Release 2.13
November 22, 2024
What’s New?
TotalCloud 2.13.0 brings updates to the cloud inventory, Insights, onboarding and more.
Common Features
Introduced the Mandate tab for Enhanced Mandate Management and Visibility
With this release, TotalCloud offers improved visibility and management of global security mandates through a dedicated interface, simplifying compliance tracking and reporting. With this dedicated interface, you do not have to rely on QQL knowledge to find your required Mandates.
Navigate to the Policy tab to find the new Mandate tab. Here, you can view the complete list of mandates supported by the TotalCloud application.
We have also introduced new tokens to execute search queries on the Mandates by their version, industries, geography and more.
Introduced a New Streamlined User Onboarding Experience
With this release, we have simplified our onboarding experience to ensure you are ready to use the TotalCloud application with less clicks and navigations required. The TotalCloud application completely walks you through your connector creation journey. The new onboarding workflow streamlines the connector setup process for both new and returning users, reducing time-to-value and improving trial experiences.
Key Benefits of the New Onboarding Workflow
- Guided Setup: Intuitive step-by-step onboarding process.
- Simplified Home Page: Streamlined user interface focusing on essential elements.
- One-Click Configurations: Faster connector deployment process.
- Quick-Start Dashboard: Direct path to the dashboard after onboarding.
To access this new onboarding flow, simply navigate to the Home page of the TotalCloud app and click Configure Connectors.
Enhanced Tag-Based Querying Across CSPM Features
With this release, we have expanded the tag-based search query capabilities across all CSPM evaluation interfaces, providing consistent visibility and filtering options throughout the TotalCloud application.
This enhancement includes,
- Extending the tags.name QQL token support across all cloud providers.
- Tag-based tokens for all dashboard widgets.
With this enhancement, you can expect to improve your resource management and visibility with consistent tagging. This streamlined QQL Token functionality improves your tag filtering experience.
Introduced the Investigate tab for Unified Threat View
With this release, we have introduced a new tab in the TotalCloud application to provide security analysts and IT professionals with a single source of unified threat view. The Investigate tab has findings from Cloud Detection and Response displayed with summary cards and data list columns. You can use newly introduced QQL tokens to filter the security findings as per your organizational needs.
Google Cloud Platform
Extended Cloud Detection and Response Support to GCP Resources
With this releases, we have extended the support of TotalCloud's CDR to GCP resources. Now, CDR can detect malware, ransomware, crypto-miner, and malicious network activity in your GCP environment using traffic mirroring.
To create a GCP CDR Deployment,
- Navigate to the Threat Scanners tab in the TotalCloud application.
- Select GCP from the available cloud provider tabs.
- Download the the customizable Terraform scripts and click Create Deployments.
For more information on deploying CDR for GCP, you can refer to the Cloud Detection and Response documentation.
New Tokens
Amazon Web Services Tokens
Tokens introduces as part of the new AWS resources in TotalCloud.
AWS ECS (Elastic Container Service)
| Name | Description | Example | ||||
|---|---|---|---|---|---|---|
| ecs.cluster.arn | Find ECS clusters with the specified ARN | `ecs.cluster.arn: arn:aws:ecs:us-west-2:123456789012:cluster/my-cluster` | ||||
| ecs.cluster.name | Find ECS clusters with the specified name | `ecs.cluster.name: my-cluster` | ||||
| ecs.cluster.status | Find ECS clusters with the specified status | `ecs.cluster.status: ACTIVE` | ||||
| ecs.cluster.namespace | Find ECS clusters with matching namespace (partial search) | `ecs.cluster.namespace: prod` | ||||
AWS ECS (Elastic Container Service)
| Name | Description | Example | ||||
|---|---|---|---|---|---|---|
| ecs.cluster.arn | Find ECS clusters with the specified ARN | `ecs.cluster.arn: arn:aws:ecs:us-west-2:123456789012:cluster/my-cluster` | ||||
| ecs.cluster.name | Find ECS clusters with the specified name | `ecs.cluster.name: my-cluster` | ||||
| ecs.cluster.status | Find ECS clusters with the specified status | `ecs.cluster.status: ACTIVE` | ||||
| ecs.cluster.namespace | Find ECS clusters with matching namespace (partial search) | `ecs.cluster.namespace: prod` | ||||
AWS ENI (Elastic Network Interface)
| Name | Description | Example |
|---|---|---|
| id | Find ENIs with the specified ID | `id: eni-1234567890abcdef0` |
| name | Find ENIs with matching names (partial search) | `name: web` |
| networkinterfaces.status | Find ENIs with the specified status | `networkinterfaces. status: in-use` |
| networkinterfaces .interfaceType |
Find ENIs of the specified type | `networkinterfaces. interfaceType: interface` |
| networkinterfaces .availabilityZone |
Find ENIs in matching availability zones (partial search) | `networkinterfaces. availabilityZone: us-west` |
| networkinterfaces .sourceDestCheck |
Find ENIs based on their source/destination check setting | `networkinterfaces. sourceDestCheck: true` |
| networkinterfaces .requesterManaged |
Find ENIs based on whether they are requester-managed | `networkinterfaces. requesterManaged: true` |
| networkinterfaces .operator.managed |
Find ENIs based on whether they are operator-managed | `networkinterfaces. operator.managed: true` |
| networkinterfaces. attachment. networkCardIndex |
Find ENIs with the specified network card index | `networkinterfaces .attachment .networkCardIndex: 0` |
| networkinterfaces. attachment. deleteOnTermination |
Find ENIs based on their delete on termination setting | `networkinterfaces .attachment .deleteOnTermination: true` |
| networkinterfaces .attachment.deviceIndex |
Find ENIs with the specified device index | `networkinterfaces .attachment.deviceIndex: 1` |
| networkinterfaces .attachment.status |
Find ENIs with the specified attachment status | `networkinterfaces. attachment.status: attached` |
| networkinterfaces .association.natEnabled |
Find ENIs based on whether NAT is enabled | `networkinterfaces. association.natEnabled: true` |
AWS EFS (Elastic File System)
| Name | Description | Example |
|---|---|---|
| aws.efs.name | Find EFS file systems with the specified name | `aws.efs.name: my-efs` |
| aws.efs.arn | Find EFS file systems with the specified ARN | `aws.efs.arn: arn:aws:elasticfilesystem: us-west-2:123456789012: file-system/fs-12345678` |
| aws.efs.state | Find EFS file systems in the specified state | `aws.efs.state: available` |
| aws.efs.region | Find EFS file systems in the specified AWS region | `aws.efs.region: us-west-2` |
Custom Domain Names
| Name | Description | Example |
|---|---|---|
| name | Find custom domain names with the specified name | `name: api.example.com` |
| customdomainnames. domainNameStatus |
Find custom domain names with the specified status | `customdomainnames. domainNameStatus: AVAILABLE` |
| customdomainnames. securityPolicy |
Find custom domain names with the specified security policy | `customdomainnames. securityPolicy: TLS_1_2` |
| customdomainnames. endpointType |
Find custom domain names with the specified endpoint type | `customdomainnames. endpointType: REGIONAL` |
AWS Step Function (State Machine)
| Name | Description | Example |
|---|---|---|
| statemachine.name | Find state machines with the specified name | `statemachine.name: my-workflow` |
| statemachine .statemachinearn |
Find state machines with the specified ARN | `statemachine.statemachinearn: arn:aws:states:us-west-2:123456789012:stateMachine:my-workflow` |
| statemachine.type | Find state machines of the specified type | `statemachine.type: STANDARD` |
| statemachine.status | Find state machines with the specified status | `statemachine.status: ACTIVE` |
| statemachine .tracingEnabled |
Find state machines based on whether tracing is enabled | `statemachine.tracingEnabled: true` |
| statemachine .loggingLevel |
Find state machines with the specified logging level | `statemachine.loggingLevel: ALL` |
AWS SNS (Simple Notification Service)
| Name | Description | Example |
|---|---|---|
| aws.sns.topic.name | Find SNS topics with the specified name | `aws.sns.topic.name: my-notifications` |
| aws.sns.topic.arn | Find SNS topics with the specified ARN | `aws.sns.topic.arn: arn:aws:sns:us-west-2:123456789012:my-notifications` |
| aws.sns.topic.region | Find SNS topics in the specified AWS region | `aws.sns.topic.region: us-west-2` |
| aws.sns.topic.isFifo | Find SNS topics based on whether they are FIFO topics | `aws.sns.topic.isFifo: true` |
AWS SQS (Simple Queue Service)
| Name | Description | Example |
|---|---|---|
| name | Find SQS queues with the specified name | `name: my-queue` |
| region | Find SQS queues in the specified AWS region | `region: us-west-2` |
| aws.sqs.queue.arn | Find SQS queues with the specified ARN | `aws.sqs.queue.arn: arn:aws:sqs:us-west-2:123456789012:my-queue` |
| aws.sqs.queue.isFifo | Find SQS queues based on whether they are FIFO queues | `aws.sqs.queue.isFifo: true` |
API Gateway
| Name | Description | Example |
|---|---|---|
| id | Find API Gateway resources with the specified ID | `id: abc123def` |
| name | Find API Gateway resources with the specified name | `name: my-api` |
| apigateway.deploymentId | Find API Gateway resources with the specified deployment ID | `apigateway.deploymentId: a1b2c3d4e5` |
| apigateway.ipv6 | Find API Gateway resources based on whether IPv6 is enabled | `apigateway.ipv6: true` |
Mandate
| Name | Description | Example |
|---|---|---|
| mandate.name | Find mandates with the specified name | `mandate.name: GDPR` |
| mandate.version | Find mandates with the specified version | `mandate.version: 1.0` |
| mandate.publisher | Find mandates from the specified publisher | `mandate.publisher: ISO` |
| geography | Find mandates applicable to the specified geography | `geography: European Union` |
| industry | Find mandates applicable to the specified industry | `industry: Healthcare` |
OCI Kubernetes Clusters
| Name | Description | Example |
|---|---|---|
| compartmentid | Find resources within the specified compartment ID | `compartmentid: ocid1. compartment.oc1..aaaaaaaax3oie` |
| kubernetesclusters .lifecycleState |
Find Kubernetes clusters in the specified lifecycle state | `kubernetesclusters. lifecycleState: ACTIVE` |
| kubernetesclusters.type | Find Kubernetes clusters of the specified type | `kubernetesclusters. type: ENHANCED` |
| kubernetesclusters .isPublicIpEnabled |
Find clusters based on public IP address enablement | `kubernetesclusters. isPublicIpEnabled: true` |
| kubernetesclusters .freeformTags |
Find clusters with specific freeform tags | `kubernetesclusters. freeformTags: environment:production` |
| kubernetesclusters .definedTags |
Find clusters with specific defined tags | `kubernetesclusters. definedTags: operations.cost-center:42` |
| kubernetesclusters .kubernetesVersion |
Find clusters with the specified Kubernetes version | `kubernetesclusters. kubernetesVersion: 1.21.5` |
| kubernetesclusters .imagePolicyConfig .isPolicyEnabled |
Find clusters based on image verification policy status | `kubernetesclusters. imagePolicyConfig. isPolicyEnabled: true` |
| kubernetesclusters .addOns. isKubernetes DashboardEnabled |
Find clusters based on Kubernetes Dashboard enablement | `kubernetesclusters.addOns. isKubernetesDashboardEnabled: true` |
| kubernetesclusters. addOns .isTillerEnabled |
Find clusters based on Tiller enablement | `kubernetesclusters.addOns .isTillerEnabled: true` |
|
kubernetesclusters. .isPodSecurityPolicyEnabled |
Find clusters based on Pod Security Policy enablement | `kubernetesclusters. admissionControllerOptions. isPodSecurityPolicyEnabled: true` |
Common Tokens
Investigate Tab Tokens
Tokens introduced as part of the new Investigate tab. Use these tokens to view specific threats and their details.
| Name | Description | Example |
|---|---|---|
| tc.findings. cloudAccount |
Find findings associated with the specified cloud account ID or name | `tc.findings.cloudAccount: 123456789012` |
| tc.findings. affectedResource |
Find findings related to the specified affected resource | `tc.findings.affectedResource: i-0abc123def456789` |
| tc.findings .remoteResource |
Find findings involving the specified remote resource | `tc.findings.remoteResource: 10.0.0.1` |
| tc.findings .alertClass |
Select from available options (API Activity, Detection Activity, Network Activity) to find findings of the specified alert class | `tc.findings.alertClass: Network Activity` |
| tc.findings .category |
Find findings belonging to the specified threat category | `tc.findings.category: Malware` |
| tc.findings .severity |
Select from available options (2, 3, 4, 5) to find findings with the specified severity level | `tc.findings.severity: 4` |
| tc.findings. cloudProvider |
Select from available options (AWS, AZURE, GCP) to find findings from the specified cloud provider | `tc.findings.cloudProvider: AWS` |
| tc.findings.region | Find findings from the specified cloud region | `tc.findings.region: us-east-1` |
| tc.findings .resourceType |
Find findings related to the specified resource type | `tc.findings.resourceType: EC2` |
| tc.findings.hash | Find findings with the specified hash value | `tc.findings.hash: a1b2c3d4e5f6g7h8i9j0` |
| tc.findings .remote.city |
Find findings with activity from the specified city | `tc.findings.remote.city: Moscow` |
| tc.findings .remote.country |
Find findings with activity from the specified country | `tc.findings.remote.country: Russia` |