Current release: v8.0.6

Release Highlights

This release delivers critical improvements to IP aggregation capabilities, comprehensive user interface fixes, and enhanced filtering and sorting functionality across the platform.

Core platform enhancements

• IP Aggregation Improvements: Implemented flag-based IP aggregation for Pivot API calls, enhancing data processing efficiency.
• Browser Pivot Support: Added new aggregation logic specifically designed for Browser Pivot functionality.

User interface fixes & improvements

• Filter Panel Stability: Fixed critical issue where deleting the first filter in a list caused unexpected behavior.
• Policy Criteria Robustness: Resolved white screen crashes when entering commas in Client IP fields.
• Pivot Details Redesign: Completely reworked the Pivot Details page for better user experience.

Enhanced sorting & filtering

• Mitigation Page Sorting: Fixed sorting functionality to properly display ascending/descending order.
• Consistent Transaction Filters: Standardized transaction filter behavior across all application pages.
• Improved Filter Visibility: Enhanced "Hide unselected" functionality in transaction filters.

Threat classification & UI polish

• Threat Classification Display: Fixed positioning of "Unclassified/None" threat classifications in pivot views.
• Policy Criteria UI: Resolved button overlap issues when adding multiple IP addresses or fingerprints.
• Visual Consistency: Various UI alignment and display improvements.

Release 8.0.3 highlights

WAAP Integration: SaaS customers can now use our AWS partnership for Web Application and API Protection, combining AWS Shield (DDoS) with AWS WAF. The WAF detects threats and injects headers for Cequence Defenders mitigation, with direct rule management and policy control.

API Security Improvements: API Risk Posture page now features actionable issue tracking. Validate issues with evidence, assign statuses, create ServiceNow tickets automatically, and handle bulk updates with bidirectional sync.

API Flowgraph: View internal API traffic flows from API Definitions or Events menu. Filter by components and access detailed client/server data, transaction counts, and pod information.

Enhanced Performance & Bot Management: Platform now supports 50MB API specifications. Redesigned Threat Protection UI includes 20+ threat categories. New TEBA automatically detects bots targeting data fields and discovers expensive fraud use cases.

Machine Learning: Enhanced ML analyzes suspicious activity patterns and auto-creates suggested rules for real-time attack prevention with human-in-the-loop recommendations.

Platform Updates: Complete UI/UX redesign organizes features under "Discover," "Posture Management," and "Threat Protection." Added universal search, light/dark mode, enhanced traffic source visibility, and new integrations for Google Big Query, Azure Blob Storage, Splunk, Elasticsearch, and Kafka.

Deprecations: Workato Notification Workflow deprecated in version 8.0. HTTP Traffic Filters will be deprecated for newer Defender versions.

Release 8.0.2 highlights

Performance Improvements

• Enhanced Policy Engine Performance: Improved concurrent mitigator data fetch performance. The Policy Engine now implements intelligent caching for mitigator data downloads. When multiple defenders request large datasets simultaneously, the system caches the data for a short duration and serves concurrent requests from cache, significantly reducing memory and CPU spikes during peak usage periods.
• Optimized Transaction Processing Pipeline: Streamlined processing for Allow/Deny transactions. Transactions matching IP Allow/Deny lists and Fingerprint Allow/Deny lists now bypass the aggregator stream entirely. This optimization eliminates unnecessary processing overhead, reduces memory usage in state stores, and frees up compute resources by avoiding redundant aggregation and joining operations for transactions that don't require them.

User Experience Enhancements

• Expanded Transactions Page Capabilities: Enhanced transaction visibility and control - The Transactions page now includes Referer and User-Agent columns directly in the main table view, with filtering capabilities for User-Agent data. Additionally, users can now sort transactions by HTTP Method and Response Code, providing more flexibility for analyzing traffic patterns and identifying specific transaction types.
• Improved Dashboard Accuracy: Corrected Executive Dashboard metrics - The Executive Dashboard now displays accurate "request volume processed" values with improved terminology, ensuring stakeholders have reliable visibility into system performance metrics.

Bug Fixes and Stability Improvements

Visual and Interface Fixes

• Graph rendering improvements: Charts now display correctly regardless of which data points are selected, ensuring consistent visualization of metrics
• Progressive loading enhancement: The Detection page bottom right pane now loads content progressively as intended
• Pivot details functionality: Resolved issue where pivot detail calls weren't triggered properly when pivot keys were changed

Data Processing and Reporting Fixes

• Policy reporting accuracy: Corrected hardcoded and incorrectly calculated policy reporting actions
• Traffic statistics reliability: Resolved traffic stats loading issues in environments with high endpoint cardinality in threat classification
• Baselining query enhancements: Improved query performance and accuracy in the CQ Prime Threat Detection system

Upgrade-affecting issues

Several issues fixed in this release require attention during or prior to upgrading from an earlier release of the Cequence UAP platform.

• CEQASP-8798: As a result of the fix for this issue, the Cequence UAP platform will lose historical statistics for your installed Defender instances. The list of Defender instances in the System Components page appears empty after upgrading, then repopulates as the installed Defender instances sync with your Cequence UAP platform instance.
• CEQASP-8721: Requires attention at deployment time. The Elasticsearch query timeout for the UI and traffic metrics has changed from 60 seconds to 5 minutes. During deployment, change the UI ingress timeout value to 5 minutes to match.
• CEQASP-7768: The Leaked User ID data set type has been removed. After upgrading to the 8.0 release, all existing data sets of this type will be deleted.

• CEQASP-7623: Requires attention at deployment time. By default, the Cequence UAP platform uses internal service communications to exchange information between keycloak and the following services.

  • BFF
  • API Edge
  • Distribution Service
  • keycloak-init

  These communications require valid values for the following variables.

  • authentication.endpoint.namespace: The name of the namespace where Keycloak is installed (default: cequence)
  • authentication.endpoint.service: The name of the service for Keycloak (default: keycloak)

  Alternately, to fall back to the pre-8.0 behavior, set the following value to false.

  • authentication.endpoint.internal (Default: true)

Resolved issues

Release 8.0.6

CEQASP-10265 - No longer imports or exports the Custom Metrics index.

Release 8.0.5

CEQASP-10260 - Detection screen filtering by clientIP, host, fingerprint, and country now return usable results.

CEQASP-10211 - Resource Discovery no longer throws ConcurrentModificationException when processing discovery streams.

CEQASP-10034 - Policy names now appear in filter dropdowns on the Transactions → Mitigation screen.

CEQASP-9832 - Mitigation page sorting now displays results in descending order by count instead of ascending order.

CEQASP-9826 - Detection and mitigation pages now load correctly on fresh installs.

CEQASP-9798 - Sensitive data detection include and exclude fields now accept camelCase and uppercase characters through the UI.

CEQASP-9776 - Mitigation dashboard list view no longer displays a blank screen when viewing events.

CEQASP-9768 - Filtering on ISP, Organization, and Country fields in Threat Protection → Detection now returns accurate results.

CEQASP-9629 - Component configuration service initialization time has improved to prevent restart failures in high-latency environments.

CEQASP-9606 - Baselining model payload structure now correctly formats the keysToExtract field as a JSON array.

CEQASP-9552 - Traffic filtering now matches consistently for API endpoints with and without trailing slashes.

CEQASP-9502 - Policy dropdown now appears in mitigation page filters.

CEQASP-9487 - Transactions table now supports horizontal scrolling when table columns exceed viewport width.

CEQASP-9304 - Traffic Source column now appears in the show/hide columns list on the Transactions → Detection table.

CEQASP-8915 - Traffic metrics queries on polygraph indices now succeed without shard failures.

CEQASP-7100 - RedEye login rule no longer triggers during evening business hours at legitimate US traffic sources.

Release 8.0.4

CEQASP-9524: The Show Usernames popup now correctly displays the Number of IPs field.

CEQASP-9309: Query results for Pivots API with Browser pivot now return accurate data.

CEQASP-9517: The filter panel no longer exhibits unexpected behavior when users delete the first filter in the list.

CEQASP-9530: Entering commas in the Client IP field within policy criteria no longer causes a white screen error.

CEQASP-9240: The Mitigation page now correctly sorts in ascending and descending order.

CEQASP-9493: Transaction filters now function consistently across all application pages.

CEQASP-9477: The Cancel button no longer overlaps the Add button when users add multiple IP addresses or fingerprints in policy criteria.

CEQASP-9197: The "Hide unselected" option in transaction filters now functions correctly.

Release 8.0.3

CEQASP-8833: The Sensitive Data Expressions page does not have a heading in the user interface.

CEQASP-8944: The Defender should poll Policy Engine even when the mitigation data cache is empty, and a timestamp should be added to avoid repeated polling.

CEQASP-9014: The Component-Config needs to refactor pivot disabling code to unblock changes to Pivots and Rules.

CEQASP-9050: New AI Agent Rules are not triggering after the 8.0.1 upgrade.

CEQASP-9106: In UAP 8x, when creating an App Tag, the Host must have a "." character.

CEQASP-9151: The user interface needs to drop null values from request body to the /apisec/api/component-configuration/api/ml-models/inference endpoint.

CEQASP-9153: When an issue is created, the issue status is immediately updated to "resolved" from "Open" by the system.

CEQASP-9157: In the Detection Dashboard, selecting all pivots after deselecting will give an error.

CEQASP-9202: There are duplicate User Agent entries in the Detection Filter.

CEQASP-9317: The Stop inference and Status inference API calls for ML models do not handle empty strings for modelId and modelRunId.

CEQASP-9359: Traffic Sources are missing when Double Aggregation is enabled.

CEQASP-9376: The Host is missing from Pivot Details URI.

CEQASP-9387: The Monaco package is loading dependencies from CDN instead of local sources.

CEQASP-9451: Instantiation failed while performing an import operation.

CEQASP-7842: The Distribution Service needs improvement for boot-up and concurrent mitigator data fetch performance.

CEQASP-9007: The Transactions page needs various improvements.

CEQASP-9195: In the Detection dashboard, the URI needs to be the raw URI and not the parameterized URI.

CEQASP-9259: An API needs to be added for mitigator to fetch the datasets.

CEQASP-9263: New mitigator datasets need to be supported via distribution service.

CEQASP-9285: Indices need to be added in Import/Export configurations.

CEQASP-9348: A flag should be added to enable/disable caching support in Policy Engine.

CEQASP-9382: Client login event audit logging should be disabled for successful logins.

Release 8.0.2

CEQASP-8730 Transaction from Allow/Deny IP/Fingerprint should not be passed to aggregator stream and subsequent joining

CEQASP-9007 Transactions page improvements

CEQASP-8809 8.0.1 - /pivot-details call not triggered by change to selected pivot keys

CEQASP-8439 Policy Engine - Improve concurrent mitigator data fetch performance

CEQASP-9028 Make Exec Dashboard 'request volume processed' use the correct value and change wording.

CEQASP-7394 UI: The graph should draw correctly even if largest value is not selected

CEQASP-8822 Transactions page bugfixes

CEQASP-8758 Detection page bottom right pane does not load progressively

CEQASP-9029 Reporting action for policy is hardcoded/incorrectly calculated

CEQASP-9020 Traffic stats not displaying due to high cardinality of endpoints in threat classification

Release 8.0.1

CEQASP-8404: Update UI for lower resolution screens (Min 1366 x 768)

CEQASP-8593: Detection Dashboard | Actions -> 'Allow ISP', 'Allow Organization' | Accepting duplicate values

CEQASP-8930 UI: Risk Details: pagination next not working, sort and search

CEQASP-8431 Threat Protection Rules: Custom Rules : Save Button should remain disabled when user clicks on "Change rule state" without selecting any rule.

CEQASP-8592 UI: Detection Dashboard | Actions -> 'Allow IPs' | Generic error message thrown while adding duplicate entries

CEQASP-8930 UI: Risk Details: pagination next not working, sort and search

Release 8.0

CEQASP-8848: Update busybox to 1.36.1

CEQASP-8753: Additional Metrics for Integration Executor

CEQASP-8728: Data Export: Remove SSL,SASL_PLAINTEXT and SASL_SSL from Security Protocol from kafka

CEQASP-8721: Make the timeout values to 5 min by default for UI/TrafficMetrics and Ingress

CEQASP-8659: [Helm Chart] Remove static passwords from helm chart

CEQASP-8629: Multi-UAP connectivity does not work with Oauth.

CEQASP-8625: Traffic Sources Schema Changes

CEQASP-8604: Remove Notifications/Workato UI from UAP

CEQASP-8574: Risk Posture: Refresh button not refreshing with correct time stamp

CEQASP-8558: Move Flowgraph to Discovery in 8.0 UI

CEQASP-8463: Dynamic UI for ML Models page

CEQASP-8460: Release Changes: Remove Sensor Bridge tagging for cequence-asp helm chart

CEQASP-8459: Reorganized Secondary Left Nav for Discovery in UAP GUI

CEQASP-8435: bubble up opentelemetry-collector.imagePullSecrets in UAP values

CEQASP-8414: Remove Exact Match for discovery parameterization

CEQASP-8387: Baselining summary UI modification

CEQASP-8383: Handle Empty Threat Classification in Pivots Call in Detection Dashboard in UI

CEQASP-8355: Add Automation coverage for Ticketing Connectors page

CEQASP-8322: Upgrade impact: Change resource-metrics ES index refresh interval defaults to 30 seconds and expose via helm

CEQASP-8320: Change all System Rules to ship out-of-the-box with Experimental = FALSE

CEQASP-8318: Verify all the pages in light mode

CEQASP-8305: Policy Engine vulnerability fixes

CEQASP-8272: Fix Spartan vulnerabilities for 8.0

CEQASP-8270: Fix Sentinel vulnerabilities for 8.0

CEQASP-8260: Add UI automation coverage for all Ticketing flows

CEQASP-8255: Add data size to send to UI for evidence

CEQASP-8254: Add Contributor Values for Access Control Data on Traffic Analyzer

CEQASP-8238: Attach Evidence to tickets created

CEQASP-8236: View Transactions: I lose context on which row I had selected, when I switch back from details pane to the main table

CEQASP-8235: Increase default column width of the date/time on the transactions page

CEQASP-8234: Column width changes lost on re-render of transactions table

CEQASP-8218: Expose session timeout values from the realm and ui client from UAP UI

CEQASP-8217: Allow customers to add their own tags when creating service requests or incidents in ServiceNow

CEQASP-8216: Add ticket type of "Service Request" when creating tickets in ServiceNow

CEQASP-8212: Move threat classification to after rules processing and make it confidence based for detection only and always tag mitigated

CEQASP-8199: Update 3 expiring Download URLs and increase frequency of checking for downloads

CEQASP-8194: Discovery Pattern: leverage centralized parameterization, via the data plane: Sentinel Only Flow

CEQASP-8178: Add Threat Classification to Data Export Bot Detection events

CEQASP-8144: Long-term retention of issues and issue evidence

CEQASP-8091: Allow TTP to be set from the Expert Rules APIs

CEQASP-8068: Update helm chart version on master to 8.0-master

CEQASP-8066: Upgrade the @cequence/ui package for Spyder to 5.0.3

CEQASP-8049: Enable Light Mode in UAP

CEQASP-8034: Update Issues widget to only track *actionable* issues

CEQASP-8029: Add user info to Issue status history

CEQASP-8026: rules-bundle-6.0

CEQASP-8011: Add Traffic Source as a Filter on the Detection page

CEQASP-8010: Allow user to view cards with Mitigation Count = 0 (unmitigated ones)

CEQASP-7993: Provide configurable limits for ObjectMapper and yaml Parser size limits

CEQASP-7953: Bring back the Manage Applications page for Defender Configuration

CEQASP-7952: Add Support for Out of the box Connectors

CEQASP-7937: update policy CRUD API to honor the policy classification set for system defined policies

CEQASP-7936: Add UI support for inactive sources

CEQASP-7888: Rename items on the User Management: Roles page

CEQASP-7887: Display UAP version number in a better place than System Components

CEQASP-7886: Purge Stale sources from traffic sources Index

CEQASP-7881: Ticketing Integrations page (for ServiceNow)

CEQASP-7880: UX Refresh: Updated Threat Classification tile on Exec Dashboard

CEQASP-7874: Add Policy Modified Date to the Mitigation Dashboard

CEQASP-7872: Automate all flows until evidence

CEQASP-7846: Inventory: API Endpoints Table Level Filters: Sensitive Data

CEQASP-7843: Detection and Mitigation Threat Classification changes

CEQASP-7827: Inventory: API Endpoints Table Level Filters: Risk levels, Score

CEQASP-7825: Inventory: API Endpoints Table Level Filters: first activity, last activity, created on

CEQASP-7809: Ad-hoc testing

CEQASP-7801: Modify the Pivots API to account for threat classification for Mitigation Page

CEQASP-7800: Modify the Pivots API (get_pivot_details) to account for threat classification

CEQASP-7768: Doc Impact : Remove Leaked User Id from the list of options in the UI as the functionality is not supported

CEQASP-7757: Mouse click on a card on the Detection /Mitigation page should select that card.

CEQASP-7752: Move /auth-config and /cluster-config BFF endpoints behind auth

CEQASP-7751: Change TEBA rules to show up as System Rules, not Custom Rules

CEQASP-7749: UI changes on System Rules page to show Ruleset hierarchy

CEQASP-7743: Nomenclature changes of existing System Rules

CEQASP-7717: Add Support for Traffic sources

CEQASP-7708: Left-hand nav collapsed view

CEQASP-7688: Inventory: API Endpoints Table Level Filters: API Definitions, capture source and change status

CEQASP-7683: Inventory: API Endpoints Top Level Filters

CEQASP-7677: API Inventory: Page Level Verification

CEQASP-7664: Runtime Dashboard: API Hosts: Page click through verification

CEQASP-7663: Runtime Dashboard: API Endpoints Scope: Page click through verification

CEQASP-7662: Runtime Dashboard: API Endpoints by Authentication Types: Page click through verification

CEQASP-7661: Runtime Dashboard: API Endpoints with Sensitive Data: Page click through verification

CEQASP-7660: Runtime Dashboard: API Endpoint Risk Levels: Page click through verification

CEQASP-7655: Runtime Dashboard: Endpoint Count Panel: Page click through verification

/CEQASP-7631: Runtime Dashboard: Page Level Verification

CEQASP-7623: Change default deployment to ensure that internal UAP communication does not need to go via ingress

CEQASP-7574: Add Contributor Values data for all Risk Contributors

CEQASP-7573: Add Repo Level Test for Traffic Analyzer

CEQASP-7571: Add Risk Evidence Topic and Sink it into ES

CEQASP-7567: Improve caching behavior of XML parsing when used in DX scripts

CEQASP-7566: Implement caching of JSON parsing when used in DX scripts

CEQASP-7560: Keycloak: Update Access Token Lifespan from 5 min to 25 min

CEQASP-7534: Modify the Pivots API to account for threat classification as a Pivot Type

CEQASP-7533: Add Threat Classification support for Detection Stream

CEQASP-7527: Open API Edge for public access

CEQASP-7519: Update Empty States For New Theme

CEQASP-7473: Authentication credentials

CEQASP-7471: Create ServiceNow connectors

CEQASP-7470: Check incident status

CEQASP-7469: Show ServiceNow Incident statuses in UAP

CEQASP-7405: Issue status sticky filters

CEQASP-7403: Issue status history

CEQASP-7402: Automatic issue resolution

CEQASP-7401: Changing issue status

CEQASP-7398: Setting issue status, with visibility in issues page

CEQASP-7397: Issue Status values: default

CEQASP-7280: Card view in the bottom left of the Mitigation page

CEQASP-7878: Seamlessly work with Transactions, Data Export, Audit Logs

CEQASP-7773: New WAF Policies

CEQASP-7769: New WAF Rules in Automation Indicators

CEQASP-7926: Show WAF status and allow WAF toggling (policy state)

CEQASP-7225: Evidence Tab: Highlight Issue Triggers

CEQASP-7223: UI changes to the bottom right of the Mitigation page

CEQASP-7222: Tickets Widget

CEQASP-7221: Labels Widget

CEQASP-7220: Issue Status Widget

CEQASP-7219: Issue Summary Tab

CEQASP-7218: Evidence Tab: Display Evidence

CEQASP-7217: Tabbed layout

CEQASP-7216: Issue Page Title + Breadcrumbs

CEQASP-7214: New column for number of issues in risks table

CEQASP-7213: Move API Hosts filter down from top of the page to the top of the table (with other sticky filters)

CEQASP-7212: Issues Widget

CEQASP-7183: Baselining model configuration from the UI

CEQASP-7157: Title/Breadcrumbs for Issue Details

CEQASP-7156: Tabs/Tiles for different statuses

CEQASP-7155: Sticky Filters for Risk Details Page

CEQASP-7153: Endpoints table for Issue Details page

CEQASP-7142: Document UI display/font/system requirements

CEQASP-7125: Implement Search function to search for specific pages in the left-hand menu

CEQASP-7064: Support Audit logs for success and failed client logins

CEQASP-7063: Support traffic source as a filter on Inventory Page

CEQASP-7062: Support Traffic source as a Pivot in Detection Dashboard

CEQASP-7055: changes from demo feedback

CEQASP-6939: Ability to query top N and cardinality of threat classifications for a given set of pivot keys

CEQASP-6937: Add mitigation count as a sorting field in Pivots query

CEQASP-6873: Add mechanism to delete incorrect nodes

CEQASP-6860: add onboarding experience for flow graph page

ization of tooltip component in the UI

CEQASP-6651: Display error message to user when too many transactions are attempted to be loaded

CEQASP-6650: UI changes to the bottom right of the Detection page

CEQASP-6649: Card view in the bottom left of the Detection page

CEQASP-6648: Faster rendering of the top-level micro chart

CEQASP-6553: On Mitigation page, add transaction counts to each policy listed on the right-hand pane

CEQASP-6522: UX for new loader

CEQASP-6521: Visual cleanup of user login screen

CEQASP-6520: Visual cleanup of error messages

CEQASP-6436: Visual Cleanup for Stepper based Popups

CEQASP-6373: Visual design changes of the main chart in the Detection page

CEQASP-6372: Left-hand nav menu regrouping

CEQASP-6371: Pop-up modal structure standardization

CEQASP-6369: Visual theme cleanup of Spyder's summary dashboard

CEQASP-6368: Visual theme cleanup of top-level exec summary dashboard

CEQASP-6351: Add ability to link from an api-definition in Inventory to the Flow Graph page

CEQASP-6330: Expose and authenticate traffic to flow-graph-collector

CEQASP-6327: Create API to return flow graph data

CEQASP-6326: New Flow Graph page

CEQASP-6324: Fine-grain configuration for processor(s)

CEQASP-6323: Add datastore and configure exporter in collector to send there

CEQASP-6322: Add otel-collector

CEQASP-6304: Risk Categories: Sensitive Data only visible for Response body

CEQASP-6301: Investigation: Traffic Metrics Query Performance: Charts and counters Query

CEQASP-6299: TrafficMetrics: Performance Pivots Details Query

CEQASP-6166: expose creation of offline_access capable clients in UAP

CEQASP-6140: BotAnalyzer Performance: Improve evaluation logic of App Tags in Bot Analyzer

CEQASP-5757: Implement MMDB database local cache

Upgrade considerations

The material in this section addresses several different upgrade scenarios.

Component updates

This table lists the necessary updates you must perform before upgrading your Cequence UAP platform instance to the 8.0 release.

Keycloak Update

When you update the Cequence UAP platform to release 7.7.2 and later, make the following changes in the keycloak/values.yaml file.

keycloakTheme:
  image:
    tag: 8.0.0

Compatibility Matrix

The Cequence UAP platform release 8.0 requires the following minimum versions of other Cequence components.

On-Premises Deployments