What's new in version 22.2.2 - Adaptive Applications - BlueCat Gateway - 22.2.2

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
22.2.2

Cloud Discovery & Visibility (CDV) v22.2.2 is a maintenance release. The following features and functionality were previously added in Cloud Discovery & Visibility (CDV) v22.2.

Cloud deployments

You can now deploy CDV to the cloud on all supported platforms (Amazon Web Services, Google Cloud Platform, and Microsoft Azure).

For more details, see Installing Cloud Discovery & Visibility to the cloud.

Encryption of Cloud Credentials for visibility jobs in the CDV database

Cloud credentials associated with visibility jobs are now encrypted when stored in the CDV database.

Automatic restart of visibility jobs upon CDV restart

When the Cloud Discovery & Visibility (CDV) container stops, either intentionally or because of a system failure, all running CDV jobs are also stopped. You can now have CDV automatically restart those visibility jobs by manually specifying the SECRET_KEY environment variable used to encrypt job credential information in the CDV database.

For more details, see Configuring Cloud Discovery & Visibility to automatically restart visibility jobs upon startup.

New options for deletion of missing resources during rediscovery

Cloud Discovery & Visibility (CDV) lets you update and import resources based on discovery tasks you ran before, a process called rediscovery. You could also use the Remove Deleted Resources During Rediscovery option to automatically delete entries for resources that could not be found on rediscovery.

As of v22.2, View and DNS zone entries are not deleted right away. Instead, CDV tags these resources as "deleted" for later review. When rediscovery finishes, you can view the tagged resource entries in the Tagged Resources tab, then either manually delete them permanently or leave them alone.

For more details, see Deleting resources flagged as missing during rediscovery.

Log level customization

You can now configure the level of logging that CDV performs for visibility and discovery activities and events. By default, CDV logs events at the WARNING level. This includes logs of warning, error, and critical events, but not debug or informational events. You can change this in the Logs window, which you can open by clicking the Notifications bell icon in the top right corner.

For more details, see Cloud Discovery & Visibility logging.

Limiting the number of simultaneous CDV jobs

CDV now manages discovery processes in a queue, limiting the number of simultaneous jobs to a default of 20. Doing so helps avoid exceeding connection limits on some systems.

For more details, see Limiting the number of simultaneous CDV jobs with queues.

(AWS) Support for multiple credentials on AWS

On Amazon Web Services, you can now import multiple sets of credentials or ARN roles for use by CDV. Each set of credentials can be applied to a different region.

For more details, see AWS Credentials

New API endpoint for calculating permission hashes

When manually setting up rules and policies for system accounts used by CDV, you might need to calculate an MD5 hash string for the account that uniquely identifies the account. For convenience, you can use the following API endpoint to quickly calculate that hash based on the account's parameters.

POST /visibility/default-queue-names-generator

You can run this endpoint directly from CDV's Swagger documentation page. Go to https://<URL or IP address>/cloud-discovery/api/v1/doc on your CDV instance, then change the provider in the list box at the top (from GENERAL to AWS, GCP, or AZURE).

You'll need to provide account information to the endpoint as a JSON fragment, depending on the platform:

Amazon Web Services (AWS):
{
  "region_name": "string",
  "aws_access_key": "string",
  "aws_secret_key": "string",
  "aws_role_arn": "string",
  "aws_mfa_arn": "string",
  "aws_mfa_code": "string",
  "bam_username": "string",
  "bluecat_configuration": "string"
}
Google Cloud Platform (GCP):
{
  "project_id": "string",
  "client_email": "string",
  "bam_username": "string",
  "bluecat_configuration": "string"
}
Microsoft Azure:
{
  "azure_subscription_id": "string",
  "azure_tenant_id": "string",
  "azure_client_id": "string",
  "azure_resource_group": "string",
  "bam_username": "string",
  "bluecat_configuration": "string",
  "create_separate_configuration": true
} 

For more details about using CDV's REST API endpoints, see REST API endpoints.

Scalability performance enhancements

Several performance enhancements were made to improve scalability of visibility jobs. Connections are now queued, avoiding failure cases associated with large numbers of simultaneous discovery and visibility jobs.

New log setting options in /config API endpoint

The new PUT /config endpoint lets you specify CDV log settings through CDV's API. These options are:
{
    "log_level": "WARNING",
    "max_bytes": 10485760,
    "backup_count": 10
}

For more details on CDV logging, see Cloud Discovery & Visibility logging.

For more details about using CDV's REST API endpoints, see REST API endpoints.

New Visibility Options in /discovery API endpoint

The POST API endpoint has been enhanced with additional Visibility Options for each supported platform.

POST <Gateway_url>/cloud-discovery/api/v1/provider/<aws_azure_or_gcp>/discovery

For more details about using CDV's REST API endpoints, see REST API endpoints.

For Amazon Web Services (cloud-discovery/api/v1/provider/aws/discovery), these options are:

{
    "reuse_queue_name": false,
    "sns_topic_name": "string",
    "eventbridge_rule_name": "string",
    "sqs_name": "string"
}

For Google Cloud Platform (cloud-discovery/api/v1/provider/gcp/discovery), these options are:

{
    "reuse_queue_name": false,
    "pubsub_topic_name": "string",
    "pubsub_subscriptions_name": "string", 
    "logging_sink_name": "string"
}

For Microsoft Azure (cloud-discovery/api/v1/provider/azure/discovery), these options are:

{
    "reuse_queue_name": false,
    "sb_namespace_name": "string",
    "sb_queue_name": "string",
    "eg_subscription_name": "string"
}