Guides

Release Notes 4.4 (2403)

December 2024

Suggest Edits

FinOps

FinOps Idle Policy Configuration Management Updates

  • As part of the new feature in this release that allows users to configure parameter values for policies, there are certain updates that apply specifically to FinOps areas of the platform. Please refer to the Policies section below for more details about this new feature.
    • User-defined parameters for Idle policies along with their thresholds are now visible on the Optimize Usage > Recommendation Details page under the Recommendation Definition tab (Cost > Optimize Usage > Manage Idle Recommendations > Select a cloud account > View Details) for user-configured policies, if there is a recommendation available for it. If no recommendation is available, parameters and thresholds won’t be visible.
    • User-defined Idle Policy parameters will now be included in Optimize Usage and FinOps Governance reports.

GenAI Service Category Mapping for AWS Product Family

  • GenAI-based service category mapping for Product family in AWS which fixes uncategorized items. This will be reflected in Cost Dashboard widgets.

SecOps

Compliance Standards

  • CIS OCI 2.0 standard introduced in this release.

Compliance Posture – Resource Compliant Score

  • Addition of resource compliant score (% Resources Compliant) in Compliance assessment details. This is available at the Compliance Control Family/Category and overall compliance level as well.

Compliance Standards – Policy Parameter configuration

  • As part of the new feature in this release that allows users to configure parameter values for policies, there are certain updates that apply specifically to SecOps areas of the platform. Please refer to the Policies section below for more details about this new feature.
    • Removed the “Configure Policy” popup which allows configuration of policy parameters for individual controls within a compliance standard.

Assessments

AWS Sync

  • The current sync status for Workloads is now displayed in the Assessment Details page for AWS workload assessments.
  • The sync status for individual Best Practices is now displayed in the Continue Assessment page for each Best Practice listed there. A consolidated sync status is also present at the overall assessment level.

Assessment Framework – Policy Parameter Configuration

  • As part of the new feature in this release that allows users to configure parameter values for policies, there are certain updates that apply specifically to Assessments areas of the platform. Please refer to the Policies section below for more details about this new feature.
    • Removed the parameter configuration section in the View Policy pop-up content for Best Practices listed in the Assessments > Frameworks page.

Assessment Report Enhancements

  • Added the ability to create Schedules with applicable filters and email notifications. Users can also View/Edit all scheduled reports in the Schedules tab of the Assessments > Reports page.
  • Added the ability to save report filters as Views, which allow users to load their reports with preset filters enabled, avoiding the need to apply filters every time.
  • In the Workload Assessment Detailed report, under the Workload Assessment Summary by Best Practices section, for every Best Practice, the last 3 comments are displayed (if present).

Policies

Policy Configuration Management

  • Users now have the ability to configure values for Policy parameters where applicable, across all products (FinOps, SecOps, CloudOps, etc.). This is available in the Policies page (Governance > Guardrails > Policies), by selecting the gear icon next to a policy. Users can select Add New to create a new policy parameter configuration, or edit/delete existing ones.
  • Parameter configuration can be done at the tenant level or for a set of cloud accounts.
  • During policy execution, the order of priority for picking the parameter values is as follows:
    • Select a cloud account specific parameter configuration.
    • If the above option is not present, select a tenant specific parameter configuration.
    • If the above option is not present, select the default value.
  • Users can also now use new filter options available in the Policies page to view policies with configurable parameters (“Parameterised”), and policies with user configurations already applied (“Configured”).

Note: When viewing policies, users will only be able to see and configure policies at the tenant and/or cloud account level based on their assigned platform role settings.

New Policies

The following new polices have been added in this release.

  • 6 OCI Cost Policies:
    • OCI Block Volume backups Aged
    • OCI Load balancer Orphaned
    • OCI Block volumes Performance unit recommend
    • OCI Block volumes storage Idle
    • OCI MYSQL DB System Idle
    • OCI Load balancer Idle
  • 5 AWS Cost Policies:
    • AWS_Appstream_Fleet_Idle
    • AWS_Appstream_Fleet_Orphaned
    • AWS_Appstream_Single_Session_Alwayson_Fleet_To_Ondemand_Recommend
    • AWS_Appstream_Multi_Session_Alwayson_Fleet_To_Ondemand_Recommend
    • AWS_Appstream_AlwaysOn_Fleet_Min_Size_Recommend
  • 14 OCI Security Policies:
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_DNS_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_FTPS_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_FTP_Acces
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_HTTPS_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_HTTP_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_MSQL_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_MongoDB_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_MySQL_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_NetBIOS_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_Oracle_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_PostgreSQL_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_RPC_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_SMTP_Access
    • OCI_Audit_Network_Security_Group_Has_No_Unrestricted_Telnet_Access

    Additional items

    • A additional 22 cost policies have been mapped with remediation templates:
      • AWS_Fsx_Filesystem_Idle
      • AWS_DMS_Replication_Ins###tances_Orphaned
      • AWS_VPC_TRANSIT_GATEWAYS_IDLE
      • GCP_VM_Instance_Stopped_Recommend
      • Azure_Kubernetes_Service_Cluster_Orphaned
      • AZURE_KUBERNETES_SERVICE_CLUSTER_IDLE
      • AWS_REDSHIFT_MANUAL_SNAPSHOT_ORPHANED
      • AWS_VPC_NAT_GATEWAYS_IDLE
      • AZURE_SQL_MANAGED_INSTANCE_IDLE
      • AWS_EC2_INSTANCE_AGED_STOP_STATE_RECOMMEND
      • AWS_REDSHIFT_MANUAL_SNAPSHOT_AGED
      • AZURE_APP_SERVICE_PLAN_IDLE
      • AWS_EFS_IDLE
      • Azure_Virtual_Machine_Aged_Stop_State_Recommend
      • AWS_RDS_INSTANCE_ORPHANED
      • AWS_VPC_TRANSIT_GATEWAYS_ORPHANED
      • Aws_Fsx_Filesystem_Backups_Aged
      • AZURE_MARIADB_DATABASE_SERVERS_IDLE
      • AWS_VPC_MIRROR_SESSIONS_SOURCE_NIC_ORPHANED
      • AWS_EFS_Orphaned
      • GCP_Buckets_Orphaned
      • GCP_Disks_Idle

Platform

Support for Azure Government Cloud Account Onboarding

  • Customers can now onboard their Azure Government Subscriptions into the platform, enabling Read-Only access across FinOps, SecOps, and CloudOps products. This enhancement allows users to optimize costs, strengthen security, and maintain operational efficiency within their Azure Government cloud environments.

Support for AWS GovCloud Account Onboarding

  • Customers can now onboard their AWS GovCloud member accounts into the platform, enabling Read-Only access in SecOps and CloudOps products. This enhancement helps users bolster security and maintain operational efficiency within their AWS GovCloud environments.

📘

Note:

AWS GovCloud is only supported for AWS individual member accounts onboarded using the Access Key/Secret Key method.

Custom Role Selection in User Group Creation/Modification

  • The Role(s) selection drop-down in the user group creation and modification process now includes custom roles alongside system default roles, providing greater flexibility for users to assign custom roles to user groups.

📘

Note:

Custom roles are tenant specific. A custom role created within a tenant is available only in that tenant and applies to a user only when they are active within that tenant.

User-Assigned Managed Identity (UAMI)-Based Access (Azure)

  • With UAMI-based access, managed identities now have access exclusively to customer-managed resources that are specifically assigned, enabling customers to enforce more granular access control for Azure cloud accounts. This option is ideal for customers who require restricted access and prefer not to grant Contributor-level access to their cloud accounts.
    • Users must create a VM as part of this feature: Minimum supported VM size is "B2".

Tag Governance – Workload View

  • The Tag Governance page (Resources > Tag Governance) now supports a Workload View option among the available views, in order to provide better tag governance visibility by showing tag coverage across certain Workloads created in the platform.
  • Users now have the flexibility to create Workloads, a group of resources that spans different cloud accounts, and when a workload is created the tag posture will be generated for it as well. New workloads can be created on the Workloads page (Resources > Workloads).
    • The tag baselines of active cloud accounts are now considered for tag postures for workloads as well.
    • All available workloads that can have tag postures generated for them will appear in the workload posture view on the Workloads page (Resources > Workloads).

Tag Governance – Resource tables

  • Resource Coverage, Missing Tag Keys, and Invalid Tag Values in Resource view tables now show dynamic values based on filters applied.
  • Resource table for Azure now supports “Resource Group” filter.

Using AI to resolve AWS Product Categories in Executive Dashboards

  • Starting in this release (2403), the platform will use GenAI to categorize the AWS billing product family into meaningful Product Categories while displaying these details in Executive Dashboards (e.g. Cost Dashboard).

Service Integrations Updates

  • The following service integrations have been added as of this release (2403):
Cloud ProviderResource
OCICompute - Images
OCIIdentity - Roles
OCIIdentity - Dynamic Groups
AzureAzure Database for MySQL Servers
AzureAzure Functions
AzureAzure Databricks

Azure Update Manager Integration

  • Added integration for Azure Update Manger in this release. This integration helps customers maintain full visibility of their patch status without disruption, even as Azure phases out legacy agents (e.g. Log Analytics Agent).

Reports

New Reports:

The following reports have been added to the platform in this release.

GCP Cost Daily Report

  • The GCP Cost Daily Report has been added to help address the need to have a billing account view for GCP costs. This reports allows users to drill down all respective cost dimensions with regard to a billing account view.

Report Enhancements:

The following reports enhancements have been applied in this release.

Cost Recommendations Report Update - OCI Support and New Filters

  • Support for OCI has been added for this report -- previously it only supported AWS, Azure, and GCP cloud accounts.
  • New filters added to this report for Tag Key and Tag Value -- applicable for all cloud providers.

Monthly Cost Report Update - Charge Type Dimension

  • Support for the Charge Type dimension has been added for the following reports:
    • AWS Cost Monthly (Variance widget also added)
    • Azure Cost Monthly
    • GCP Cost Monthly
    • OCI Cost Monthly

Assessment Report Updates – Schedule and Save View

  • Added the ability to Schedule specific Assessment reports based on applicable filters, as well as view/edit all scheduled reports in the _Schedules _section.
  • Added the ability to save Assessment report filters as Views, which enables users to load reports with default filters pre-selected, avoiding the need to apply the same filters every time.

Assessments Detailed Report – Addition of Comments

  • Updated the Assessments Detailed Report to include a section displaying the 3 most recent comments from an assessment.

General Reports Update – Account Master Filter Option

  • To help make it easier to filter/view report details for user admins who have access to multiple Account Masters in the platform, an Account Master filter option has been added for the following reports:
    • AWS Cost Daily
    • GCP Cost Daily
    • OCI Cost Daily
    • AWS Cost Monthly

📘

Note:

Only the root account will be able to see all Account Masters in the filter options, but for delegated accounts all options may not be shown.

All Resource Inventory Report Update – OCI Compartment Name

  • Added support for OCI Compartment Name, both as a filter option and as a column title in the report table view, in the All Resource Inventory Report. Previously, this specific field was not made available in the report.

All Resource Inventory Details Report Update – OCI Defined Tags

  • Added support for OCI Defined Tags in the All Resource Inventory Details Report in the report table view under the _Tags _column. Previously, only OCI Freeform Tags were displayed here – now it should display both tag types.
    • Defined Tag keys can also now be selected in the Tag Key filter.

External APIs

Updated about 1 month ago