Cloud Privilege Broker 21.3 Release Notes

December 2, 2021

Key Features:

  • Dashboard: The dashboard consists of the following grids:
    • Risk Assessment Score: A score between 0 and 100 that represents risk for all cloud connectors.
    • Risk Over Time (Weekly) : A historical view into risk over the last 7 weeks for all cloud connectors.
    • Top 10 Recommendation: The top 10 recommendations for all cloud connectors.
    • Cloud Connector Health: The current health (Active, Failed, or Inactive) for all cloud connectors.
    • High Privilege Summary: A summary of high-risk users, groups, roles, and service accounts for all cloud connectors.
    • Principals Discovered: The total number users, groups, roles, and service accounts discovered for all cloud connectors.
    • Completed Recommendations (This Week): A summary of completed and remaining recommendations for the current week for all cloud connectors.
    • Create Cloud Connector: A shortcut to add a new cloud connector to your Cloud Privilege Broker instance.
    • View All Recommendations: A shortcut to view all open and completed recommendations for all cloud connectors. Recommendations can be filtered by Cloud Service, Principal Name, Principal Type, Risk Level, Recommendation, Cloud Connector Name, and Ignored Status.
  • Cloud Connector: Enables Cloud Privilege Broker to connect your AWS accounts and Azure subscriptions to begin discovering users, groups, roles, and service accounts and entitlement usage.
  • Classification: Discovered users, groups, roles, and service accounts are classified as low, medium, or high risk, based upon their granted entitlements.
  • Recommendations: Actionable methods are provided to help reduce risk exposure.
  • Remediation: Based upon entitlements granted and entitlements used, custom polices are provided to reduce risk exposure and help enforce least privilege.
  • User Audits: Logs activities performed by the Cloud Privilege Broker admin.
  • SAML Support: Enables integration with a SAML identity provider for multi-factor authentication.
  • Cloud Privilege Broker supports two-factor authentication options using a time-based one-time password (TOTP), which integrates with two-factor authentication apps.

Known Issues:

  • Updated names of Azure Group and ServicePrincipal are not being reflected after discovery.
  • When running the Azure onboarding script in your Azure console, you might see a warning that this application is using Azure AD Graph API. Workaround: none. Cloud Privilege Broker will address this in a future release.
  • Unable to create Azure connector due to connector duplication.
  • The Risk Over Time chart does not display a risk score data point for a week without scans.
  • When Recommendations or Cloud Connector create panels are open, you can inadvertently close them by clicking outside of the panel. Workaround: Avoid clicking outside the panel until you have finished interacting with it.
  • Recommendations Details is missing a vertical scroll bar. Workaround: change the browser zoom to a lower number to access the content below the long connector name.
  • Completed Recommendations risk level filter contains Unspecified. Workaround: none; this is expected behaviour. Prior to calculating a risk level, the risk level is unspecified and may appear in the UI.