TotalCloud Release 2.19

October 15, 2025

TotalCloud 2.19 brings updates to supported integrations, insights, inventory, dashboard, and controls.

TotalCloud Dashboard: New and Enhanced Connector Widgets

Applicable for: 

With this release, we are introducing a new Dashboard template, new Widget templates and enhancements to provide deeper visibility and actionable insights into your connector ecosystem. You can either choose the new dashboard template with all the new widgets included, or manually configure the existing and new widgets as per your requirements.

In addition to the original nine default widget templates, the TotalCloud Dashboard now includes seven newly added widget templates, bringing the total to 16. The New Connector widgets templates and enhancements are:

• Remaining CSPM Connectors (New Template created )
  This widget allows you to track your remaining CSPM connectors and stay informed about license utilization to avoid coverage gaps.
  Supported data representation format: Stacked bar Chart
  
  
• Connector Count: Critical Misconfiguration (New Template created )
  This Connector widget allows you to track your accounts with critical misconfiguration.
  Supported data representation format: Tabular
  
  
• Connector with Critical Vulnerabilities 
  Applicable for: 
  This Connector widget enhancement lets you track accounts with critical vulnerabilities. To enable this feature, you can edit an existing widget or create a new one, using the query "vulnerability.severity in (4,5)."
  Supported data representation format: All formats 
  
  
• Connectors with Attack Path enabled resources
  Applicable for: 
  This Connector widget enhancement lets you track your connectors with attack path-enabled resources. To enable this feature, you can edit an existing widget or create a new one, using the query "isAttackPathEnabled:true."
  Supported data representation format: All formats
  
  
• Connectors with Assets (Created → Terminated)
  This widget enhancement lets you track instances/VMs that were created and subsequently terminated within the last 24 hours, giving you real-time visibility into short-lived assets. To enable this feature, you can edit an existing widget or create a new one using the following query:
  • AWS: instance.state:terminated and Created:[now-24h..now-1s]
  • Azure: virtualmachine.status:Deleted and Created:[now-24h..now-1s]
  • GCP: instance.status : TERMINATED and Created:[now-24h..now-1s]
  • OCI: instance.lifecycleState in (Terminated,TERMINATED) and Created:[now-24h..now-1s]
  Supported data representation format: All formats
  
  
• Connectors with Public Assets (scanned/unscanned by Cloud Perimeter Scan)
  Applicable for: 
  This widget enhancement allows you to view connectors with public assets scanned via Cloud Perimeter Scan. To enable this feature, you can edit an existing widget or create a new one, using the following query:
  • AWS: not instance.networkInterface.publicIp is null and instance.scanType:Cloud Perimeter Scan and instance.lastScanDate:[now-24h..now-1s]
  • Azure: not virtualmachine.networkInterface.publicIp is null and virtualmachine.scanType:Cloud Perimeter Scan and virtualmachine.lastScanDate:[now-24h..now-1s]
  Supported data representation format: All formats
  
  
• Total Connectors
  This enhancement includes two new connector widget templates:
  1. Connectors with/without Organization Connector: This widget provides visibility into organizational linkage for each connector.
     Supported data representation format: All formats
     
     
  2. Total Connectors in ERROR / SUCCESS (New Template created): This widget enhancement allows you to quickly assess the operational status of all your connectors, whether they are successful, in error, or in progress state.
     Supported data representation format: Stacked Bar Chart
     
     
• Connectors with Capability Stats (New Template created ) 
  Applicable for: 
  This widget enhancement allows you to get the number of connectors with scan types (CSPM, API-Based Scanning, Snapshot-Based Scanning, Cloud Perimeter Scanning) enabled/disabled for each cloud provider.
   
  Supported Scan Types:

  • AWS: API Based Scan, Cloud Agent Scan, Cloud Perimeter Scan, Snapshot Based Scan, VM Scan, and Other Scan
  • Azure: Cloud Agent Scan, Cloud Perimeter Scan, Snapshot Based Scan, VM Scan, and Other Scan.
  • GCP: Cloud Agent Scan, Cloud Perimeter Scan, and Other Scan
  
  Supported data representation format: Tabular

  Scan Type Disabled

  

  Scan Type Enabled

  
• Merge/Unmerge Connector Widget (New Template created)
  Applicable for: 
  This widget lets you see the count of connectors that are merged versus unmerged with any organization connector.
  Supported data representation format: Tabular
  
  
• Connectors with Scan Types (New Template created)
  Applicable for: 
  This widget enhancement enables you to view the number of connectors that have assets scanned using any scan method, including CSPM, API-Based Scanning, Snapshot-Based Scanning, or Cloud Perimeter Scanning. To enable this feature, you can edit an existing widget or create a new one, using the following query, followed by any supported scan Type:
  • AWS: instance.scanType: {Scan Type}
  • Azure: virtualmachine.scanType: {Scan Type}
  • GCP: instance.scanType: {Scan Type}
  Supported data representation format: All formats
  
  

Snapshot-Based Scans Logs

Applicable for:   

With this release, TotalCloud introduces Snapshot-Based Scan Logs, providing full visibility into the history and details of snapshot-based scans. You can now access a centralized log view that tracks all assets scanned using snapshot-based methods.

Scan Types Supported:

• OS Scan
• SwCA (Software Composition Analysis)
• Secret Scan

Prerequisite: CloudFormation Service Template (CFT-S) version 10 or above

To view this feature, navigate to Configure > Snapshot Scan Logs.

To support this feature, we have introduced new search tokens to help you filter the logs.

Enhanced Cloud Posture: QFlow UDC Evaluation Visibility

Applicable for:   

With this enhancement, you can now build and evaluate resources at the account level using user-defined controls (UDCs), providing a centralized and streamlined overview of evaluation results, and making it easier to access and interpret QFlow-based UDC assessments across your cloud accounts.

This feature applies only to selected QFlow user-defined controls. To enable it in TotalCloud, select the checkbox (shown below) under Advanced Options in the TotalCloud node of QFlow.

Enhancements include:

• Account-Level Evaluation Results: Evaluation results are now displayed at the account level, replacing the previous resource-level view. This provides a broader perspective on posture status across your environment. 
  
  
• Region-Wise Resource Evaluation in Evidence Menu: The Evidence menu for each account now presents region-wise evaluation results for all associated resources, enabling easier navigation and analysis.  
  
• Improved Visibility of Failed Resources: A dedicated Code Block tab in the Evidence window now lists all failed resources, organized by region, to help quickly identify non-compliant assets.
  

Benefits:

• Aggregated posture data at the account level offers a more cohesive and efficient evaluation experience.
• Allows you to assess posture across all regions from a single interface, eliminating the need to inspect individual resources.
• Regional grouping of failed resources helps pinpoint issues quickly and take corrective action with greater speed and accuracy.

Enhanced Connector Configuration in User Onboarding 

Applicable for:   

In our commitment to continuous improvement, this release enhances the onboarding experience by refining the connector setup process, enabling more flexible configurations within the TotalCloud application.

Previously, onboarding only allowed configuration of member connectors. With this release, you can now also configure organization/Tenant connectors as part of the onboarding process, delivering a more complete experience from the beginning.

Key Benefits of the New Onboarding Workflow

• Organization/Tenant Connector Support: Configure both organization/tenant and member connectors during onboarding.
• Simplified Setup Flow: Simplified user interface for setting up all connector types in one walk through.
• Less post-setup adjustments: Completely sets up your TotalCloud environment during the onboarding process, minimizing the necessity for modifications after the setup is completed.

To access this new onboarding flow, go to the TotalCloud's Home page and click Configure More Connectors > Choose your Cloud Provider > Select the needed connector type (Account/Organization) from the new configuration screen.

For more detailed onboarding steps, check out the onboarding sections for your cloud provider in our TotalCloud online help: AWS | Azure | GCP.

New configuration screen for AWS.

New configuration screen for Azure.

New configuration screen for GCP.

Enhanced Evidence Details for Control Evaluation

Applicable for: 

With this release, we have enhanced the evidence details screen to provide more insight into the control evaluation reporting for each resource.

The following are the new enhancements for each detail section:

• Evaluation Summary: New fields added to show the previous and current state of evaluation.
  
  

  If no previous state data is found, then "Nothing Found" information will be shown. Previous state data gets updated on the next connector run or state change.

• Actual Results: This section presents the evaluation results of the resource in accordance with the defined control rules. The information displayed varies based on the specific evaluation criteria applied to the resource.
  
• Code Block Tab: The Code Block tab shows the results of the evaluation in a json structure.
  
• Remediation Activity: This displays the remediation details for the resource if remediation action was selected.
  
  Select Remediate Now
  
  
  Click on Remediation Activity tab to view the remediation details
  
• View in AWS Console: This shows the option to view the resource in the AWS console.
  Applicable for:   
  
• Exception details: This section provides exception details for a resource, such as the status, start date, and end date of the exception.
  

New search tokens are also introduced to support this feature. Read about the new tokens here.

Enhanced CSV Reports: New Column for Resources deleted from Cloud

Applicable for:   

To improve visibility into real-time changes in your cloud environment, a new "Deleted from Cloud" column has been added to CSV reports generated via both the UI and API. This column reflects whether a resource has been deleted from the cloud provider. If a resource is no longer present in the cloud environment, the column will display "True", helping you track asset lifecycle changes more effectively.

This enhancement builds on real-time inventory metadata updates captured through cloud events, offering better context for asset status.

Extended Inventory Support to AWS AI Services

Applicable for: 

TotalCloud is now adding a new resource to its AWS inventory base. The AWS AI Services provide a detailed view of the AI services running in your AWS environment. 

The inventory can identify and report the following kind of AWS AI Services:

• Bedrock Foundation Model
• Bedrock Custom Model
• Bedrock Knowledge Bases
• Sagemaker Models

We have introduced a new API parameter and a new token to help with accessibility of these resource findings.

Read about the token here.

Read about the API parameter here.

Enhanced Google Cloud Run Services Inventory Support

Applicable for:   

As part of Google Cloud's transition of Cloud Functions to Cloud Run functions, we have updated our platform to align with this change and improve the accuracy of our cloud resource inventory.

What's New:

• Enhanced Cloud Run Services Inventory
  
  We have enhanced the Cloud Run Services inventory type by offering more detailed resource-level insights and better tracking features.
• Updated Control - CID: 52186
  
  The control "Ensure No Cloud Run Service is Publicly Accessible" has been updated to support and evaluate Cloud Run Services in accordance with the new inventory structure.

In the future release, the existing Cloud Functions inventory type will be deprecated. All related resources will be migrated to the Cloud Run Services inventory to ensure simplified inventory management and governance.

Cloud Detection and Response (CDR)

The following sections describe the enhancements made to the CDR environment in the upcoming CDR release. 

These CDR enhancements will be available by the end of October.

Integrated Container Security Runtime IP Reputation Events

Applicable for:   

With this release, we have integrated the Container Runtime Security (CRS) IP reputation events with the CDR Investigate menu. This feature allows the creation of CDR threat alerts based on CRS Network Events received from the CRS sensor when suspicious communications are detected between a container and a malicious IP address.

The service determines the reputation of the public IP using threat intelligence verdicts. Based on the verdict:

• If the public IP is identified as malicious, a corresponding alert is generated in CDR, which includes the complete raw data of the event when selected.
• If the public IP is deemed non-malicious, the event is recorded and ignored.

Benefits

• Enhances threat detection by identifying connections to malicious public IPs and ensuring that critical event data is both alerted on and securely stored, improving visibility and response efficiency.
• Allows for continuous monitoring, detection, and response to threats in real-time, assisting in prioritizing high-risk containers and reducing attack surfaces in dynamic cloud-native environments.

New TruRisk™ Score for CDR Findings

Applicable for:   

This release, we are introducing a TruRisk™ Score column to the Detections page under the Investigate tab. The TruRisk™ score provides deeper insight into the risk level of each finding, which enables quick assessment of the real-world risk associated with each vulnerability.

Benefits

• Helps focus on the most exploitable and impactful vulnerabilities.
• Helps understand risk in business terms to enable smarter, faster decision-making.

Enhanced Filter Option for Dashboard Widgets

Applicable for:   

With this release, we have added three new search query options under the "Group By" filter to dashboard widgets for CDR findings to dashboard widgets for CDR findings:

• tc.findings.remote.ipAddress
• tc.findings.remote.country
• tc.findings.category

You can now group and filter findings by IP address, country, and category, making it easier to perform targeted analysis and gain better visibility into remote connections.

Added Support for Azure VNet Flow Logs

Applicable for:   

This release, we have added support for Azure VNET Flow Logs in CDR Investigate, alongside the existing NSG Flow Logs. This update ensures continued visibility as Azure NSG Flow Logs are being retired. With VNET Flow Logs, you gain deeper insights into network activity, improved detection of vulnerabilities, and more comprehensive threat analysis across your Azure environment.

For more details, see.

• Azure NSG Flow Logs Retirement
• Azure VNET Flow Logs Overview

Enhanced Findings View in CDR Investigate

Applicable for:   

In this release, we have enhanced the Findings view in Cloud Detection and Response (CDR) to make it easier and faster to investigate grouped findings.

Earlier, when using the “Group By” option in the Investigate tab, you could only see the count of findings per resource. To view detailed information, such as detection time, severity, and account number, QQL queries had to be manually constructed for each resource.

With this release, you can now click directly on the findings count in the grouped view to instantly access detailed findings for that specific resource without manually constructing any QQL queries. This enhancement streamlines your investigation workflow, reduces manual effort, and helps you quickly assess and respond to critical findings across your cloud environment.

Group by View with enriched findings Count

When selected, the enriched findings count shows the details for the selected resource with the QQL query constructed.

Enhancement: IPv6 Address Redirect Support in Investigate Tab

Applicable for:   

In Release 2.17, we introduced support for IPv6 addresses for AWS and Azure. This release builds on that enhancement by adding the ability to redirect IPv6 addresses in the Investigate tab findings to their respective resource details pages. You can now seamlessly navigate to detailed views of AWS and Azure resources using IPv6 addresses, improving traceability and investigation workflows.

Enriched Resource Raw Data in CDR Investigate

Applicable for:   

With this release, we have enriched the resource data in the CDR Investigate to provide deeper insights and improve investigation efficiency. With this update, you can now:

• View TrueRisk™ scores for both IPv4 and IPv6 host addresses.
• Access detailed container and host port mapping information.
• Get node-level information to understand the infrastructure context.

These enhancements offer a more comprehensive view of each resource, helping you make faster, more informed decisions during investigations.

New Buildtime and Runtime Controls

New buildtime and runtime controls introduced to the cloud posture analysis.

New Controls in Amazon Web Services 

New Controls for AWS IAC policy.

New Controls for AWS Best Practice policy.

New Controls in Microsoft Azure

New Controls for CIS Microsoft Azure Compute Benchmark Policy

New Controls for CIS Azure Foundation Benchmark Policy

New Controls for Azure Without Policy Attachment

Control Migration

Azure Controls Policy-To-Policy Migration

Existing Azure Controls Added to CIS Microsoft Azure Compute Services Benchmark Policy

Existing Azure Controls Removed from CIS Microsoft Azure Foundations Benchmark Policy

Control Title Changes

Control Title Changes for Azure

Controls Deprecated

New Tokens

The following section describes the new tokens introduced as part of TotalCloud 2.19.0

TotalCloud Posture tokens

TotalCloud Configure tokens

AWS AI Services Tokens

These new tokens are introduced as part AWS AI service resources with TotalCloud 2.19.0.

CDR Investigate Tokens

Issues Addressed

The following issues reported by customers, as well as other notable problems, have been resolved in this release.