Netskope Cloud Exchange Release Notes Version 4.2.0

We are excited to announce our Cloud Exchange 4.2.0 updates! Here's the latest features, issues fixed, and other updates in this release.

New Features and Enhancements in Version 4.2.0

Feature updates are listed below.

Added

Core	UI
Added a keep-alive info log, ensuring all containers are running which is sent out to SIEM, improving the reliability of the Cloud exchange stack. Added support of CTEP/IPS alerts into Cloud Log Shipper and Cloud Ticket Orchestrator modules. Added exponential backoff on alerts/events pulling to mitigate disruptions caused by expired or limited access tokens. Pulling is automatically resumed after token updates, with a maximum delay of one hour. Improved log organization and readability by moving user-action based logs into the debug category as part of logging refactoring. Added access for support and services teams with an additional SSO login workflow for cloud exchange. This feature is helpful to support and services team to monitor as well as resolve issues which is occurred into cloud exchange. Added product scalability with support for horizontal scaling of worker containers. With the help of this functionality, Worker containers within Openshift and K8S deployments for Cloud Exchange will be horizontally scalable. Enhanced security by introducing support for secret managers, allowing users to store API tokens and passwords in a secure vault, starting with HashiCorp vault. During data transfer, Cloud Exchange retrieves API tokens and passwords from the user-specified path within the vault. Improved data filtering capabilities with the addition of an 'is empty' operator, allowing users to filter out data with null values in a specific field. Added support for format 3 fields in Webtx logs for Syslog plugins. (Syslog, AlienVault, ArcSight, QRadar, Rapid7, SecureWorks, SolarWinds, LogRhythm).	Added CTEP alert type into tenant configuration under settings → Netskope tenants, ALL business rule in CLS module. Added error banner on UI to notify users for expired token or invalid token. Added netskopesso endpoint for Support and service team's SSO login workflow. Added secrets manager configuration under general settings to configure HashiCorp integration. Updated confidential input fields with toggle but to either provide path or raw credentials. The UI now includes the option to use the "is empty" operator in all filter query construction.

Core

Added a keep-alive info log, ensuring all containers are running which is sent out to SIEM, improving the reliability of the Cloud exchange stack.
Added support of CTEP/IPS alerts into Cloud Log Shipper and Cloud Ticket Orchestrator modules.
Added exponential backoff on alerts/events pulling to mitigate disruptions caused by expired or limited access tokens. Pulling is automatically resumed after token updates, with a maximum delay of one hour.
Improved log organization and readability by moving user-action based logs into the debug category as part of logging refactoring.
Added access for support and services teams with an additional SSO login workflow for cloud exchange. This feature is helpful to support and services team to monitor as well as resolve issues which is occurred into cloud exchange.
Added product scalability with support for horizontal scaling of worker containers. With the help of this functionality, Worker containers within Openshift and K8S deployments for Cloud Exchange will be horizontally scalable.
Enhanced security by introducing support for secret managers, allowing users to store API tokens and passwords in a secure vault, starting with HashiCorp vault. During data transfer, Cloud Exchange retrieves API tokens and passwords from the user-specified path within the vault.
Improved data filtering capabilities with the addition of an 'is empty' operator, allowing users to filter out data with null values in a specific field.
Added support for format 3 fields in Webtx logs for Syslog plugins. (Syslog, AlienVault, ArcSight, QRadar, Rapid7, SecureWorks, SolarWinds, LogRhythm).

Added CTEP alert type into tenant configuration under settings → Netskope tenants, ALL business rule in CLS module.
Added error banner on UI to notify users for expired token or invalid token.
Added netskopesso endpoint for Support and service team's SSO login workflow.
Added secrets manager configuration under general settings to configure HashiCorp integration.
Updated confidential input fields with toggle but to either provide path or raw credentials.
The UI now includes the option to use the "is empty" operator in all filter query construction.

Netskope Usage Analytics: Netskope usage analytics now includes proxy information (authenticated/unauthenticated), custom repository details, and deployment time/current uptime. Common information has been moved to the installation tab and amapping name for Log Shipper plugins has been added.

Changed

Changed RabbitMQ version to RabbitMQ v3.11 as RabbitMQ has announced the end-of-life (EOL) for v3.9.
Eliminated the need for UBA License with updated Netskope CRE plugins.

Removed

Removed the unused watchtower service from docker-compose.yml for on-premise deployments.
Replaced the RabbitMQ disk space monitoring pie chart with a disk space consumption banner when disk space usage exceeds a certain threshold.

Fixed Issues in Version 4.2.0

Here is the list of issues fixed in this release.

Fixed auto-migration issue on startup for Cloud Exchange services using start script.
Fixed restarting issue of RabbitMQ container caused by providing maintenance password with round brackets during initialization.
Fixed issue where TCP/UDP connections remaining open for an extended period for SYSLOG plugins while ingesting which will improve the overall stability.
Improved user experience by resolving excessive loading delays on browsing the Plugins page under Settings.
Resolved incorrect disk space consumption banner display on cloud exchange deployments with EFS storage for RabbitMQ when disk usage exceeds a certain threshold.
Corrected inaccurate byte data on the Log Shipper dashboard for the total number of WebTX logs sent to external receiver.
Fixed permission issue with respect to script which is used to create MongoDB user to carried out database operations in Cloud Exchange.

Known Issues in Version 4.2.0

The historical data fetch might experience performance issues. The time to complete the historical process might run for a prolonged period and impact the overall performance.
The Alert type filter option on Netskope CLS Plugin configuration would not be applicable if the alert type filter is configured on Netskope Tenant configuration.
Workaround: Users should move the CLS configuration level filtering criteria to tenant level configuration after migration.
The default mapping for the newly introduced CTEP alert type is not available for CLS plugins.
Workaround: Users would be required to add custom mapping to send CTEP alert types to the SIEM platforms.
The CLS global setting ‘Page Size’ would have no impact on the functionality. Page Size global setting to be deprecated in the future release.
An issue has been identified in which the restart of the Cloud Exchange after the expiration of the HashiCorp auth token, when the user is using a private custom repo with an access token stored inside HashiCorp vault, will cause the entire core service to restart.
Workaround: Support intervention is needed for changing access token via MongoDB Database.

In this section:

Netskope Help