Cloud Discovery & Visibility (CDV) v24.1 has the following new features:
Tagged resources in BAM's CDV Directory
Amazon Web Services (AWS) resources are located under a Tag Group for the Account and Region.
Google Cloud Platforms (GCP) resources are located under a Tag Group for the GCP Project.
Microsoft Azure resources are located under a Tag Group for the Azure subscription and resource group.
Discovery support for internal Kubernetes resources
If you enable discovery of Kubernetes clusters, you can now also optionally enable discovery of some resources internal to those clusters.
Currently, only discovery of pod and service resources are supported. If you enable discovery of internal Kubernetes resources, CDV creates separate BAM configurations for each cluster, into which pods and services are added as devices.
To enable discovery of internal Kubernetes resources, in the Setup page for your platform, in the Discovery Options section, select the checkbox for enabling Kubernetes discoveries, then optionally select whether or not you also want to discover internal resources. On Microsoft Azure infrastructures, you must also add the following role permission:
Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
Create Overlapping Configuration setting (Configuration Options)
When overlapping networks within the same region, resource group, or project are found, you can now specify whether or not CDV imports to BAM additional Configurations for those overlapping networks. To specify this, in the Setup tab for the platform, scroll down to (and expand) the Configuration Options section, then select or clear the Create Overlapping Configuration checkbox.
Private endpoint zones
When performing discovery on Private Endpoints, you can now separately specify the zone in BAM in which resource records from private endpoints will be stored. To do so, in the Setup tab for the platform, scroll down to (and expand) the Discovery Options section for your platform. Then, configure the Target Zone for Private Endpoints settings.
Existing settings that let you configure the target zone for other items in that platform are now renamed, to distinguish it from the target zone for private endpoints.
Discovery Management job filters and sorting options
In all platforms (AWS, GCP, and Azure), within the Discovery Management section of the Management tab, you can now filter the list of Scheduled Discovery jobs by their attributes. You can also sort the list by any displayed column (except Job time started).
Exporting the Cloud Networks Summary report
You can now export the Cloud Networks Summary report as a Microsoft Excel file. To do so, on the Cloud Networks tab, click the Action button (the gear) at the top of the table, then select Export the Cloud Networks data.
(AWS) ENI discovery and visibility
If Elastic Network Interfaces is selected in AWS Discovery
options, CDV will now import ENIs into BAM as devices. These devices will have a
Device Subtype of Generic Device and an
Instance Type based on the Interface Type of the ENI in BAM. If ENIs are used with
virtual machines, load balancers, private endpoints, or Elastic Kubernetes Services
(EKS), ENIs belonging to that device (or to the EC2 device for virtual machines)
will be managed by that device.
ENI devices are fully supported by CDV Visibility Management. You can add and delete ENIs, attach or detach ENIs from an EC2 or EKS instance, and update the ENI with IPv4/IPv6 addresses and prefixes.
(AWS) Resource records with traffic policies
CDV now supports import of resource records that use Traffic Policies. When imported into BAM, the Traffic Policy Document Format is stored in the record's Meta data.
In order to traffic policy information, the following additional role permissions are needed:
"route53:GetTrafficPolicy""route53:ListTrafficPolicyInstancesByHostedZone"
(GCP, Azure) Management of overlapping VPCs and VNs imported into Address Manager
CDV v23.2 improved management of overlapping Virtual Private Clouds (VPCs) when importing from AWS infrastructures. Those improvements have now been added to GCP (when importing VPCs) and Microsoft Azure platforms (when importing Virtual Networks, or VNs).
These improvements mirror those of AWS: If there's a network overlap with an existing block in BAM, CDV refrains from importing it, along with associated elements such as virtual machines (VMs), load balancers, private endpoints, and Kubernetes engines. In addition, CDV incorporates the excluded networks into the report within the Discovery tab for each Discovery job. You can click the status of a discovery job that is Completed (with issues) to open a pop-up window that lists the dropped networks in JSON format.
(Azure) Expanded Azure Virtual Machine discovery
When discovering Virtual Machines (VMs) on an Azure infrasttructure, CDV now discovers all Virtual Machines (VMs) under Azure Virtual Machine Scale Set (VMSS) management. In previous releases, only VMs under flexible VMSS were discovered.
To enable discovery of VMs, in the Azure Setup page, in the Azure Discovery Options section, select the Azure Virtual Machines checkbox.
(Azure) Discovery of public alias records
CDV now discovers and imports public alias records from Azure infrastructures. In order to discover alias records, the following additional role permissions are needed:
"Microsoft.Web/staticSites/read""Microsoft.Resources/subscriptions/read""Microsoft.Cdn/*/read"
New API endpoints
The following API endpoints are now available.
in the top right of the Cloud Discovery & Visibility UI and
select Go to API document.| Endpoint | Changes |
|---|---|
PUT /certificates |
Update the CA certificates for CDV. |
POST /certificates/restore |
Restore the last CA certificates for CDV. |