This following improvements in Cloud Discovery & Visibility v24.1 (CDV) might affect the behavior of automated tasks and customized processes.
Upgrading CDV and migrating the CDV database before and after v24.1
For improved security, as of v24.1, the default user for the CDV image has changed
from root to flask. This change affects how users
can upgrade to the current version (CDV 24.1):
When updating from a version prior to v24.1, you cannot upgrade using the volume mount method. Instead, you must export the CDV database, apply the upgrade, then restore the database.
For more details, see Upgrading Cloud Discovery & Visibility using the database export and import.
Changes to dropped VPC networks
In previous versions, when forced to import resources into a specific BAM Configuration based on the block level or address space in the cloud, CDV dropped overlapping networks (even if the conflict was resolved). As of v24.1, the criteria for dropping networks is lowered to the network level. That is, CDV will now drop a network only if its CIDRs overlap with an existing block on Address Manager, and if that block has nested children (a child block or network).
(AWS) Changing VPC names
In versions of CDV prior to v24.1, changes to VPC names did not affect existing BAM Configurations. As of CDV v24.1, if users change the name of a VPC in the AWS infrastructure, CDV does the following:
Overlapping BAM Configuration: If users change the name of an overlapping network, CDV will update the corresponding Configuration name in BAM (if one exists).
Blocks in BAM IP Space: Names of affected blocks in IP space in BAM will now reflect its current status in the AWS infrastructure.
This behavior occurs during both Scheduled Discovery and Visibility Management jobs. Name changes during Scheduled Discovery jobs are applied only after CDV receives a rerun command. Name changes during Visibility Management jobs are applied only after CDV receives a message that indicates the name-changing action.
(AWS) IPv6 subnets with /56 and /60 are now dropped
BlueCat Address Manager does not allow creation of subnets larger than /64. As such, when found, CDV will now mark those subnets as DROPPED in its database and the Discovery job marked as COMPLETED WITH ISSUES. All IPs related to the dropped subnetes will be removed from devices and added to the report for the dropped network.
Breaking API endpoint changes
The following API endpoints are significantly changed. They might require changes to custmized or automated processes that use them.
in the top right of the Cloud Discovery & Visibility UI and
select Go to API document.| Endpoint | Changes |
|---|---|
POST exporter/database |
Method changed from GET to POST. |
|
(AWS) Several new parameters are added to configure Private Endpoint behavior, configure Kubernetes discovery behavior, and enable or disable the creation of overlapping configurations in BAM:
|
|
(Azure) Several new parameters are added to configure Private Endpoint behavior, configure Kubernetes discovery behavior, and enable or disable the creation of overlapping configurations in BAM:
|
|
|
(GCP) Several new parameters are added to configure Private Endpoint behavior, configure Kubernetes discovery behavior, and enable or disable the creation of overlapping configurations in BAM:
|