User Guide
Release Notes

2022.3.1

Workflows

  • Hovering over a certification line item now shows a text summary of the row details.

  • Reviewers and due dates can now be modified by choosing Settings from the workflow certifications list.

  • The certification view now includes columns to show the Application and Resource Type for each row.

  • A summary of data source status at the time of the most recent snapshot is now shown when initiating a new certification. Reviewers can select View Data Source Snapshot Status on the certification interface to check for stale data and confirm the data sources included in the certification.

Search

  • The Show Violation Events modal now includes options to Suppress all Violations for the selected query or suppress violations in bulk.

  • When viewing query builder results, you can now enable an additional column to show the tags on each result.

  • Added an Open in Query Builder shortcut for pivoting to the active search in Query Builder mode.

  • Property names are no longer case sensitive when adding search constraints.

  • Query Builder results can now be sorted by the number of destination entities.

  • The Authorization Graph now includes search quick links for Google Cloud when available.

Access Intelligence

  • Significant organizational improvements for reporting and assessment queries across categories.

  • New queries have been added for deep insight into toxic combinations and shadow admin privileges.

Heatmaps

  • A summary and list of source entities are now included alongside the main heatmap visualization.

Integrations

  • Added the option to set allow/deny lists to limit Trino catalog, schema, and table extraction.

  • Added the option to set allow/deny lists to limit Okta app and domain extraction.

  • Added a new assessment query for Active Directory users that are Domain Admins.

  • AWS IAM Policy entities now show the Permissions Boundary Usage Count, enabling queries on unused policies with no relationship to any principals.

  • Added an is_guest_user property to Google Workspace users to identify entities whose primary email address doesn't belong to any of the account's domains.

  • Added a new Application Template property for AzureAD Enterprise Applications to enable differentiation between 3rd-party gallery apps and custom app registrations.

  • Added a new app role assignment required property for AzureAD enterprise applications, indicating whether the app is implicitly available to all users, or must be assigned (directly or via a group).

  • You can now select individual services to enable/disable when adding or editing a Google Cloud provider configuration.

  • Open Authorization API: Added and improved warning and error responses when pushing authorization metadata.

Product Usability

  • Instead of listing all violations, the Violations panel now lists queries marked as violations. Clicking Show Events now provides options to Suppress all Violations for the selected query and suppress violations in bulk.

  • The original error message is now available when clicking the data source status on the Configuration panel or a message on the Events page.

  • When AWS accounts appear in search results, the account aliases are now shown in addition to account IDs.

  • Each result's number of destination entities is now included when exporting an assessment query.

  • The default time range on the Events panel is now one month.

  • The User Management panel now correctly paginates lists of more than 20 users.

  • Providers no longer are shown in an error state due to warnings for an unauthenticated or disabled data source.

  • The Authorization Graph filter bar now has an improved layout for better functionality.

  • Workflows: Hovering over a certification line item now shows a natural language text summary of the row details.

  • Workflows: When creating a new workflow, you can now select to preview results for either the source or destination entities.

  • Property names are now case insensitive when adding search constraints.

  • Query Builder results can now be sorted by the number of destination entities.

  • You can now select the accounts to apply highlighting when using Authorization Graph Filter by AWS account. Accounts are now identified by a tag as well as by color.

Bug Fixes

  • When using incremental updates with OAA, add_tag and delete_tag operations now correctly apply to tags on sub-resources.

  • When deleting a configured identity provider, the status now correctly updates to deleting. The Edit button is no longer available for custom apps and identity providers.

  • When the Only Saved Queries filter is enabled, adding another filter no longer resets the original selection. The Saved Queries filter state is now persistent when navigating away from the page.

  • Added retry logic and rate limits for Google Cloud extractions.

  • The complete results are now correctly included in Query Builder exports.

Previous2022.4.1NextProduct Updates

Last updated