Platform

New Features

• New Analytics Dashboard
  • Issues At-A-Glance with a summary of issues organized by Rule Category and Severity
  • Heatmap to show the top 10 devices with the highest number of issues
  • The average and median number of issues per day per device, % of total issues from top 10 devices to help identify ‘problematic’ devices
• A new ‘Connection Counts’ graph with a line to show the average number of connections

Improvements

• Offline Upgrade process – eliminated the manual steps by using the ‘pre-offline’ command (available after upgrade)
• Persist the customer’s issued SSL certificate parameters through upgrades in order to eliminate the need for manual post-upgrade settings (available after the upgrade)
• Create support for persistent applications’ config files in order to eliminate manual post-upgrade settings (available after the upgrade)
• Alert Exports – added new fields (vendor, OS name, OS version).
  Note: alerts created prior to 8.1 will not contain these fields

Bug Fixes

• FRONT-3827 Audit Log – display ‘Device Suspended’ activity
• FRONT-3829 Rule Configuration – enforce the selection of devices/labels to new configurations
• FRONT-3830 Device Page – added the ability to assign multiple devices to a label
• FRONT-3832 Issue Export – corrected timestamps, added vendor/os-version/revalidation-date
• FRONT-3833 Knowledge Explorer – avoid showing the same Automation Playbook repeatedly
• FRONT-3835 Custom Report – avoid displaying empty new reports until the browser is refreshed
• FRONT-3847 Knowledge Explorer – System rules – allow changes to be saved without device/label assignment

Knowledge

New Releases

• Support for Check Point release R81.20
• Support for Palo Alto Networks NGFW release 11.x

New Features

• New Auto Detect Elements for Check Point GAiA
  • Alert if IPS is bypassed
  • Alert if Dynamic Balancing Status if ‘OFF”
  • Monitor the status of the Identity Awareness PDP Broker
  • Alert on Domain Objects with FQDN
• Improvements for Check Point GAiA
  • CHKP Firewall: “repeated failed login attempts” – added support for a threshold (new default value of 5 instead of 1)
  • CHKP Firewall: “repeated failed login attempts” – added the source IP address to the reported user
  • CHKP MDS: ‘known devices’ query – changed the interval from 5 minutes to 60 minutes
• New Auto-Detect Elements for Palo Alto Networks NGFW
  • Alert if the primary static route is not configured
  • Alert when the path-monitor is down
  • Alert if an interface in an aggregated link is flapping
• New Auto-Detect Elements for Panorama
  • Alert if the commit is not scheduled
  • Alert if commit failed
  • Alert when Panorama fails to connect to Active Directory servers
  • Added HIGH severity CVE alert CVE-2022-0030 PAN-OS: Authentication Bypass in Web Interface
• New metrics for Broadcom Blue Coat ProxySG
  • Alert if the total content analysis requests are low in a 15-minute window

Bug Fixes

• IKP-4671 F5 devices are appearing as CentOS
• IKP-4752 PANW – show_panorama-status.py support parsing of empty input
• IKP-4761 Zscaler – HA rules are incorrectly showing up in Knowledge Explorer
• IKP-4763 ASG – chkp-asg-cores-util support parsing of “NA” value
• IKP-4775 ZS – fixed the port consumption and file description exhaustion rules to reflect Zscaler
• IKP-4776 PANW – panos-show-system-resources-panos9 – fixed parsing error
• IKP-4782 F5 – added support the new ‘ifconfig’ format
• IKP-4790 CHKP – mdsstat – changed COLUMNS 150 to 170 in order to support long CMA names