Veza Product Update - March'23
Overview of major changes and enhancements in 2023.3.x releases
Integrations
AWS Users and Roles with the ability to create or edit Lambda functions.
AWS services and resources Lambda Functions can access.
IAM roles assumed by Lambda to access AWS services and resources.
AWS Cognito: The AWS integration can now discover AWS Cognito Identity Pools used to grant temporary privileges to other AWS services.
AWS Cognito Identity Pools that allow unauthenticated identities
AWS IAM Roles assumed by AWS Cognito Identity Pool identities.
Note that updated permissions for the AWS integration must be updated to enable listing Lambda functions and tags and Cognito identity pools. To gather these new entities, the must include the latest "Cognito"and "Lambda"Sids.
Once enabled, these attributes are added to entities and can be used to filter and sort search results.
Password Last Set is now supported as a default attribute for AD User entities, containing the timestamp when a password was last set.
Snowflake: Entities now include the "Comment" attribute containing optional descriptions on Snowflake Role, User, Database, Schema, Table, and View objects.
Administration: Integrations on the Configurations page now indicate the running sync or parse job status (such as "Waiting for Parsing").
Detailed status info now shows the completed and current job steps (such as "Gathering Users" or "Gathering Roles") and the total number of gathered entities.
An icon next to the Data Source status indicates when you can click a label for more details.
Veza Monitoring
Rules can now trigger Alerts when there are changes to Over Provisioned Score (OPS) in the associated query's results.
Alerts will now include more details for entities with OPS changes.
Veza Search and Insights
Dashboards on the Home page have had a visual refresh. Each tile now shows results and changes for all sections in the report.
Dashboard reports are enhanced to show trends and change over time, customizable by setting the Time Range to the past week or month.
The Access Search > Saved Queries page now offers query search by keyword, label, or integration. Users can now mark any Saved Query as a violation from an extended Actions dropdown menu.
AWS EC2 Instances are now shown on the left when searching relationships to other resource entity types (such as AWS S3 Bucket) in Authorization Graph for improved visualization of resource-type entities acting as principals.
Early Access Users can now add Rules directly from Veza Saved Queries and the Query Builder. When enabled:
An enhanced Saved Queries page replaced the Rules page. Saved Queries now include Rule details and a streamlined Create Rule wizard. Users can now optionally add it to Reports or create a Rule when saving a query.
Saved queries will have an additional option Actions > Configure Alert Rule. The Alerts page includes an overview of recently-triggered rules.
Veza Workflows
Precise Certification Due Dates
Workflow owners can now specify an exact deadline when selecting Certification deadlines (in addition to a general calendar date).
Reviewer Assignment Fallback Behavior
Workflow creators can now always add Fallback Reviewers, used when rules prevent the assignment of the original user or when a manager does not exist for a certification result row.
Show or Hide Indirect Access (Early Access)
Workflow creators can now include or exclude from certification results relationships that involve nested entities. These might include roles assumed by another role, or groups belonging to a parent group.
When enabled, Show Assumed Entities Types is an option under Advanced Options > Relationship Options when the query source or destination (such as Snowflake Group or AWS IAM Role) can be nested.
Reviewer Usability Enhancements
Certifications on mobile devices now allow acting on a full page of results. Reviewers can now choose several items to approve, reject, or sign off with a single action.
Reviewers can now apply pre-configured filters to Show Undecided Items and Only Show Signed Off Items found under Certification Filters > Saved Filters.
Clicking Permissions, Concrete Permissions, or Reviewers for a Certification result row lists all the values for that field.
When acting on several certification items with Bulk Actions, Reviewers can now apply any action, whether or not the action applies to the selected rows. Any result the decision can't apply to is skipped.
Veza Product Design
Unified views for Tagging: Veza Tags, AWS Tags, Google Cloud Tags, Google Cloud Labels, and Google Cloud Tag Ids now reside in the Data Catalog.
Updated color theme and palette across Veza.
Updated charts throughout the UI for improved visualization.
Last updated