Current Release: v7.3
New Feature Highlights
The 7.0 release includes a host of improvements to the installation and deployment of Cequence UAP that will make it easier to install the platform in a variety of deployments. The following new capabilities have been added in this release.
Support for Multiple Kubernetes Distributions
Starting with the 7.0 release, Cequence UAP is now qualified to be installed in the following Kubernetes distributions.
- Amazon EKS
- Google Anthos
- Rancher Kubernetes Engine
- Red Hat OpenShift
- Oracle Cloud Infrastructure
- Azure AKS
- IBM Cloud
New Installation Script
A new installation script has now been developed to simplify the installation experience of the product. This script walks the user through the steps required to complete the installation, such as configuring the Kubernetes distributions the cluster is being created in, subdomain and ingress creation, creation of routes, etc.
This eliminates the need for customers to maintain manual steps for installation the platform.
Instructions for this new script are available here.
Consolidated Image Locations
For customers who install UAP from their private registry, there is no longer a need to manually edit the URLs of the 3rd party components to point to the private registry instead of the public URL. Starting with the 7.0 release, this manual work has been eliminated by making Cequence the consolidated source of all images. This includes 3rd party images including services like ElasticSearch, Kafka and Keycloak, dependencies like custom operators, and tools like Prometheus, Grafana and Airflow. To install Cequence UAP, customers need to download the image from the Cequence registry, which will preserve the paths for all the 3rd party components.
Support for Restricted Kubernetes Environments
Cequence now supports deployments in restricted Kubernetes environments in which readonly access is provided to the root filesystem, as indicated with this parameter.
readOnlyRootFilesystem: true
All images have been enhanced to not require root permissions in the cluster the platform is being installed in.
No DNS Dependency for New Installations
Starting with the 7.0 release, there is no longer a need to set a DNS name for the new deployment. The image has been enhanced to no longer depend on the DNS name.
New Metrics for System Component Health
A host of new metrics have been added in all Cequence images to provide better visibility into the system's health. These metrics are documented here. Administrators are advised to follow the steps to consume these metrics and also configure alerts for the metrics that have been called out for alert use cases.
Release Highlights
New Features
CEQASP-3288 Remove DNS dependency from UAP
CEQASP-3721 Detection & Mitigation - UX Improvements
CEQASP-287 API-Sentinel: Add default component field rule to detect apikey, clientkey, secret|secretkey under OWASP-3 in the response body
CEQASP-2658 API Sentinel: Traffic analysis on newly discovered resource
CEQASP-2956 script to download from our repo and upload to the customer's repo
CEQASP-2957 Upgrade :helm chart changes
CEQASP-2970 Prerequisites and custom values for CQASP installation in Red Hat OpenShift
CEQASP-3088 Update Audit Logs page to use DataGridPremium
CEQASP-3137 Bot Analyzer metrics
CEQASP-3201 Traffic Stats
CEQASP-3226 Prerequisites and custom values for CQASP installation in Oracle OKE
CEQASP-3252 Prerequisites and custom values for CQASP installation in Azure AKS
CEQASP-3323 Add Metrics for Policy Engine
CEQASP-3436 Write a new script that installs all the components (Readme)
CEQASP-3448 Add Init containers to components to wait for es and kafka to be ready
CEQASP-3456 API Sentinel: Remove response code validation for risk contributor rules
CEQASP-3545 upgrade impact: Faster Processing of traffic in low flow environments
CEQASP-3576 Add ability to delete multiple fingerprint-labels at once
CEQASP-3611 Add on-prem uap-installer script as an artifact which will allow easier installation across multiple platforms
CEQASP-3614 Add Application Tag to mitigator records
CEQASP-3618 Upgrade ECK Operator and Strimizi Operator
CEQASP-3727 Move the logged in user icon and the help icon into the main navigation bar and collapse all the groups in the navigation bar
CEQASP-3852 Install script updates
Resolved Issues
Release 7.0
CEQASP-1420 The host value is getting rendered in second line in the mitigator criteria and hence look misaligned with rest of the fields and values in the section.
CEQASP-2291 Sentinel Body Extractions not working on endpoint with DX configured and in JSON format
CEQASP-2467 Creating fraud detection rule with ruleAction type HTTP using invalid URI is getting successful.
CEQASP-3080 Regression - Remove-Filters button missing in Detection dashboard
CEQASP-3210 Policy Engine Encounters OOM Errors from -1 TTL Policies
CEQASP-3390 Openshift environment returns a large groupID which fails policy engine pod which expects 1001
CEQASP-3557 API Sentinel: Risk Rules are not allowing injection rules to be created for Req. query, header, or body
CEQASP-3593 [Resource Discovery] Invalid authority field causing crash
CEQASP-3612 [Bot-Analyzer] Bot-analyzer hangs on startup on 6.14.0 when initializing global topic
CEQASP-3654 API Sentinel: Dashboard, Selecting all hosts is giving the wrong count
CEQASP-3680 UI - the edit button is missing on the API inventory end point
CEQASP-3698 Index not created when def config is disabled
CEQASP-3701 Integration-Executor fails to spinup when cqai is disabled
CEQASP-3705 API Sentinel: color contrast on Sensitive Data exposure NLP page can make it unreadable
CEQASP-3753 UI - inventory dashboard counts dont change on time filter
CEQASP-3760 cequence-asp pipeline also needs to run for master branch
CEQASP-3767 UI - The order of number and risk categories is not correct under API Endpoint Risk Levels
CEQASP-3780 Font size and color contrast issue observed on several pages
CEQASP-3790 Dashboard endpoints Legend is not getting cutoff
CEQASP-3869 Exception caught during Deserialization, taskId: -1_-1, topic: cq.spartan-discovered-resources, partition: 7, offset: 1
CEQASP-3874 Grafana dashboard: Policy engine dashboard is not showing any data
On-Premises Deployments
Package | Version | Location |
Helm Chart | 7.0.0 | https://cequence.gitlab.io/helm-charts/ |
Scan Results:
Attached file.