Veza Product Update - August'23

Overview of major changes and enhancements in 2023.8.x releases

Access Intelligence

  • Dashboards Trends View: You can now toggle between a visualization of trends over time and the current number of results for each Dashboard Report on the Home page. It is also now possible to download any trend chart by opening the action menu and choosing Expand > Export to PNG.

  • Query Details view: Clicking View Details for a saved query now opens a comprehensive overview with tabs for creating rules and managing risk exceptions, visualizing trends over time, and reviewing the original query description and parameters. This extended query details page replaces the old details modal.

  • Dashboard report customization: Users can now directly customize which reports appear on the Dashboards home page by clicking the Add Reports button and selecting from a list of all built-in and user-created reports.

  • Improved Report Export: When exporting reports in PDF format, you now have the option to include destination entities, and add columns showing source entity properties and summary entities. This early access capability is now available for all users.

  • Insights Overview (Early Access): When enabled, you can now see all relevant assessments for any type of entity from a new Insights > Overview page. You can apply additional filters based on risk level, creator, or query labels, and quickly access the details view for any related Saved Query.

Access Reviews

  • Link to filtered certifications (Early Access): When enabled, reviewers now have the option to copy a link to the current filtered view of results for improved sharing. Opening a certification now applies the filter specified in the URL.

  • Review access for unique users (Early Access): It’s now possible to list each user involved in a certification, and quickly open a new tab with just the results related to that specific user. When enabled, you can open the list of unique users and view their results by clicking Show Users > View Details.

  • Workflows API: Preview operations are now available for creating Workflows and initiating Certifications.

  • Smart Actions API: Custom smart action definitions can use the apply_to_all_rows option to explicitly run the action on all certification results.

  • Improved performance for bulk actions.

  • Improved performance when loading certification results.

  • Query Pipeline: You can now create complex queries by using the output of one query as a constraint on another query. For example, you can create one query that defines Production Resources or Resources accessible by overseas employees, and use it to filter the source or destination entities in another query. To create a query pipeline, first save a subquery that returns the entity type you want to filter on. Then, create the main query and click Add Attribute Filter Group > Query Output.

  • Improved Tagged Entity Search (Early Access): Clicking any entry on the Tags page now opens a tags details view, including a searchable list of all entities with that tag. You can export the results, or search for the entities in Query Builder. Tag details are also available when viewing entity details in Graph or Query Builder.

Veza Integrations

  • Azure Cognitive Services: The Azure integration now automatically discovers permissions on Azure Cognitive Services, including Azure OpenAI.

  • Snowflake Tags: The Snowflake integration now discovers native tags applied to securable objects within Snowflake. You can review tags by inspecting an entity’s details, or by opening the Data Catalog > Tags page.

  • Deploy Keys for GitHub Enterprise: Added support for the GitHub Deploy Key entity type, enabling search for repositories with configured SSH deployment keys, and the roles those keys can assume.

  • Active Directory attributes: AD Users now have the timestamp attributes Account Expires and User Password Expiration.

  • AWS attributes: S3 Buckets now have the Default KMS Master Key IDs attribute, indicating which (if any) keys are applied to the bucket.

  • Workday attributes: Worker entities now have the additional attributes Termination Date, Workday ID, and Is Active.

  • OAA permissions: Integrations can now use the Uncategorized permission type, intended when custom application permissions are unknown or not mapped, and existing permissions like NonData are inaccurate.

  • Veza-built OAA integrations are now available for OpenAI, New Relic, Solarwinds, YouTrack, and Rollbar.

  • The Veza-built OAA integration for GitLab can now be enabled directly from the Configuration page as part of the OAA on Veza early access feature.

  • SCIM integration (Early Access): Providers with System for Cross-domain Identity Management (SCIM) APIs can now be integrated with Veza to discover users and groups. To add a SCIM integration directly from the Configuration page, the OAA on Veza feature must be enabled.

Veza Platform

  • Audit Log APIs: Preview APIs are now available for listing and exporting audit events.

  • Veza Email Digests: Users now receive an email digest containing critical Veza information all in one place, including changes to Risks and Reports, Rules and Alerts, and Integrations. You can change email frequency to Daily, Weekly, Monthly, or Never by opening your user profile from the main navigation menu.

  • Multi-Factor Authentication (Early Access): When enabled, local users (such as system administrators) can now configure a third-party authenticator application by opening their user profile. Users logging in with single sign-on will continue to use MFA from their identity provider. Administrators can reset authentication factors for other users from the User Management page.

Product Design and Usability

  • The Access Search, Access Intelligence, Access Monitoring, and Workflows sections are renamed to Access Search, Access Intelligence, Access Monitoring, and Access Reviews.

  • Some pages are renamed to better differentiate Query Builder and Graph search:

    • Access Search > Graph

    • Saved Searches > Saved Graphs

  • Attribute filter sorting: The list of possible attributes is now ordered alphabetically when adding a filter. Typing to search now filters the list. Common properties for all entities, such as Name and ID, appear at the top.

  • Saved Query usability: Choosing the Clone Query action now opens the Save Query flow with options to change the name and details, create rules, or add the query to reports.

  • The Administration > Events page now supports filtering on all possible event types.

  • The View Documentation icon is now labeled Help.

  • When customizing webhooks and other Orchestration Actions, descriptions now clarify that actions will trigger on row sign-off (and not immediately when a result is accepted or rejected).

  • When applying smart actions, typing to search for a field is no longer case-sensitive.

Last updated