Netskope Cloud Exchange Release Notes Version 3.4.0
We are excited to announce our Cloud Exchange 3.4.0 updates! Get the latest features, issues fixed, and other updates in this release.
The Cloud Exchange 3.4.0 maintenance release includes several vulnerability patches to the Docker base image. To upgrade, follow these instructions: Upgrading to the Latest Version of Cloud Exchange.
Added
Syslog Service Plugin for Cloud Exchange itself
The ability to take response actions during a designated maintenance window in Risk Exchange
Nested folder view for Business Rules to enable users to better organize complex rule sets
Logs sent via CLS in the last X timeframe to the Log Shipper UI dashboard
Log counts on the Log Shipper SIEM Mapping page to show usage per connector
The ability to delete locally uploaded plugins from UI
Formal support for Ubuntu 20.04 LTS
A Configure New Plugin button in all modules to redirect to the plugins page with the filter applied for that module
Functionality to change default maintenance password during initial setup and subsequent log in
Existing users will be asked for an email address for the analytics report to better inform users
Functionality to extract MD5 and SHA256 hashes from Netskope (Threat Exchange)
Changed
All drop-downs are now searchable
Ticket Orchestrator performance enhancement: introduced multiple threads for multiple targets
Made search query rule boxes collapsible to expand view of datasets
New Plugins Released/Updated
AlienVault for Log Shipper
Uses default SYSLOG mapping file
Arcsight for Log Shipper
Added support for custom log source identifier
LogRhythm for Log Shipper
Added support for custom log source identifier
Solarwinds for Log Shipper
Added default SYSLOG mapping file
Syslog generic for Log Shipper
Added support for custom log source identifier
CrowdStrike for Risk Exchange
Added support for invoking CrowdStrike Real-time Response Script to trigger device reclassification in Netskope based on ZTA score
These can all be found via the Check for Updates button for the default netskopeoss plugin github repo on the Plugin Repository page under Settings.
Vulnerability Reports
Core: Total: Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
UI: Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
RabbitMQ: Total: 134 (UNKNOWN: 0, LOW: 90, MEDIUM: 12, HIGH: 25, CRITICAL: 7)
MongoDB: Total: 181 (UNKNOWN: 0, LOW: 113, MEDIUM: 21, HIGH: 38, CRITICAL: 9)
Watchtower: Total: 27 (UNKNOWN: 3, LOW: 0, MEDIUM: 7, HIGH: 17, CRITICAL: 0)
Note
The vulnerabilities are in the nginx:alpine base image with curl and openssl. We'll be monitoring the image for fixes and keep you posted.
Here is the list of issues fixed in this release.
Fixed Diagnose script to work with podman services
Fixed SSO to work on Cloud Exchange (JWT token issue)
Here is the list of known issues in this release.
You need to upgrade to 3.4.0 from the CLI using the new setup script if you are using a version of Cloud Exchange older than 3.3.3. If you upgrade from the Cloud Exchange UI to 3.4.0, there are a number of global environmental variables that will not be set, preventing the Cloud Exchange proxy from being used for communication with docker and github, among other services.
Cloud Exchange has to be restarted when there is a plugin update that has changes to multiple python files.
If Cloud Exchange was installed previously using ZIP instead of GIT, you will need to back up the database and migrate it to the new directory as specified in the migration instructions.
If Cloud Exchange is installed on a RHEL host, it cannot be configured within podman to always automatically restart. Upon failure, you will need to manually restart Cloud Exchange.
If you wish to rotate among different DNS servers you cannot simply modify the
resolv.conffile inside thecloud_exchange_core(podman or docker). There is a documented workaround for this unsupported configuration.