Cloud Discovery & Visibility (CDV) v22.2.2 is a maintenance release. The following features and functionality were previously added in Cloud Discovery & Visibility (CDV) v22.2.
Cloud deployments
You can now deploy CDV to the cloud on all supported platforms (Amazon Web Services, Google Cloud Platform, and Microsoft Azure).
For more details, see Installing Cloud Discovery & Visibility to the cloud.
Encryption of Cloud Credentials for visibility jobs in the CDV database
Cloud credentials associated with visibility jobs are now encrypted when stored in the CDV database.
Automatic restart of visibility jobs upon CDV restart
When the Cloud Discovery & Visibility (CDV) container stops, either intentionally
or because of a system failure, all running CDV jobs are also stopped. You can now
have CDV automatically restart those visibility jobs by manually specifying the
SECRET_KEY
environment variable used to encrypt job credential
information in the CDV database.
For more details, see Configuring Cloud Discovery & Visibility to automatically restart visibility jobs upon startup.
New options for deletion of missing resources during rediscovery
Cloud Discovery & Visibility (CDV) lets you update and import resources based on discovery tasks you ran before, a process called rediscovery. You could also use the Remove Deleted Resources During Rediscovery option to automatically delete entries for resources that could not be found on rediscovery.
As of v22.2, View and DNS zone entries are not deleted right away. Instead, CDV tags these resources as "deleted" for later review. When rediscovery finishes, you can view the tagged resource entries in the Tagged Resources tab, then either manually delete them permanently or leave them alone.
For more details, see Deleting resources flagged as missing during rediscovery.
Log level customization
You can now configure the level of logging that CDV performs for visibility and discovery activities and events. By default, CDV logs events at the WARNING level. This includes logs of warning, error, and critical events, but not debug or informational events. You can change this in the Logs window, which you can open by clicking the Notifications bell icon in the top right corner.
For more details, see Cloud Discovery & Visibility logging.
Limiting the number of simultaneous CDV jobs
CDV now manages discovery processes in a queue, limiting the number of simultaneous jobs to a default of 20. Doing so helps avoid exceeding connection limits on some systems.
For more details, see Limiting the number of simultaneous CDV jobs with queues.
(AWS) Support for multiple credentials on AWS
On Amazon Web Services, you can now import multiple sets of credentials or ARN roles for use by CDV. Each set of credentials can be applied to a different region.
For more details, see AWS Credentials
New API endpoint for calculating permission hashes
When manually setting up rules and policies for system accounts used by CDV, you might need to calculate an MD5 hash string for the account that uniquely identifies the account. For convenience, you can use the following API endpoint to quickly calculate that hash based on the account's parameters.
POST /visibility/default-queue-names-generator
You can run this endpoint directly from CDV's Swagger documentation page. Go to
https://<URL or IP
address>/cloud-discovery/api/v1/doc
on your CDV instance, then
change the provider in the list box at the top (from GENERAL to AWS, GCP, or
AZURE).
You'll need to provide account information to the endpoint as a JSON fragment, depending on the platform:
{
"region_name": "string",
"aws_access_key": "string",
"aws_secret_key": "string",
"aws_role_arn": "string",
"aws_mfa_arn": "string",
"aws_mfa_code": "string",
"bam_username": "string",
"bluecat_configuration": "string"
}
{
"project_id": "string",
"client_email": "string",
"bam_username": "string",
"bluecat_configuration": "string"
}
Microsoft Azure: {
"azure_subscription_id": "string",
"azure_tenant_id": "string",
"azure_client_id": "string",
"azure_resource_group": "string",
"bam_username": "string",
"bluecat_configuration": "string",
"create_separate_configuration": true
}
For more details about using CDV's REST API endpoints, see REST API endpoints.
Scalability performance enhancements
Several performance enhancements were made to improve scalability of visibility jobs. Connections are now queued, avoiding failure cases associated with large numbers of simultaneous discovery and visibility jobs.
New log setting options in /config API endpoint
PUT /config
endpoint lets you specify CDV log settings
through CDV's API. These options are: {
"log_level": "WARNING",
"max_bytes": 10485760,
"backup_count": 10
}
For more details on CDV logging, see Cloud Discovery & Visibility logging.
For more details about using CDV's REST API endpoints, see REST API endpoints.
New Visibility Options in /discovery API endpoint
The POST API endpoint has been enhanced with additional Visibility Options for each supported platform.
POST <Gateway_url>/cloud-discovery/api/v1/provider/<aws_azure_or_gcp>/discovery
For more details about using CDV's REST API endpoints, see REST API endpoints.
For Amazon Web Services
(cloud-discovery/api/v1/provider/aws/discovery
), these options
are:
{
"reuse_queue_name": false,
"sns_topic_name": "string",
"eventbridge_rule_name": "string",
"sqs_name": "string"
}
For Google Cloud Platform
(cloud-discovery/api/v1/provider/gcp/discovery
), these options
are:
{
"reuse_queue_name": false,
"pubsub_topic_name": "string",
"pubsub_subscriptions_name": "string",
"logging_sink_name": "string"
}
For Microsoft Azure
(cloud-discovery/api/v1/provider/azure/discovery
), these options
are:
{
"reuse_queue_name": false,
"sb_namespace_name": "string",
"sb_queue_name": "string",
"eg_subscription_name": "string"
}