Current release: v8.0.1
Release Highlights
WAAP Integration: SaaS customers can now use our AWS partnership for Web Application and API Protection, combining AWS Shield (DDoS) with AWS WAF. The WAF detects threats and injects headers for Cequence Defenders mitigation, with direct rule management and policy control.
API Security Improvements: API Risk Posture page now features actionable issue tracking. Validate issues with evidence, assign statuses, create ServiceNow tickets automatically, and handle bulk updates with bidirectional sync.
API Flowgraph: View internal API traffic flows from API Definitions or Events menu. Filter by components and access detailed client/server data, transaction counts, and pod information.
Enhanced Performance & Bot Management: Platform now supports 50MB API specifications. Redesigned Threat Protection UI includes 20+ threat categories. New TEBA automatically detects bots targeting data fields and discovers expensive fraud use cases.
Machine Learning: Enhanced ML analyzes suspicious activity patterns and auto-creates suggested rules for real-time attack prevention with human-in-the-loop recommendations.
Platform Updates: Complete UI/UX redesign organizes features under "Discover," "Posture Management," and "Threat Protection." Added universal search, light/dark mode, enhanced traffic source visibility, and new integrations for Google Big Query, Azure Blob Storage, Splunk, Elasticsearch, and Kafka.
Deprecations: Workato Notification Workflow deprecated in version 8.0. HTTP Traffic Filters will be deprecated for newer Defender versions.
Upgrade-affecting issues
Several issues fixed in this release require attention during or prior to upgrading from an earlier release of the Cequence UAP platform.
- CEQASP-8798: As a result of the fix for this issue, the Cequence UAP platform will lose historical statistics for your installed Defender instances. The list of Defender instances in the System Components page appears empty after upgrading, then repopulates as the installed Defender instances sync with your Cequence UAP platform instance.
- CEQASP-8721: Requires attention at deployment time. The Elasticsearch query timeout for the UI and traffic metrics has changed from 60 seconds to 5 minutes. During deployment, change the UI ingress timeout value to 5 minutes to match.
- CEQASP-7768: The Leaked User ID data set type has been removed. After upgrading to the 8.0 release, all existing data sets of this type will be deleted.
CEQASP-7623: Requires attention at deployment time. By default, the Cequence UAP platform uses internal service communications to exchange information between keycloak and the following services.
- BFF
- API Edge
- Distribution Service
- keycloak-init
These communications require valid values for the following variables.
- authentication.endpoint.namespace: The name of the namespace where Keycloak is installed (default: cequence)
- authentication.endpoint.service: The name of the service for Keycloak (default: keycloak)
Alternately, to fall back to the pre-8.0 behavior, set the following value to false.
- authentication.endpoint.internal (Default: true)
Resolved issues
Release 8.0.1
CEQASP-8404: Update UI for lower resolution screens (Min 1366 x 768)
CEQASP-8593: Detection Dashboard | Actions -> 'Allow ISP', 'Allow Organization' | Accepting duplicate values
CEQASP-8930 UI: Risk Details: pagination next not working, sort and search
CEQASP-8431 Threat Protection Rules: Custom Rules : Save Button should remain disabled when user clicks on "Change rule state" without selecting any rule.
CEQASP-8592 UI: Detection Dashboard | Actions -> 'Allow IPs' | Generic error message thrown while adding duplicate entries
CEQASP-8930 UI: Risk Details: pagination next not working, sort and search
Release 8.0
CEQASP-8848: Update busybox to 1.36.1
CEQASP-8753: Additional Metrics for Integration Executor
CEQASP-8728: Data Export: Remove SSL,SASL_PLAINTEXT and SASL_SSL from Security Protocol from kafka
CEQASP-8721: Make the timeout values to 5 min by default for UI/TrafficMetrics and Ingress
CEQASP-8659: [Helm Chart] Remove static passwords from helm chart
CEQASP-8629: Multi-UAP connectivity does not work with Oauth.
CEQASP-8625: Traffic Sources Schema Changes
CEQASP-8604: Remove Notifications/Workato UI from UAP
CEQASP-8574: Risk Posture: Refresh button not refreshing with correct time stamp
CEQASP-8558: Move Flowgraph to Discovery in 8.0 UI
CEQASP-8463: Dynamic UI for ML Models page
CEQASP-8460: Release Changes: Remove Sensor Bridge tagging for cequence-asp helm chart
CEQASP-8459: Reorganized Secondary Left Nav for Discovery in UAP GUI
CEQASP-8435: bubble up opentelemetry-collector.imagePullSecrets in UAP values
CEQASP-8414: Remove Exact Match for discovery parameterization
CEQASP-8387: Baselining summary UI modification
CEQASP-8383: Handle Empty Threat Classification in Pivots Call in Detection Dashboard in UI
CEQASP-8355: Add Automation coverage for Ticketing Connectors page
CEQASP-8322: Upgrade impact: Change resource-metrics ES index refresh interval defaults to 30 seconds and expose via helm
CEQASP-8320: Change all System Rules to ship out-of-the-box with Experimental = FALSE
CEQASP-8318: Verify all the pages in light mode
CEQASP-8305: Policy Engine vulnerability fixes
CEQASP-8272: Fix Spartan vulnerabilities for 8.0
CEQASP-8270: Fix Sentinel vulnerabilities for 8.0
CEQASP-8260: Add UI automation coverage for all Ticketing flows
CEQASP-8255: Add data size to send to UI for evidence
CEQASP-8254: Add Contributor Values for Access Control Data on Traffic Analyzer
CEQASP-8238: Attach Evidence to tickets created
CEQASP-8236: View Transactions: I lose context on which row I had selected, when I switch back from details pane to the main table
CEQASP-8235: Increase default column width of the date/time on the transactions page
CEQASP-8234: Column width changes lost on re-render of transactions table
CEQASP-8218: Expose session timeout values from the realm and ui client from UAP UI
CEQASP-8217: Allow customers to add their own tags when creating service requests or incidents in ServiceNow
CEQASP-8216: Add ticket type of "Service Request" when creating tickets in ServiceNow
CEQASP-8212: Move threat classification to after rules processing and make it confidence based for detection only and always tag mitigated
CEQASP-8199: Update 3 expiring Download URLs and increase frequency of checking for downloads
CEQASP-8194: Discovery Pattern: leverage centralized parameterization, via the data plane: Sentinel Only Flow
CEQASP-8178: Add Threat Classification to Data Export Bot Detection events
CEQASP-8144: Long-term retention of issues and issue evidence
CEQASP-8091: Allow TTP to be set from the Expert Rules APIs
CEQASP-8068: Update helm chart version on master to 8.0-master
CEQASP-8066: Upgrade the @cequence/ui package for Spyder to 5.0.3
CEQASP-8049: Enable Light Mode in UAP
CEQASP-8034: Update Issues widget to only track *actionable* issues
CEQASP-8029: Add user info to Issue status history
CEQASP-8026: rules-bundle-6.0
CEQASP-8011: Add Traffic Source as a Filter on the Detection page
CEQASP-8010: Allow user to view cards with Mitigation Count = 0 (unmitigated ones)
CEQASP-7993: Provide configurable limits for ObjectMapper and yaml Parser size limits
CEQASP-7953: Bring back the Manage Applications page for Defender Configuration
CEQASP-7952: Add Support for Out of the box Connectors
CEQASP-7937: update policy CRUD API to honor the policy classification set for system defined policies
CEQASP-7936: Add UI support for inactive sources
CEQASP-7888: Rename items on the User Management: Roles page
CEQASP-7887: Display UAP version number in a better place than System Components
CEQASP-7886: Purge Stale sources from traffic sources Index
CEQASP-7881: Ticketing Integrations page (for ServiceNow)
CEQASP-7880: UX Refresh: Updated Threat Classification tile on Exec Dashboard
CEQASP-7874: Add Policy Modified Date to the Mitigation Dashboard
CEQASP-7872: Automate all flows until evidence
CEQASP-7846: Inventory: API Endpoints Table Level Filters: Sensitive Data
CEQASP-7843: Detection and Mitigation Threat Classification changes
CEQASP-7827: Inventory: API Endpoints Table Level Filters: Risk levels, Score
CEQASP-7825: Inventory: API Endpoints Table Level Filters: first activity, last activity, created on
CEQASP-7809: Ad-hoc testing
CEQASP-7801: Modify the Pivots API to account for threat classification for Mitigation Page
CEQASP-7800: Modify the Pivots API (get_pivot_details) to account for threat classification
CEQASP-7768: Doc Impact : Remove Leaked User Id from the list of options in the UI as the functionality is not supported
CEQASP-7757: Mouse click on a card on the Detection /Mitigation page should select that card.
CEQASP-7752: Move /auth-config and /cluster-config BFF endpoints behind auth
CEQASP-7751: Change TEBA rules to show up as System Rules, not Custom Rules
CEQASP-7749: UI changes on System Rules page to show Ruleset hierarchy
CEQASP-7743: Nomenclature changes of existing System Rules
CEQASP-7717: Add Support for Traffic sources
CEQASP-7708: Left-hand nav collapsed view
CEQASP-7688: Inventory: API Endpoints Table Level Filters: API Definitions, capture source and change status
CEQASP-7683: Inventory: API Endpoints Top Level Filters
CEQASP-7677: API Inventory: Page Level Verification
CEQASP-7664: Runtime Dashboard: API Hosts: Page click through verification
CEQASP-7663: Runtime Dashboard: API Endpoints Scope: Page click through verification
CEQASP-7662: Runtime Dashboard: API Endpoints by Authentication Types: Page click through verification
CEQASP-7661: Runtime Dashboard: API Endpoints with Sensitive Data: Page click through verification
CEQASP-7660: Runtime Dashboard: API Endpoint Risk Levels: Page click through verification
CEQASP-7655: Runtime Dashboard: Endpoint Count Panel: Page click through verification
/CEQASP-7631: Runtime Dashboard: Page Level Verification
CEQASP-7623: Change default deployment to ensure that internal UAP communication does not need to go via ingress
CEQASP-7574: Add Contributor Values data for all Risk Contributors
CEQASP-7573: Add Repo Level Test for Traffic Analyzer
CEQASP-7571: Add Risk Evidence Topic and Sink it into ES
CEQASP-7567: Improve caching behavior of XML parsing when used in DX scripts
CEQASP-7566: Implement caching of JSON parsing when used in DX scripts
CEQASP-7560: Keycloak: Update Access Token Lifespan from 5 min to 25 min
CEQASP-7534: Modify the Pivots API to account for threat classification as a Pivot Type
CEQASP-7533: Add Threat Classification support for Detection Stream
CEQASP-7527: Open API Edge for public access
CEQASP-7519: Update Empty States For New Theme
CEQASP-7473: Authentication credentials
CEQASP-7471: Create ServiceNow connectors
CEQASP-7470: Check incident status
CEQASP-7469: Show ServiceNow Incident statuses in UAP
CEQASP-7405: Issue status sticky filters
CEQASP-7403: Issue status history
CEQASP-7402: Automatic issue resolution
CEQASP-7401: Changing issue status
CEQASP-7398: Setting issue status, with visibility in issues page
CEQASP-7397: Issue Status values: default
CEQASP-7280: Card view in the bottom left of the Mitigation page
CEQASP-7878: Seamlessly work with Transactions, Data Export, Audit Logs
CEQASP-7773: New WAF Policies
CEQASP-7769: New WAF Rules in Automation Indicators
CEQASP-7926: Show WAF status and allow WAF toggling (policy state)
CEQASP-7225: Evidence Tab: Highlight Issue Triggers
CEQASP-7223: UI changes to the bottom right of the Mitigation page
CEQASP-7222: Tickets Widget
CEQASP-7221: Labels Widget
CEQASP-7220: Issue Status Widget
CEQASP-7219: Issue Summary Tab
CEQASP-7218: Evidence Tab: Display Evidence
CEQASP-7217: Tabbed layout
CEQASP-7216: Issue Page Title + Breadcrumbs
CEQASP-7214: New column for number of issues in risks table
CEQASP-7213: Move API Hosts filter down from top of the page to the top of the table (with other sticky filters)
CEQASP-7212: Issues Widget
CEQASP-7183: Baselining model configuration from the UI
CEQASP-7157: Title/Breadcrumbs for Issue Details
CEQASP-7156: Tabs/Tiles for different statuses
CEQASP-7155: Sticky Filters for Risk Details Page
CEQASP-7153: Endpoints table for Issue Details page
CEQASP-7142: Document UI display/font/system requirements
CEQASP-7125: Implement Search function to search for specific pages in the left-hand menu
CEQASP-7064: Support Audit logs for success and failed client logins
CEQASP-7063: Support traffic source as a filter on Inventory Page
CEQASP-7062: Support Traffic source as a Pivot in Detection Dashboard
CEQASP-7055: changes from demo feedback
CEQASP-6939: Ability to query top N and cardinality of threat classifications for a given set of pivot keys
CEQASP-6937: Add mitigation count as a sorting field in Pivots query
CEQASP-6873: Add mechanism to delete incorrect nodes
CEQASP-6860: add onboarding experience for flow graph page
ization of tooltip component in the UI
CEQASP-6651: Display error message to user when too many transactions are attempted to be loaded
CEQASP-6650: UI changes to the bottom right of the Detection page
CEQASP-6649: Card view in the bottom left of the Detection page
CEQASP-6648: Faster rendering of the top-level micro chart
CEQASP-6553: On Mitigation page, add transaction counts to each policy listed on the right-hand pane
CEQASP-6522: UX for new loader
CEQASP-6521: Visual cleanup of user login screen
CEQASP-6520: Visual cleanup of error messages
CEQASP-6436: Visual Cleanup for Stepper based Popups
CEQASP-6373: Visual design changes of the main chart in the Detection page
CEQASP-6372: Left-hand nav menu regrouping
CEQASP-6371: Pop-up modal structure standardization
CEQASP-6369: Visual theme cleanup of Spyder's summary dashboard
CEQASP-6368: Visual theme cleanup of top-level exec summary dashboard
CEQASP-6351: Add ability to link from an api-definition in Inventory to the Flow Graph page
CEQASP-6330: Expose and authenticate traffic to flow-graph-collector
CEQASP-6327: Create API to return flow graph data
CEQASP-6326: New Flow Graph page
CEQASP-6324: Fine-grain configuration for processor(s)
CEQASP-6323: Add datastore and configure exporter in collector to send there
CEQASP-6322: Add otel-collector
CEQASP-6304: Risk Categories: Sensitive Data only visible for Response body
CEQASP-6301: Investigation: Traffic Metrics Query Performance: Charts and counters Query
CEQASP-6299: TrafficMetrics: Performance Pivots Details Query
CEQASP-6166: expose creation of offline_access capable clients in UAP
CEQASP-6140: BotAnalyzer Performance: Improve evaluation logic of App Tags in Bot Analyzer
CEQASP-5757: Implement MMDB database local cache
Upgrade considerations
The material in this section addresses several different upgrade scenarios.
Component updates
This table lists the necessary updates you must perform before upgrading your Cequence UAP platform instance to the 8.0 release.
Component | Version | Requirement |
Strimzi | 0.44 | Do this before upgrading. Also upgrade credentials. |
Keycloak | New theme | Update the chart to perform this upgrade. |
Airflow | n/a | Uninstall Airflow before upgrading and reinstall it after the upgrade is complete. |
Keycloak Update
When you update the Cequence UAP platform to release 7.7.2 and later, make the following changes in the keycloak/values.yaml
file.
keycloakTheme: image: tag: 8.0.1
Compatibility Matrix
The Cequence UAP platform release 8.0 requires the following minimum versions of other Cequence components.
Component | Version |
Cequence Defender | 5.3.2 |
Cequence Bridge | 5.3.2 |
Cequence Sensor | 4.1 |
On-Premises Deployments
Package | Version | Location |
Helm Chart | 8.0.1 | https://cequence.gitlab.io/helm-charts/ |