Previous Release Notes For 2024

These prior release notes describe the new features, enhancements, resolved limitations, and known limitations for CloudSecure in previous 2024 releases.

Illumio CloudSecure is an agentless SaaS solution that provides visibility into your AWS and Azure network flows to define Zero Trust Segmentation policies in the public cloud, with the following features:

Multi-cloud coverage
Fast breach containment
Ease of use
Low total cost of ownership

For questions, please reach out to cloudsecureproduct@illumio.com.

What's New in This Release - April 11th, 2024

The following new features are available in the April 11th, 2024 release:

No.	Feature Category	Feature List
1.	Visualization	The Audit Events page shows you a running list of different events in your environment such as onboarding, policy, labeling and user actions. See Audit Events for information. The Inventory page is no longer limited in the number of resources it can display. See Inventory for information.
2.	Applications	You can now bulk-delete applications that were created using Application Discovery Rules. See Define an Application for information.
3.	Labels	The Tag to Label Mapping page now shows both the Illumio label type and the labels to which you have mapped your CSP cloud tag keys. See Cloud Tag to Label Mapping for information.

Resolved Limitations in CloudSecure

Map is empty when no regions returned in top down view (C-2982)

When users filtered the Cloud Map in a way that excluded regions, it would appear empty. This limitation is resolved.

Known Limitations in CloudSecure

AWS PaaS resources may not have ENI (C-3265)

CloudSecure uses DNS lookup on the fully qualified domain name to get the elastic network interface relationships, which is not guaranteed to get a match. The potentially affected AWS resources are RDS DBInstances, RDS DBClusters, ElasticLoadBalancingV2 load balancers, MemoryDB clusters, ElastiCache for Redis clusters, and Redshift clusters.
Error shown when users attempt to add an existing user to their account (C-3083)

When a user tries to add existing users to their existing CloudSecure account, CloudSecure correctly prevents the action, but does not issue an error message. For example, if a customer has one live CloudSecure account and also one trial account, trying to add an existing trial user to the live account will silently fail.

Application sometimes gets mapped to the wrong deployment's env label (C-1257)

The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.
Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - April 4th, 2024

The following new features are available in the April 4th, 2024 release:

No.	Feature Category	Feature List
1.	Visualization	These resources are now visible on the Cloud Map page: AWS: VPC Endpoints Azure: Private Endpoints You can now see colored traffic lines on the Cloud Map page indicating allowed (green), denied (red), and mixed (orange) See the Cloud Map documentation on the portal. The Inventory Details page now shows inbound and outbound rules for AWS Network ACLs The resources documentation now contains a Category column. See the Inventory, Cloud Map, and Traffic documentation on the portal. You can now see the IP addresses of certain types of resources in the Inventory Details page and the Map page Details pane. Such resources include Redshift Clusters and Load Balancers. See the Inventory and Cloud Map documentation on the portal. You can now filter your Traffic page searches with labels. See the Traffic documentation on the portal.

No.

Feature Category

Feature List

Visualization

These resources are now visible on the Cloud Map page:
- AWS:
  - VPC Endpoints
- Azure:
  - Private Endpoints

You can now see colored traffic lines on the Cloud Map page indicating allowed (green), denied (red), and mixed (orange)

Cloud Map

The Inventory Details page now shows inbound and outbound rules for AWS Network ACLs
The resources documentation now contains a Category column. See the Inventory, Cloud Map, and Traffic documentation on the portal.

You can now see the IP addresses of certain types of resources in the Inventory Details page and the Map page Details pane. Such resources include Redshift Clusters and Load Balancers. See the Inventory and Cloud Map documentation on the portal.
You can now filter your Traffic page searches with labels. See the Traffic documentation on the portal.

Resolved Limitations in CloudSecure

Cloud Map is only showing some VNET peering links (C-3428)

Sometimes the Inventory page showed additional peers that did not show up on the Map page. This limitation is resolved.
Security group names not showing up in console (C-1875)

Discovered EC-2 instances did not show security group names. This limitation is resolved.
AWS Security Group Rules not rendered on UI (C-3346)

The Inventory detail page displayed security group details, but the rules were missing. This limitation is resolved.

Known Limitations in CloudSecure

AWS PaaS resources may not have ENI (C-3265)

CloudSecure uses DNS lookup on the fully qualified domain name to get the elastic network interface relationships, which is not guaranteed to get a match. The potentially affected AWS resources are RDS DBInstances, RDS DBClusters, ElasticLoadBalancingV2 load balancers, MemoryDB clusters, ElastiCache for Redis clusters, and Redshift clusters.
Error shown when users attempt to add an existing user to their account (C-3083)

When a user tries to add existing users to their existing CloudSecure account, CloudSecure correctly prevents the action, but does not issue an error message. For example, if a customer has one live CloudSecure account and also one trial account, trying to add an existing trial user to the live account will silently fail.

Application sometimes gets mapped to the wrong deployment's env label (C-1257)

The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
Competing application definition (multiple app-def using same tags) (C-1095)

CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - March 28th, 2024

The following new features are available in the March 28th, 2024 release:

1.	Visualization	The Inventory page Resource Graph tab now lets you view a graphical representation of resource that you select. The graph contains the following: Your selected resource An inner ring around your selected resource, depicting each of its attached resources An outer ring, depicting the individual instances of the attached resources shown in the inner ring A series of incoming flow lines from the left, depicting sources for which your selected resource is the destination A series of outgoing flow lines to the right, depicting destinations for which your selected resource is the source See the Inventory documentation on the portal.
2.	Applications	CloudSecure now lets you bulk delete application definitions. See the Define an Application documentation on the portal.

Resolved Limitations in CloudSecure

Azure NAT Gateway not showing up in Cloud Map (C-3427)
Azure NAT gateways appeared on the Inventory page but did not show up on the Cloud Map page. This limitation is resolved.
Allow multiple rules with empty prefix (C-3339)

There was previously a constraint enforced where two rules could not have the same prefix, even if the prefix were left blank. This limitation is resolved.

Known Limitations in CloudSecure

AWS PaaS resources may not have ENI (C-3265)

CloudSecure uses DNS lookup on the fully qualified domain name to get the elastic network interface relationships, which is not guaranteed to get a match. The potentially affected AWS resources are RDS DBInstances, RDS DBClusters, ElasticLoadBalancingV2 load balancers, MemoryDB clusters, ElastiCache for Redis clusters, and Redshift clusters.
Error shown when users attempt to add an existing user to their account (C-3083)

When a user tries to add existing users to their existing CloudSecure account, CloudSecure correctly prevents the action, but does not issue an error message. For example, if a customer has one live CloudSecure account and also one trial account, trying to add an existing trial user to the live account will silently fail.

Application sometimes gets mapped to the wrong deployment's env label (C-1257)

The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - March 21st, 2024

The following new features are available in the March 21st, 2024 release:

No.	Feature Category	Feature List
1.	Visualization	The Usage page now lets you choose the graph style and includes the following additional workload hour categories: Container Hosts Serverless Containers Serverless Functions See the Product Usage documentation on the portal. You can now filter your searches with operators (AND, OR, =, !=, etc.) See the CloudSecure Search documentation on the portal. These resources are now visible on the Inventory page: Azure: Azure NAT Gateway Azure publicIPAddress Network Security Groups Default Security Rule For a full list of all supported resources visible on the Inventory page, see the Inventory documentation on the portal. These resources are now visible on the Cloud Map page: Azure: Azure NAT Gateway (Azure public IP prefixes will appear on the Details panel) For a full list of all supported resources visible on the Cloud Map page, and the VPC/VNet peering described below, see the Cloud Map documentation on the portal You can now view VPC/VNet peering in detail on the Cloud Map page.
2.	Flows	The Risk Report feature on the Traffic page now lets you toggle which details you wish to include. See the Traffic documentation on the portal.
3.	Traffic	The filter now lets you use the Beta Advanced Filter mode, which lets you use joiners and operators while searching for sources, destinations, categories, etc. See the Traffic documentation on the portal.
4.	Onboarding	The AWS onboarding process now lets you download a text file containing the permissions indicated by the read/write toggle The AWS account onboarding process now lets you see the CloudSecure ID you will need if you share CloudFormation stacks. See the Onboard an AWS Cloud Account documentation on the portal. The Azure onboarding process is now more streamlined, so that you no longer need to manually enter client IDs and secrets For Azure, CloudSecure can read now flow logs from several NSGs going to the same storage account. See the Onboard an Azure Cloud Tenant and Onboard an Azure Cloud Subscription documentation on the portal.
5.	Applications	CloudSecure now lets you automatically approve application definitions in two places. The Application Definition page lets you toggle whether you want CloudSecure to automatically approve all discovered applicable deployments and resources. Similarly, the Application Discovery Rule page lets you toggle whether you want CloudSecure to automatically approve all discovered application definitions, as well as any updates made to their deployments and resources. See the Define an Application documentation on the portal. Either of these methods will skip the manual approval process for those applications.

Resolved Limitations in CloudSecure

Editing discovery rules inserts extra dash (-) automatically (C-3337)

When modifying discovery rules, an extra dash was added automatically to the prefix. This limitation is resolved.
Deleting T2L mapping does not delete label dimension (C-2646)

When users deleted a tag to label mapping, any labels that were assigned to resources using that mapping were not removed. Deleting the mapping kept those mapped labels on the resources, resulting in the label never being deleted. This limitation is resolved.

Known Limitations in CloudSecure

AWS PaaS resources may not have ENI (C-3265)

CloudSecure uses DNS lookup on the fully qualified domain name to get the elastic network interface relationships, which is not guaranteed to get a match. The potentially affected AWS resources are RDS DBInstances, RDS DBClusters, ElasticLoadBalancingV2 load balancers, MemoryDB clusters, ElastiCache for Redis clusters, and Redshift clusters.
Error shown when users attempt to add an existing user to their account (C-3083)

When a user tries to add existing users to their existing CloudSecure account, CloudSecure correctly prevents the action, but does not issue an error message. For example, if a customer has one live CloudSecure account and also one trial account, trying to add an existing trial user to the live account will silently fail.

Application sometimes gets mapped to the wrong deployment's env label (C-1257)

The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - March 11th, 2024

The following new features are available in the March 11th, 2024 release:

No.	Feature Category	Feature List
1.	Onboarding	You can now onboard Azure tenants in addition to individual subscriptions as before. See the Onboard an Azure Cloud Tenant documentation on the portal.
2.	Visualization	These resources are now visible on the Inventory page: AWS: VPC Azure: VNet For a full list of all supported resources visible on the Inventory page, see the Inventory documentation on the portal.
3.	Policy	You can now preview a policy's impact before provisioning it This resource is now available for policy enforcement: AWS RDS DB clusters See the Writing Application Policy documentation on the portal.
4.	Applications	You can now approve application deployments and resources in bulk on the application definition page. See the View and Approve documentation on the portal.

Resolved Limitations in CloudSecure

Slice bug on Flow Log Access page (C-3080)
A conditional check was missing for sliced items. Therefore, users might have gotten a blank screen. This limitation is resolved.
406 errors should be displayed when deleting tag to label mappings (C-3217)
When users deleted a tag to label mapping, any errors returned by the delete response were not shown in the UI. This limitation is resolved.
Application has 0 resources, but the map is rendering resources (C-3041)
When users selected an application on the Cloud Map, the map would sometimes indicate resources despite there not being any. This limitation is resolved.
Go button does not refresh data unless filters change (C-2296)
When users executed a query on the Traffic, Inventory, or Cloud Map pages, the Go button did not re-run the same query on fresh data. To re-run the same query, users had to change the filter and change it back again before re-running the query. This limitation is resolved.
Avoid label create/delete race conditions (C-2957)
When users deleted and re-created an application or deployment in quick succession, CloudSecure sometimes deleted the label that was re-used by the re-created app/deployment. Users ended up with an application or deployment linked to a deleted label. This limitation is resolved.
Events in CloudSecure UI should show the latest events at the top (C-2946)
The Events page would show the oldest events at the top rather than at the bottom. This limitation is resolved.
Editing Azure subscription integrations showed child account list (C-2920)
When users edited their Azure subscriptions, the user's child accounts were mistakenly listed. This limitation is resolved.

Known Limitations in CloudSecure

Error shown when users attempt to add an existing user to their account (C-3083)
When a user tries to add existing users to their existing CloudSecure account, CloudSecure correctly prevents the action, but does not issue an error message. For example, if a customer has one live CloudSecure account and also one trial account, trying to add an existing trial user to the live account will silently fail.
Application sometimes gets mapped to the wrong deployment's env label (C-1257)
The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.
Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - February 29th, 2024

The following new features are available in the February 29th, 2024 release:

No.	Feature Category	Feature List
1.	Visualization	The new Usage feature displays workload hours and flow log storage usage. These resources are now visible on the Cloud Map page: AWS: DynamoDB tables Lambda For a full list of all supported resources visible on the Cloud Map page, see the Cloud Map documentation on the Illumio documentation portal. This resource is now visible on the Inventory page: AWS: Lambda For a full list of all supported resources visible on the Inventory page, see the Inventory documentation on the Illumio documentation portal.

No.

Feature Category

Feature List

Visualization

The new Usage feature displays workload hours and flow log storage usage.

These resources are now visible on the Cloud Map page:
- AWS:
  - DynamoDB tables
  - Lambda

Cloud Map

This resource is now visible on the Inventory page:
- AWS:
- Lambda

Inventory

Resolved Limitations in CloudSecure

App approval status filters do not show correct results (C-2945)
The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.

Known Limitations in CloudSecure

Application sometimes gets mapped to the wrong deployment's env label (C-1257)
The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.

Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - February 22nd, 2024

The following new features are available in the February 22nd, 2024 release:

No.	Feature Category	Feature List
1.	Application Definition	Application Discovery Rules now allow full editing.
2.	Policy	Allow rules are now available for organization policies.
3.	Visualization	The new Usage feature displays workload hours and flow log storage usage. These types of resources are now visible on the Cloud Map page: AWS: Redshift clusters Azure: Microsoft.Web/sites Microsoft.Web/sites/functions For a full list of all supported resources visible on the Cloud Map page, see the Cloud Map documentation on the Illumio documentation portal. These types of resources are now visible on the Inventory page: AWS: Redshift clusters DynamoDB tables Azure Microsoft.Web/sites Microsoft.Web/sites/functions For a full list of all supported resources visible on the Inventory page, see the Inventory documentation on the Illumio documentation portal.

No.

Feature Category

Feature List

Application Definition

Application Discovery Rules now allow full editing.

Policy

Allow rules are now available for organization policies.

Visualization

The new Usage feature displays workload hours and flow log storage usage.

These types of resources are now visible on the Cloud Map page:
- AWS:
  - Redshift clusters
- Azure:
  - Microsoft.Web/sites
  - Microsoft.Web/sites/functions

Cloud Map

These types of resources are now visible on the Inventory page:
- AWS:
  - Redshift clusters
  - DynamoDB tables
- Azure
  - Microsoft.Web/sites
  - Microsoft.Web/sites/functions

Inventory

Resolved Limitations in CloudSecure

Tag to label mapping must be defined before an app is defined (C-2997)
User did not have the ability to write policies on labels created using tag to label mapping if those labels were not associated with any application. This limitation is resolved.
Editing proxy username is not supported (E-113332)
CloudSecure did not support updating the username. Due to this limitation, name editing was disabled in existing tenants and all the new users added to existing tenants. The edit user function in the User detail page and the My Profile page were disabled. For new tenants and users in new tenants, editing the user is now supported. This limitation is resolved.
Traffic doesn't show labeled workloads (C-2559)
When users went to the Traffic tab, flows sometimes erroneously lacked labels. When users searched for labeled traffic flows, sometimes no results were returned. This limitation is resolved.

Known Limitations in CloudSecure

Application sometimes gets mapped to the wrong deployment's env label (C-1257)
The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.

Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - February 15th, 2024

The following new features are available in the February 15th, 2024 release:

No.	Feature Category	Feature List
1.	Visualization	Public IPs are supported for Azure VM flows but not policies.

Resolved Limitations in CloudSecure

The username is incorrectly displayed on the main page and within the user grid (C-2897)
User's names displayed incorrectly after being added. This limitation is resolved.
Resources not shown for pending approval apps (C-2887)
When creating applications either individually or using a discovery rule, resources were not visible on the Application Definition page resources link while the applications were pending. This limitation is resolved.
UI must validate application deployment inputs (C-2797)
Users were allowed to add deployment types without any values. If a user did not enter any values, a UI page crash occurred and/or the backend rejected the request. The UI now disables the Add button when no values are selected. This limitation is resolved.
Tried to onboard an AWS account previously onboarded and offboarded, getting errors in cloudformation template creation (C-2715)
Offboarding AWS accounts did not completely remove the stack. Workaround: Follow the Remove the Integration instructions on the Illumio documentation portal.

Known Limitations in CloudSecure

Application sometimes gets mapped to the wrong deployment's env label (C-1257)

The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.

Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - February 8th, 2024

The following new features are available in the February 8th, 2024 release:

No.	Feature Category	Feature List
1.	Visualization	These types of resources are now visible on the Cloud Map page: AWS: S3 bucket VPC endpoints in will appear in the Detail panel, but multiple VPC endpoints for a single S3 bucket are not supported ElasticLoadBalancingV2 Load balancer Azure: Azure spot VMs VM scale sets Storage account private endpoints will appear in the Detail panel as attachments Azure postgreSQL Microsoft.DBforPostgreSQL/serverGroupsv2 Microsoft.DBforPostgreSQL/flexibleServers (databases will appear in the Detail panel as attachments) Microsoft.DBforPostgreSQL/servers (databases will appear in the Detail panel as attachments) Microsoft.DocumentDB/cassandraClusters Microsoft.DocumentDB/mongoClusters (databases will appear in the Detail panel as Azure SQL servers attachments) For a full list of all supported resources visible on the Cloud Map page, see the Cloud Map documentation on the Illumio documentation portal. These types of resources are now visible on the Inventory page: Azure Microsoft.DBforPostgreSQL/flexibleServers/databases Microsoft.DBforPostgreSQL/servers/databases For a full list of all supported resources visible on the Inventory page, see the Inventory documentation on the Illumio documentation portal. In the Inventory page you will see two additional tabs: Inbound Rules and Outbound Rules. These tabs appear in your AWS Security Groups' and Azure Network Security Group's Detail panels as attachments.
2.	Onboarding	You can now onboard AWS organizations in addition to individual accounts as before.
3.	Applications	Although CloudSecure has always allowed you to define applications individually, you can now automatically create multiple applications by defining an Application Discovery Rule. This feature runs in the background, so the rule you create will automatically define applications when new resources are added that meet the rule parameters. You can also now use accounts, in addition to cloud tags or virtual networks and subnets, to define your applications.

No.

Feature Category

Feature List

Visualization

These types of resources are now visible on the Cloud Map page:
- AWS:
  - S3 bucket VPC endpoints in will appear in the Detail panel, but multiple VPC endpoints for a single S3 bucket are not supported
  - ElasticLoadBalancingV2 Load balancer
- Azure:
  - Azure spot VMs
  - VM scale sets
  - Storage account private endpoints will appear in the Detail panel as attachments
  - Azure postgreSQL
    - Microsoft.DBforPostgreSQL/serverGroupsv2
    - Microsoft.DBforPostgreSQL/flexibleServers (databases will appear in the Detail panel as attachments)
    - Microsoft.DBforPostgreSQL/servers (databases will appear in the Detail panel as attachments)
  - Microsoft.DocumentDB/cassandraClusters
  - Microsoft.DocumentDB/mongoClusters
  - (databases will appear in the Detail panel as Azure SQL servers attachments)

Cloud Map

These types of resources are now visible on the Inventory page:
- Azure
  - Microsoft.DBforPostgreSQL/flexibleServers/databases
  - Microsoft.DBforPostgreSQL/servers/databases

Inventory

In the Inventory page you will see two additional tabs: Inbound Rules and Outbound Rules. These tabs appear in your AWS Security Groups' and Azure Network Security Group's Detail panels as attachments.

Onboarding

You can now onboard AWS organizations in addition to individual accounts as before.

Applications

Although CloudSecure has always allowed you to define applications individually, you can now automatically create multiple applications by defining an Application Discovery Rule. This feature runs in the background, so the rule you create will automatically define applications when new resources are added that meet the rule parameters.

You can also now use accounts, in addition to cloud tags or virtual networks and subnets, to define your applications.

Resolved Limitations in CloudSecure

NSG attached to subnet is not included in vm->nsg relationship (C-2594)
CloudSecure was programming only network security groups associated with a NIC. This limitation is resolved. Now CloudSecure will program both network security groups associated with a subnet and those associated with a NIC.
Label search within an application shows resources that do not belong to the application (C-2568)
A label search within an application showed all resources instead of showing the resources for only the selected application. This limitation is resolved.
Dashboard Traffic Summary tile forgets user's previous filter selection (C-2387)
When users filtered by a specific CSP and a specific timeframe, and went away from the Dashboard page, the Traffic Summary tile would reset to the 24-hour default, with all CSPs selected. This limitation is resolved.

Known Limitations in CloudSecure

Application sometimes gets mapped to the wrong deployment's env label (C-1257)

The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.

Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.

What's New in This Release - February 1st, 2024

The following new features are available in the February 1st, 2024 release:

No.	Feature Category	Feature List
1.	Visualization	These types of resources are now visible on the Cloud Map and Inventory pages: AWS: RDS DB clusters RDS DB instances EC2 VPCs, subnets, NAT gateways, Internet gateways, spot fleet requests and spot instance requests ECS clusters ECS container instances Glacier vaults ElastiCache clusters MemoryDB clusters Azure: Virtual networks and their subnets Storage accounts Application gateways Load balancers Azure firewalls Virtual network gateways VPN gateways NAT gateways DocumentDB database accounts Additional types of resources are visible on the Traffic page: AWS ENIs Azure Network interfaces
2.	Flows	The Risk Report feature on the Traffic page lets you generate a PDF report summarizing the following at the account/subscription level: Total count of ransomware-susceptible traffic flows Total count of resources in your cloud environment affected by such flows
3.	Onboarding	When onboarding CSP accounts or subscriptions, you can now select read-only access.

No.

Feature Category

Feature List

Visualization

These types of resources are now visible on the Cloud Map and Inventory pages:
- AWS:
  - RDS DB clusters
  - RDS DB instances
  - EC2 VPCs, subnets, NAT gateways, Internet gateways, spot fleet requests and spot instance requests
  - ECS clusters
  - ECS container instances
  - Glacier vaults
  - ElastiCache clusters
  - MemoryDB clusters
- Azure:
  - Virtual networks and their subnets
  - Storage accounts
  - Application gateways
  - Load balancers
  - Azure firewalls
  - Virtual network gateways
  - VPN gateways
  - NAT gateways
  - DocumentDB database accounts

Additional types of resources are visible on the Traffic page:
- AWS
  - ENIs
- Azure
  - Network interfaces

Flows

The Risk Report feature on the Traffic page lets you generate a PDF report summarizing the following at the account/subscription level:

Total count of ransomware-susceptible traffic flows
Total count of resources in your cloud environment affected by such flows

Onboarding

When onboarding CSP accounts or subscriptions, you can now select read-only access.

Known Limitations in CloudSecure

Application sometimes gets mapped to the wrong deployment's env label (C-1257)

The resources have multiple cloud tags, the tag in the application definition label doesn't align with the one used in the environment label.

Competing application definition (multiple app-def using same tags) (C-1095)
CloudSecure allows users to create multiple application definition with the same rules, i.e., same set of tags can be shared for two applications.