Release 3.8

This release includes new features, enhancements and fixes as part of 3.8.

FinOps

FinOps Bundle

  • Added FinOps Maturity Assessment Report for different levels & personas to optimize usage, rate & effectively govern the cloud accounts.

  • Added functionality to keep track of sub features to update the master data.

Cost Posture and Visibility

  • Enhanced Cost Postures dashboard for reporting.

GCP Parent Billing Account

  • Added tenant option under Organization.
  • Select the organization > Action > Create tenant > Pop up > Display ref. information > user can add name.
  • Tenant name introduced next to Organization Name column.
  • When tenants are not created "-" (hyphen) is shown in the tenant column.
  • Added new column Billing sub-account(s) and a link to view account details.
  • Added Column preference to show/hide the organization name if required.
  • Updated functionality to capture reseller margin changes.

Cost Optimization

  • Added cost saving recommendations.
    -- OCI_Downsize_Underutilized_ADW_And_ATP_Databases
    -- OCI_Delete_Unattached_Boot_Volumes
    -- OCI_Enable_Monitoring_On_Compute_Instances
    -- OCI_Enable_Object_Lifecycle_Management

  • Added performance recommendations.
    -- OCI_Improve_Fault_Tolerance
    -- OCI_Enable_Performance_Auto-Tuning_For_Block_Volumes
    -- OCI_Enable_Performance_Auto-Tuning_For_Boot_Volumes
    -- OCI_Rightsize_Compute_Instances
    -- OCI_Rightsize_Load_Balancers

SecOps​​​​​​​​​​​​​​

  • Added policy for governing Network Architecture of an Account. The configuration will validate whether the network architecture in the cloud has been applied properly based on the rules provided to us.

CloudOps​​​​​​​

  • Added multi factor authentication (MFA) for all account levels.

  • Added Serverless Applications Lens for the AWS Well-Architected Framework.

  • Added Resource Tag Management for all the Azure supported resources.

  • Added GCP premium policies into CoreStack policies.

  • Enhanced Azure Log Analytics to create and manage KQL queries from Azure without switching between workspaces.

  • In Resource > Inventory > Cloud Services > select Azure. In Category, select Network. The network security group resources will appear. Click View under Rules to view or download resource-specific rules. The rules shows inbound and outbound communication information.

  • Added Secure Score for custom APIs. The score gives you a rating of the security of your APIs, as well as their stability over time.

  • For OCI cloud accounts, under Resource > Inventory > Cloud Accounts > Actions, you can create Tag Rules.

  • For OCI cloud accounts, added Inventory Management Actions.
    -- START
    -- STOP
    -- RESET
    -- DELETE
    -- SOFTSTOP
    -- SOFTRESET

  • Added set OCI budgets and receive alerts.

  • In Azure Resource Posture, you can select the View (Eye icon) option in the grid against a specific Cloud Account or Tenant. A drill down graph shows the break-up of the resource counts by:
    -- Resource Category
    -- Application
    -- Resource Type
    -- Resource Group (For Azure & GCP)
    -- Region (For AWS)
    -- Cloud Account (For Tenant Level view)

  • For CoreStack Well Architected,
    -- Added pop up notifications when critical actions are triggered.
    -- Added email notifications when assessment is submitted/ approved.

  • Added Azure Cosmos DB policies.
    -- AZURE_COSMOS_CASSANDRA_KEYSPACE_IDLE
    -- AZURE_COSMOS_CASSANDRA_KEYSPACE_ORPHANED
    -- AZURE_COSMOS_CASSANDRA_KEYSPACE_TABLE_IDLE
    -- AZURE_COSMOS_GREMLIN_GRAPH_IDLE
    -- AZURE_COSMOS_GREMLIN_DATABASES_IDLE
    -- AZURE_COSMOS_GREMLIN_DATABASES_ORPHANED
    -- AZURE_COSMOS_MONGODB_COLLECTION_IDLE
    -- AZURE_COSMOS_MONGO_DATABASES_IDLE
    -- AZURE_COSMOS_MONGO_DATABASES_ORPHANED
    -- AZURE_COSMOS_SQL_CONTAINERS_IDLE
    -- AZURE_COSMOS_SQL_DATABASES_IDLE
    -- AZURE_COSMOS_SQL_DATABASES_ORPHANED
    -- AZURE_COSMOS_TABLE_DATABASES_IDLE

  • Added App Service Plan policies.
    -- AZURE_APP_SERVICE_PLAN_IDLE
    -- AZURE_APP_SERVICE_PLAN_PREMIUMV2_TO_STANDARD_RECOMMEND
    -- AZURE_APP_SERVICE_PLAN_STANDARD_TO_BASIC_RECOMMEND

  • Added Cost Policies for AWS Lambda.
    -- AWS_LAMBDA_EXECUTION_COUNT_RECOMMEND

  • Added EBS policies.
    -- AWS_EBS_PROVISIONED_IOPS_io2_SSD_RECOMMEND
    -- AWS_EBS_COLD_sc1_HDD_RECOMMEND
    -- AWS_EBS_GENERAL_PURPOSE_IOPS_gp2_SSD_RECOMMEND
    -- AWS_EBS_MAGNETIC_HDD_RECOMMEND
    -- AWS_EBS_THROUGHPUT_OPTIMIZED_st1_HDD_RECOMMEND

  • Added TAGs policies.
    -- AWS_COST_OF_RESOURCES_WITHOUT_TAGS_DETAILED
    -- AWS_COST_OF_RESOURCES_WITHOUT_TAGS_SUMMARY
    -- AWS_RESOURCES_WITHOUT_TAGS_DETAILED
    -- AWS_RESOURCES_WITHOUT_TAGS_SUMMARY
    -- AWS_TAG_LEVEL_BUDGET

  • Added OCI policies.
    -- OCI_ACTUAL_AMOUNT_EXCEEDS_BUDGET_AMOUNT
    -- OCI_BLOCK_STORAGE_VOLUMES_ORPHANED
    -- OCI_COMPUTE_INSTANCE_IDLE
    -- OCI_FORCASTED_AMOUNT_EXCEEDS_BUDGET_AMOUNT
    -- OCI_NETWORKING_RESERVED_PUBLICS_IPs_ORPHANED

  • Added Redshift policies.
    -- AWS_REDSHIFT_CLUSTER_ENHANCED_VPC_ROUTING_CONFIG
    -- AWS_REDSHIFT_CLUSTER_IDLE
    -- AWS_REDSHIFT_CLUSTER_USAGE_LIMIT_CONCURRENCY_SCALING_CONFIG
    -- AWS_REDSHIFT_CLUSTER_USAGE_LIMIT_CROSS_REGION_DATA_SHARING_CONFIG
    -- AWS_REDSHIFT_CLUSTER_USAGE_LIMIT_SPECTRUM_CONFIG
    -- AWS_REDSHIFT_MANUAL_SNAPSHOT_AGED
    -- AWS_REDSHIFT_MANUAL_SNAPSHOT_ORPHANED

Global Tenant

  • For Account Admin and Tenant Admin, added the global Tenant view to retain a selected Tenant to show across the different modules/sections/pages of the product.
    -- In Governance > Account Governance, the Global Tenant is available across all pages.  
    -- In Operations > Posture, the Global Tenant is available across all pages.  
    -- In Security > Posture, the Global Tenant is available across all pages.  
    -- In Cost > Posture, the Global Tenant is available across all pages.  
    -- In Access > Posture, the Global Tenant is available across all pages.  
    -- In Access > Posture > Cloud Provider > Access Violation Summary > Cloud Account > Visibility, the Global Tenant is available across all pages.  
    -- In Resource > Posture, the Global Tenant is available across all pages.  
    -- In Resource > Posture > Account > Cloud Account > Visibility, the Global Tenant is available across all pages.  
    -- In Resource > Posture > Tenant > Tenant name > Visibility, the Global Tenant is available across all pages.  
    -- In Compliance > Posture > By cloud, the Global Tenant is available across all pages.  
    -- In Compliance > Posture > By policy, the Global Tenant is available across all pages.  
    -- In Recommendations, the Global Tenant is available across all pages. 
    -- In Reports > Global, the Global Tenant is available across all pages.  
    -- In Settings > Cloud Accounts, the Global Tenant is available across all pages.  
    -- In Settings > Integrated tools, the Global Tenant is available across all pages.  
    -- In Settings > Resource Catalog, the Global Tenant is available across all pages.  
    -- In Settings > Tenants, the Global Tenant is available across all pages.  
    -- In Settings > Roles, the Global Tenant is available across all pages.  
    -- In Settings > User groups, the Global Tenant is available across all pages.  
    -- In Settings > Users, the Global Tenant is available across all pages.  
    -- In Settings > Audit log, the Global Tenant is available across all pages.  

Audit Log

  • Below User group write operations logs are captured in the Audit log.

-- User group creation/updation/deletion
-- Add/Delete members to the User group
-- Assign/Unassign roles to the User group
-- Add/Delete tenants to the User group
-- Cloning (duplicating) a user group

  • Added below filter types.
    -- Action - Multi-select
    -- Function - Multi-select
    -- User - Multi-select
    -- Duration - Uni-select

  • Renamed Description field as Activity.

  • Added below fields to Audit details section.
    -- Function
    -- Action type
    -- Action taken on
    -- User
    -- Date
    -- IP Address
    -- User Agent
    -- Activity

Reports

  • In Reports > Security > AWS > Threat Analytics > AWS Security Threat, added AWS threat report. The report shows threats based on various cloud resources, findings, intent, location, and threat trend. This meta data is captured as reported by customer cloud accounts.

  • In Reports > Security > Azure > Threat Analytics > Azure Security Threat, added Azure threat report.

  • Added Azure Tag Report.

  • Added AWS Vulnerability Trend report.

  • Azure Utilization report based on Metric Enhancement.

  • Enhanced Azure Cost Monthly report.

  • Enhanced EC2 Analytics report.

  • Enhanced GCP Cost Monthly report.

  • Enhanced Report UI/UX.

  • Added Azure Newly Added Resource report.

  • In the FinOps Detail Report, at the resource level, added date to see when the resource was first recommended by CoreStack.

Bug Fixes

  • Operation alert email generated with the delay.
  • Tenant name and Subscription name were missing in the reservation Policy output.
  • Tag Sync Issue - In resource inventory some of tags were not synced due to missing parameter in schema
  • Dedicated setup endpoint redirected to vanilla CoreStack URL when logged in using Azure SSO.
  • Cost budget setting were not working in few cases.
  • AWS Vulnerability report were showing duplicate values.
  • Security threats were not listing in details section.
  • Search option weren’t working in Inventory Page.
  • RI Utilization graph data were not available for any reserved instance.
  • SKU and resource name were showing NA for right sizing.
  • Download Option were not working under Current Reservations section.