The following features were introduced in Cloud Discovery & Visibility v23.1:
(AWS and Azure) Support for scheduling Discovery jobs
Cloud Discovery & Visibility v23.1 introduces the ability to configure scheduled discovery jobs, ensuring that new resources are discovered at a regular cadence. You can configure the interval at which you would like to continuously monitor your cloud resources independent of visibility jobs.
For more information on configuring scheduled discovery jobs, see AWS Monitoring Options for AWS configuration and Azure Monitoring Options for Azure configuration.
Enhancements to API endpoint for calculating permission hashes
The POST /visibility/default-queue-names-generator
API has been
enhanced to support default queue name generation that includes the VM credentials
and traditional credentials for Cloud Discovery & Visibility instances deployed
to cloud environments. The API now includes a new
is_running_on_native_cloud
parameter to distinguish
cloud-deployed CDV instances and ensuring that the instance has substantial cloud
permissions.
For more details about using CDV's REST API endpoints, see REST API endpoints.
New API endpoint to create resources for Visibility
When configuring Cloud Discovery & Visibility, a subset of users may not have the required permissions to configure the queue permissions required by Cloud Discovery & Visibility for visibility tasks to retrieve information from your cloud environment. Cloud Discovery & Visibility v23.1 introduces a new API endpoint that enables users with the correct permissions to create the required queue permissions on the cloud environment. The API returns the queue names that were created in the cloud environment, and users without the required queue permissions can use the names to configure visibility in CDV.
POST /visibility/system
You can run this endpoint directly from CDV's Swagger documentation page. Go to https://<URL or IP address>/cloud-discovery/api/v1/doc on your CDV instance, then change the provider in the list box at the top (from GENERAL to AWS, GCP, or AZURE).
You'll need to provide account information to the endpoint as a JSON fragment, depending on the platform:
{
"authentication": {
"region_name": "string",
"aws_access_key": "string",
"aws_secret_key": "string",
"aws_role_arn": "string",
"aws_mfa_arn": "string",
"aws_mfa_code": "string",
"is_running_on_native_cloud": false
},
"options": {
"virtual_machines": false,
"load_balancers": false,
"k8s_service": false,
"private_endpoints": false,
"public_dns_zones": false,
"private_dns_zones": false
},
"visibility": {
"sns_topic_name": "string",
"eventbridge_rule_name": "string",
"sqs_name": "string"
}
}
{
"authentication": {
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_client_secret": "string",
"is_running_on_native_cloud": false,
"azure_subscription_id": "string",
"azure_resource_group": "string"
},
"options": {
"virtual_machines": false,
"load_balancers": false,
"public_dns_zones": false,
"private_dns_zones": false,
"private_endpoints": false,
"k8s_service": false
},
"visibility": {
"sb_namespace_name": "string",
"sb_queue_name": "string",
"eg_subscription_name": "string"
}
}
{
"authentication": {
"type": "string",
"project_id": "string",
"private_key_id": "string",
"private_key": "string",
"client_email": "string",
"client_id": "string",
"auth_uri": "string",
"token_uri": "string",
"auth_provider_x509_cert_url": "string",
"client_x509_cert_url": "string",
"is_running_on_native_cloud": false
},
"options": {
"virtual_machines": false,
"load_balancers": false,
"k8s_service": false,
"private_endpoints": false,
"public_dns_zones": false,
"private_dns_zones": false
},
"visibility": {
"pubsub_topic_name": "string",
"pubsub_subscriptions_name": "string",
"logging_sink_name": "string"
}
}
For more details about using CDV's REST API endpoints, see REST API endpoints.
(GCP) Support for IPv6 on GCP
Cloud Discovery & Visibility v23.1 introduces support for IPv6 network configurations for Cloud Discovery & Visibility virtual machines deployed on GCP.
Introduction of Creator UDF in Address Manager
- Configurations
- IPv4 blocks
- IPv4 networks
- IPv6 blocks
- IPv6 networks
- Devices
- Device Types
- Device Subtypes
- Tag Groups
- Tags
- Views
- Zones
Additionally, a new API has been added that allows you to update all previously discovered and imported cloud resources in Address Manager with the Creator UDF.
PUT /update/resources
You can run this endpoint directly from CDV's Swagger documentation page. Go to https://<URL or IP address>/cloud-discovery/api/v1/doc on your CDV instance.
For more details about using CDV's REST API endpoints, see REST API endpoints.
(AWS) Support for configuring multiple AWS credentials for different regions on EC2 instances
When Cloud Discovery & Visibility is deployed on an EC2 instance, you can now import multiple ARN roles for use by CDV. Each set of ARN roles can be applied to a different region.
For more details about configuring multiple AWS credentials for different regions, see AWS Credentials: Basic tab.