommissioned

Account Governance Preferred Policy Engine Selection

• Users will now be able to select multiple preferred policy engines and choose a priority for each of them.
  • When Compliance or Assessments are executed, policies belonging to engine type of higher priority will be executed first followed by policies for the other engine type. While executing the lower order priority, if the corresponding equivalent policies have already been executed, they are excluded.

Reports

Updates to Daily and Monthly Cost Reports *

*Excluding Azure EA and CSP

Account Master Hierarchy

• A new filter for Account Master has been added to Daily and Monthly cost reports that can be used to generate detailed daily and monthly cost reports in AWS/Azure/GCP/OCI aligned with users’ account master hierarchy. This offers clear visibility into spending patterns and aids in accurate budgeting and cost management across account masters and tenants.
  • Additional filter options can be applied after users select an option from the Account Master filter

Line Item Dimension

• A new filter for Line Item has been added to Monthly cost reports in AWS/Azure/GCP/OCI that can be used to filter your view between different line items in your cost data (e.g. Usage).

Variance Widget

• A cost variance widget has been added to Monthly cost reports in AWS/Azure/GCP/OCI across all filter dimensions that provides a chart displaying the variance levels in cost values on a daily or monthly basic over a set time frame.

Resource Name View Under Resource Category Filter

• A new view for Resource Name has been added as part of the Resource Category filter to Monthly cost reports in AWS/Azure/GCP/OCI that allows users to view Resource Names available under certain Resource Categories based on the filter options selected.

Azure Patch Report

• Azure Patch Report has been converted to a printable report. It now includes new filters including tag filters.
• Added scheduling capabilities and advanced filtering options.

Automation Job Summary

• Multiple additions have been made to this report to provide deeper insights into automation jobs and help to improve understanding through visual data representation:
  • Added additional columns in the report to view template job details, run time, and status.
  • The report now includes a graph with barcodes to show the top 10 template names for each month.
  • Added a new chart that showcase the success versus failure rates of the templates.

Multi-Cloud Activity Report - Support for OCI

• Multi-Cloud Activity Report now supports OCI, providing a more unified view of multi-cloud activities and enhanced data visibility across the platform.

OCI Threat Report

• Added a new OCI Threat Report for showing data around tracked security threats in OCI cloud accounts.

OCI Vulnerability Report

• Added a new OCI Vulnerability Report for showing data around detected security vulnerabilities in OCI cloud accounts.

GCP Cost Monthly Report

• Users can now view credit type in the GCP Cost Monthly report, aiding users in getting visibility for compute discounts, refunds, committed usage discounts, partner credits, etc.
  • This is also available in the GCP Consolidated Charges Report.

Azure Consolidated Charges Report

• Enabled the multi select option for cloud accounts, bringing parity with the AWS report and aiding users in getting better visibility of effective cost for onboarded and non-onboarded Azure cloud accounts.

Multi Cloud Cost by Tags Report

• As part of the parity initiative, the Multi Cloud Cost by Tags report now includes OCI services, which helps users in getting visibility of cost by tag for OCI resources.

Multi Cloud Weekly Cost Comparison Report

• Added this report on weekly billing costs for selected accounts that includes details sorted by tag keys, tag values, associated costs, resource groups, and resource IDs or names – providing a more unified view and better data visibility across multi-clouds.

Consolidated Charges Reports

• A Currency field has been added for all the consolidated charges reports (Azure/AWS/GCP/OCI) that will allow users to select from the multi-currency options.

Multi-Tenant Azure Consolidated Charges with Markup / Discount Report

• A new cost report called Multi-Tenant Azure Consolidated Charges with Markup / Discount Report has been included in the platform that provides markup and discount details for Azure multi-tenant activities.

All Resource Inventory Details Report

• The All Resource Inventory Details Report now supports the OCI cloud provider.

Bugs Fixed

• Azure App Service plan config policies fixed.
• Integration issues with AWS Security Hub fixed.
• Execution of Custom Compliance standard with Account scope is resolved.
• The Select All option has been added for Alert Configuration for AWS and Azure. This allows users to select all the resource groups at a time and add the action groups in a single step.
• Fixed an issue in Resource Inventory where after performing discovery on a resource, the metric utilization value shown in the UI was different from the metric value stored in the database.

External APIs

• To see the external APIs which have been added, modified, and removed in this release, refer to: https://docs.corestack.io/docs/external-apis-44-2402
• To see all the available external APIs, refer to: https://docs.corestack.io/reference/authtoken