Veza Product Update - July'23

At Veza, we continuously deliver new features and enhancements to meet customer needs and bring you our latest product innovations. To help keep track of the many changes over the past month, we’ve compiled a summary of all the latest improvements from our most recent releases.

Insights

• User Comparison (Early Access): A new Access Intelligence > Compare page reveals how permissions to resources and group memberships vary for two different users of the same entity type. After creating access profiles for different personas, you can quickly evaluate how other users align with an established baseline.

• Dynamic reports: You can now add queries individually or pick the dynamic report type during report creation. Dynamic reports include all queries with the chosen labels and integrations, and update automatically when queries meeting the criteria are added or removed.

• Rules for entity attribute changes: When adding conditions for a rule, you can choose Query Properties to receive alerts when Veza detects a change in the entity attribute, such as User activity status or Policy statement count.

• Saved query visibility: You can now mark queries as Public or Private when saving them. Additionally, you can view and filter the Saved Queries page by the new Visibility column. Private queries, like private reports, are visible only to owners.

• Report export enhancements (Early Access): When exporting reports in PDF format, you now have the option to add expanded details for results, and include columns for source entity properties and summary entities.

• Access Monitoring for Snowflake now supports “Schema” (Early Access): Over-Provisioned Scores (OPS) are now calculated for users and groups with Snowflake Schema permissions (previously, this information was available for Databases, Views, and Tables).

Integrations

• ​​AWS Elastic Container Repositories (ECR): The AWS integration now automatically discovers public and private ECR registries and repositories. You should update the integration policy to include the ECR SID, or limit extraction for the ECR service to prevent warnings.

• SaaS Misconfigurations for GitHub: The GitHub integration now offers additional assessment queries to monitor repository security risks. Please note that the integration requires the additional permission scope repository_advisories:read to gather the relevant metadata.

  • GitHub Repositories now have the attributes allow_forking, secret_scanning_enabled, default_allow_delete, default_allow_force_push and default_require_pull_request_approval, and has_branch_protection_rules.

  • GitHub Security Advisories, used to report, track, and discuss security-related issues for software projects, are now shown as an entity type.

• The integrations for Oracle Cloud Infrastructure, GitHub Enterprise, Box, ServiceNow, and Databricks have graduated from Early Access and are now generally available on the Veza platform.

• The Jira Cloud and Bitbucket Cloud OAA integrations now include built-in misconfiguration reports.

• New Veza-built OAA integrations are available for Confluence Server, Trello, Hubspot, Tableau Cloud, and Windows File System.

• Custom datasource payloads in integration details: You can now view the most recent custom provider push payload in JSON format by clicking on an integration name and selecting Show Schema Definition.

• 10 new SaaS applications are supported using our generic SCIM integration: Egnyte, IronClad, FiveTran, Celonis, Sigma Computing, Zapier, Envoy, Twingate, Harness, and ThousandEyes.

• Improved Configurations Usability (Early Access): The Configuration pages have been completely overhauled to offer more streamlined integration management and improved visibility into the status of your integrations.

• Google Cloud Cross Organization Permissions (Early Access): When enabled, the Google Cloud integration calculates effective permissions for users in one GCP organization assigned to groups in another GCP organization. In System query mode, Veza shows full cross-account connections for Google users, groups, service accounts, and role bindings.

• OAA on Veza (Early Access): To make it easier to run and configure Open Authorization API-based integrations, it is now possible to enable supported Veza-built OAA integrations directly from the Configuration page, with no additional deployments or command-line customizations.

• Workday Integration (Early Access): A new integration for Workday Human Capital Management (HCM) enables Veza to discover Workday identities, security groups, and policies for our core products of Search, Workflows, and Insights.

Search

• Query Builder — entity type groupings: To enable queries that return multiple entity types, you can now select all Users, Resources, Identities, or Service Accounts as a Query Builder source or destination.

• Query Builder — attribute filter enhancements: You can now create complex constraints by adding several attribute filters with AND or OR operators.

• Query Builder — destination entities: Query Builder now has the option to return pairs of source and destination entities as results, similar to Workflow queries.

• Query Builder — summary entities: Queries using destination entities can include a Summary Entities column showing the authorization path for each result. When building a query, you can select entity types to include in the summary for visibility into the Roles, Policies, Groups, or other intermediate entities connecting the source and destination.

• JSON query specifications: When creating a query, you can now export the query parameters for use with the Query Builder API. To do so, click the Save button and choose View or Copy Query Spec.

• Enhanced query details (Early Access): When enabled, the details modal for saved queries is replaced by a comprehensive overview of query results, details, and actions. You can use this view to inspect Trends, Rules, Reports, and Alerts for a query, review its parameters, and make customizations using the actions menu.

Workflows

• Faster reviewer auto-assignment and Certification creation.

• Improved Smart Actions performance when re-assigning reviewers.

• Improved Create Certification performance when generating multiple certifications.

Product Design and Usability

• All possible query actions are now available from the Query Builder, with a new actions dropdown next to the Save button.

• The left sidebar on the Reports page is now collapsible.

• On the Insights > Analysis page, clicking on a result name shows entity attributes.

• Tabs on the Saved Queries page now clarify that users are switching between Query View and Rules View.

• For improved readability, Salesforce Permission Sets are now labeled with the name <profile name> Permission Set, instead of by unique ID.

• The providers assigned to a team are now grouped under a single icon for each integration type, which can be hovered over to view details.

• Editing an entry on the Rules page now opens the query in Query Builder.

• Email notifications for triggered alerts now include the rule description, severity, threshold, and node count.

• You can now filter the Alerts page by query name. \