Release Notes

The latest releases, features and bug fixes for our CPSM product.

October 2023

New Features 

Account Scanning On-Demand

Users can now manually trigger a scan of their accounts from the new Manage Accounts tab on the Admin page. It might take up to an hour for the whole account to be scanned.

Resource Scanning On-Demand

Users can now manually trigger a scan of individual resources. They can access this feature by clicking on the Scan Now button on the resource page. It might take up to a minute for the resource to be scanned.

Bug Fixes / Enhancements

  • Fixed bug that stopped alternate licensing scenarios from loading.
  • Fixed bug that was causing the “clear filters” button on the Mitigations and Exceptions page to not visually display a filter was active.
  • Fixed bug that prevented users from progressing to the next page on the SQL Server Entitlements page.
  • Fixed bug that was inhibiting the warning toast when too many mitigations and exceptions are selected.
  • Fixed bug that would not allow users to delete configuration data for Oracle and SQL Server.
  • Improved consistency and functionality of search bars across the product.

August 2023

New Features 

SQL and Oracle Default Credentials

Customers will be able to add default credentials for Oracle and SQL Server configuration files. With this feature, users can type one username and password and apply it to all entries in their file, reducing the number of manual entries. The credentials will be applied once users save the file.

Oracle connection string has been split to server, user, password fields to accommodate the use of default credentials.

User Delegation – running the scripts as a user other than the owner. This is useful for security role separation, as well as running multiple configuration files on the same data gathering appliance.

Allow for the system-wide installation of Node.js, using NodeSource distributions. This allows for a single installation for all users instead of a user-context installation for each data gathering user. The OpsCompass CLI can also be installed for all users as a global module in the system install.

Bulk Load Configuration

Introduced a bulk loading tool scripts/bulk_load.js, that accommodates the creation of a new configuration file with or without default credentials. The tool can also be used to incrementally load new configurations into an existing configuration file (see Config/bulk_sample.json for an example). NOTE: This also facilitates complex testing scenarios for development and was used to test / fix the special character handling as well as to validate default credentials functionality.

Introduced a new support tool support/unix/ (utilizingsupport/unix/csv2json.jq), that demonstrates how to extract configurations from the config file as JSON.

Bug Fixes / Enhancements

  • Product website color palette now matches the colors.
  • Fixed issues caused by using special characters in password, including <space>, back-slash, the @ sign, and $ sign for both Oracle and SQL Server data gathering configurations.
  • Fixed issues caused by using a <space> in the username for both Oracle and SQL Server data gathering configuration. NOTE: This is allowed by both Oracle and Microsoft, but specifically not recommended by either of them.
  • Compliance score text is enlarged.
  • JSON downloaded from configuration files are now properly formatted.

July 2023

New Features 

Account Manager

There is a new tab on the admin page that allows users to see and manage accounts (ex. Azure subscriptions, AWS accounts, etc.) and organizations (Azure tenants, AWS organizations, etc.) they have connected to their OpsCompass company. From this tab, users can also add and disable accounts.

Linked Companies 

There is another new tab on the admin page that allows users to link external companies to share high-level information and monitor their compliance scores. It is common for companies to give data access to third parties. A common vector for a data breach is for hackers to breach a third party’s systems, and then try to breach the actual targets data. Through linking two companies, this feature helps a company assess their third-party risk through automation and the OpsCompass product.

New Notifications 

Users will now receive notifications when there are new product release notes and Knowledge Base articles. With this addition, users have easy access to current information about the product.

Bug Fixes / Enhancements 

  • A resource’s latest configuration can now be accessed through the CLI and API. 
  • Added option for SQL Server Data Gathering Configurations to use Directory Authentication. 
  • Updated more features to improve accessibility I.e., adding form labels, alternative text, and missing links. 

June 2023

New Features 

Breached Data for M365 

Connected Microsoft 365 tenants will be able to see their organization’s users who have had information compromised in data breaches. Users will be able to see how many breaches, what data was compromised, and when the last password change was for all users. This feature serves as a reminder to update accounts to stay in security compliance. Find out how to use this feature here. 

 Bug Fixes / Enhancements 

  • The network discovery feature no longer has an ongoing loading animation when no network configuration exists. 
  • The Configuration Network Discovery tab prevents users from saving invalid information. Users will not be able to save if any of the fields are invalid. 
  • MSSQL assessments can now handle adding hundreds of records at a time. 
  • A contact form is now linked in the Settings menu. 
  • Compliance Scores show up next to Framework names on the Compliance Snapshot page. 
  • Updated features to improve accessibility I.e., adding form labels, alternative text, and missing links. 

May 2023

New Features

Database Discovery Configuration

Users will now be able to set up a configuration to scan for databases that are likely running Oracle,

Amazon RDS, and EC2 instances that have not been set up in OpsCompass.

CIS Microsoft Azure Foundations Benchmark v1.5.0 

The CIS Microsoft Azure Foundations Benchmark has been updated from v1.10 to v1.5.0 within the product. 

  • New Types: Microsoft.DBforMySQL/flexibleServers, Microsoft.Network/networkWatchers
  • Updated Types: Microsoft.KeyVault/vaults
  • New Check Count: 16
  • Updated Check Count: 4
  • Updated Policy Count: 2

April 2023

New Features

Compliance Checks 

The Compliance Checks page shows users all compliance checks and groups the checks by priority. This page can be accessed from the Compliance Snapshot page under the Compliance Status pie chart. 

This new page allows users to:

  • See all their relevant checks in one place
  • Manage disabled checks
  • View high-priority fixes
  • Search all checks

 Bug Fixes / Enhancements 

  • Updated tablet design for main dashboard 
  • Fixed issue where dates on SQL Server Entitlement Manager were displaying incorrectly 
  • Fixed issue where users couldn’t log out under certain conditions 

March 2023

New Features

Data Gathering Scripts Running data gathering will automatically pull any database configuration updates made through the app or CLI/API. We added functionality to allow the scripts to automatically update themselves, but we’ll be introducing a configuration setting to enable this functionality soon. Local copies of the configuration file now encrypt connection information. You can now specify a default configuration file name so that you don’t have to specify a file every time you run data gathering.
Compliance Page Users will see that their compliance page has been updated. This new page has four main features:
  • Compliance Status Users can look at a pie graph to see how many checks are compliant, or have high, medium, and low priority problems.
  • Compliance Over TimeThis line chart is very similar to the line chart users have seen on this page in the past, but this one adds date ranges so users can see how their compliance has changed over recent or extended time periods.
  • Framework StatusTo find in-depth information on each individual framework, users will be able to click on the different rows of the Framework Status table. This table lists each framework, the compliance score for that framework, and how many checks apply to each.
  • Mitigations and ExceptionsUsers are now able to see which of their mitigations or exceptions are expiring within the next week, 30 days, and 60 days. This card also links to the current Mitigations and Exceptions page.
Another addition to this page is that users will be able to filter the data by Framework using the top right dropdown.
Privacy Policy Updates Below are the changes made from the 2020 version of the Privacy Policy: References to OpsCompass were changed to OCI In the section titled “Optingout of OpsCompass Communications” the following was changed from: “You may opt out of receiving Communications by modifying your website or Service profile, or by unsubscribing to the marketing mailings or newsletters you no longer desire. To unsubscribe, please submit your information through, or follow the “Unsubscribe” instructions that are contained within the mailing, newsletter, or other Communication that we send to you. You may also send an email to with “Unsubscribe” in the body, together with a description of the Communications you no longer desire to receive.” To the following: “You may opt out of receiving Communications by modifying your website or Service profile, or by unsubscribing to the marketing mailings or newsletters you no longer desire. To unsubscribe, please follow the “Unsubscribe” instructions that are contained within the mailing, newsletter, or other Communication that we send to you.” In the section titled “Questions or concerns” the following was changed from: “You can also contact the OpsCompass Data Protection Officer by email at” To the following: “You can also contact us by email at”
Bug Fixes / Enhancements
  • Fixed bugs and updated sorting features in the SQL Server Entitlement table.
  • Fixed a bug not allowing customers to create tags on the individual check page.
  • Fixed bugs in the license configuration tabs.
  • Improved Microsoft 365 connection experience.
  • Updated Knowledge Base Articles to reflect changes in the product.

February 2023

New Features

Dashboard Updates

The OpsCompass Dashboard has added a card for licensing customers to see their total potential risk. Both Oracle and SQL Server licensing customers will have this view. Along with this addition, some dashboard cards have been redesigned and rearranged to improve the layout. Most noticeably, the accounts card is now on the very top of the dashboard. 

License Manager

OpsCompass License Manager has been updated to include total potential risk and potential risk broken down by individual products ex. Oracle Database Enterprise Edition. 

Weekly Digest

Licensing details have been added to the Weekly Digest email. Licensing customers can see their total potential risk and the percentage change from the previous week. 


Bug Fixes / Enhancements 

  • Oracle licensing customers can now download the deployment details for their Current State report. 
  • Fixed a bug redirecting customers after they added filters to Inventory screen. 
  • Fixed a bug that caused tagging menu to not render under certain conditions. 
  • Added support for AWS regions within the Middle East, Southeast Asia, and Central Europe. 
  • Updated AWS Event Forwarding Template to use IAM Role for cross-account access. 
  • Updated OpsCompass AWS Scanning Template, allowing access to Pricing APIs. Directions to update your AWS account integrations can be found on the OpsCompass KnowledgeBase 

December 2022

Product Enhancements 

SQL Server Licensing

OpsCompass Licenses now supports both Oracle and SQL Server! The capabilities for SQL Server mirror those we have already set up for Oracle. These include current state reports, entitlements, and data configuration. The Licenses page has been updated to support this feature addition.

Mssql server entitlements can be entered based on what has been purchased.

Once a Mssql assessment has been run, the entered entitlements are compared against mssql license usage in the environment, and license compliance is calculated. The assessment calculates the number of available licenses and potential risk. The entitlements, deployment details, and license usage can be viewed to see what went into the assessment compliance calculations.

CIS Benchmark

OpsCompass offers MS SQL Server 2019 Benchmark support! Users can now track their Security and Compliance status of their SQL Server Instances within OpsCompass. For more information on installing data gathering scripts, or if you are interested in trying out Phase 2 of support, please contact your OpsCompass representative.


Inventory Updates

Inventory Quick Filters

We have added a few quick filters to the top of the inventory table so customers can easily find databases, networks, and storage without navigating through the traditional filter modal.

Inventory Problem Filter

Users can now filter to see resources with or without problems. This filter makes it easier for users to exclusively see resources with problems they need to fix.

Related Resources

Users can now see related resources on the individual resource fly-out. This update was added so that users won’t have to navigate away from the inventory to see necessary information.

Resource Tagging

We have added the capability to add custom tags to resources via the user interface and CLI. Users can create up to 20 tags per resource. There is also the capability to delete tags for any resource.

October 2022

Product Enhancements 

Resource Usage Metrics
We can now capture usage metrics for various resources. Users can see those metrics over time visualized on a resource’s page. At launch, this supports AWS EC2 and RDS and must be enabled for specific accounts.
  • To enable OpsCompass to start tracking resource usage metrics within your environment, contact your OpsCompass representative
    • This supports CPU utilization and various I/O stats for AWS EC2 and RDS instances.
    • Added API / CLI endpoints for querying for resource usage metrics on resources.
    • Added ‘Usage Metrics’ tab to resource screen.
  • Users should see the Compliance dashboard load much faster now. We changed the snapshot on the compliance dashboard to pull from the same place we use for the weekly digests. This data is updated once a day, so users may now see some difference between the compliance dashboard and the framework reports underneath it.
  • Added optimizations so compliance framework details load more quickly.
  • The numbers across the top of the compliance dashboard now show problem counts across resources. Some checks apply to multiple controls in a compliance framework, so one problem may count multiple times in frameworks such as CIS Controls v8, leading to the numbers being higher for individual frameworks when compared to the top-level totals.
  • Authored Compliance Check for detecting AWS RDS Oracle BYOL Compliance with large vCPU count.
CIS Benchmarks for Microsoft 365 v1.5
  • Added support adds three new checks and two new resource types
Bug Fixes / Enhancements
  • Users network usage should now be reduced while using OpsCompass.
  • Oracle databases will no longer be mistakenly marked as deleted during scans.
  • New resources with the same ID as a previously deleted resource will now be scanned.

September 2022

Product Enhancements 

MSQL Data Gathering Configuration 

A new tab for MSQL has been added to the license manager data configuration page. This allows you to enter information about your MSQL databases so OpsCompass can include MSQL databases in configuration and compliance scans. The same functionality has also been added to the license-manager module in the OpsCompass CLI. 

Mitigations and Exceptions Filter 

In this release, we have updated the filters in the Mitigations and Exceptions feature so customers can now filter by exception, checks, resources, and creator in addition to the type and status. These filtering options make it easier for customers to find what they are looking for. 

New Authorization Flow for Microsoft 365 Exchange and SharePoint Tenant Scanning 

We introduce a new flow for authorizing OpsCompass to scan Exchange Online and SharePoint tenant settings. Now we use an Azure AD Application to gather the Exchange and SharePoint data rather than using a username and password to connect to the Exchange Online and SharePoint Online PowerShell environments. 

To use this scanning flow, follow the steps to connect a Microsoft 365 tenant to OpsCompass. After the initial Azure AD authorization step, which authorizes OpsCompass to read resources like users and groups, you can authorize this second OpsCompass Azure AD application. 

After authorized, to allow OpsCompass to read your Exchange Online settings, you’ll need to add the new application to the “Global Readers” role for your tenant. OpsCompass provides you these details during the setup process. 

Oracle Database CIS Benchmark 

OpsCompass offers Oracle 19c CIS Benchmark support! Users can now track their Security Compliance status of their Oracle Database Instances within OpsCompass. OpsCompass implements over 100 different compliance checks based on the benchmark recommendations, covering User Access Auditing, Least Privilege Access Recommendations, Connection Restrictions within your instance, as well as best practices for database parameter settings. For more information on installing data gathering scripts, or if you are interested in trying out Phase 2 of support, please contact your OpsCompass representative. 

Bug Fixes / Enhancements 

  • With the CLI, when you update your data gathering scripts, we’ll no longer warn you that your scripts are out of date. 
  • On the Mitigations and Exceptions page, when you select multiple records the page should tell you the correct number of records you’ve selected. 
  • When filtering the Drift view by a change date range, the dates in the filter summary should match the dates in the filter view. 
  • When creating or editing Drift Concerns, the fields no longer take up the full window width available to them. 
  • When you click on the “Notifications” bell while you have no notifications, you now see a message that you have no notifications. 
  • We updated the recommended action when an AWS S3 bucket allows non-HTTPS traffic to recommend making a policy blocking non-HTTPS traffic for all S3 actions. 

August 2022

Product Enhancements 

Oracle Database CIS Benchmark 

OpsCompass is beginning to roll out Oracle 19c CIS Benchmark support! Users with initial access can now track their Security Compliance status of their Oracle Database Instances within OpsCompass. For more information on installing data gathering scripts, or if you are interested in trying out Phase 1 of support, please contact your OpsCompass representative. 

Additional Feature Development 

Mitigations and Exceptions 

OpsCompass users will be able to view and edit their previously created compliance mitigations and exceptions. The feature also supports bulk editing and advanced filtering capabilities. This feature can be found within the compliance section in the main side menu. 

Note: In our next release there will be more filtering options so users can see which mitigations and exceptions are expiring soon. 

License Manager: Data Gathering Config Script Integration 

To support the upcoming addition of Security Compliance monitoring on Oracle Databases, Oracle Database Connections tracked through OpsCompass can now have multiple actions associated with them. These actions allow for the separation of permissions on different users OpsCompass may connect with, or to disable connections from being used entirely. 

Bug Fixes / Enhancements 

We have updated the license manager display columns and modals to provide accurate, streamlined information. 

July 2022

This release of OpsCompass primarily includes quality of life improvements, OpsCompass CLI Enhancements, and bug fixes.  
CLI Enhancements
Added a prompt when a user is not running the latest version of the OpsCompass CLI.
Added bulk update commands for Oracle Database & VCenter Configurations maintained through OpsCompass License Manager. This enables users to update these configurations en- masse, programmatically.
Quality of Life Improvements
When the Administrator generates an Activity Report, they now have the option to select default date ranges of 30, 60, or 90 days, or define a Custom Date Range.    
As a convenience, the user can now access the latest Product Release Notes from the Profile menu.

Bug Fixes / Enhancements
  • The Managed Drift Concern view has been updated to include a title, to assist the user, and added a cancel button to navigate away from the view if the user wishes to cancel any edits.
  • Fixed a bug that ignored SVG file types when filtering the table view.
  • Fix the Document Manager mailer content when deleting a file.
  • Fixed a bug in the Compliance tab of the License manager which did not sort all data elements
  • properly.
  • Fixed a bug in the Entitlement view of the License manager to remap the Limitation fields
  • Fixed bug in the Compliance view Used License Modal, for Internationalization translations.

June 2022

This release of OpsCompass includes exciting new features like License Manager Data Gathering Configurations, updates to existing features like the License Manager Reports, and other fixes. 

New Logo 

To be consistent with our marketing and branding, there’s a new logo in the web application. As with all brand updates, you may still see old branding in certain places that haven’t been updated yet. 

Available Feature: License Manager Data Gathering Configurations 

OpsCompass License Management users will be able to configure the OpsCompass License Manager data gathering scripts directly from the OpsCompass web application. 

This allows users to provide Oracle database connection strings, VCenter connection info, or modify general settings without logging into the server where the scripts are installed. 

Note: These configurations require installing updated OpsCompass License Manager data gathering scripts in your environment. These scripts will be provided at a future time. 

These configurations can also be managed through the OpsCompass API and OpsCompass CLI. 

Enhanced Feature: OpsCompass License Manager Reports 

We’ve updated the layout of License Manager reports. We’ve replaced the side-by-side tables with a drill-in window. 

In addition to updating the basic layout of the primary table on each of the four report tabs, the three tabs with additional information (Entitlements, License Usage Map, and Deployment Details) now use a “flyout” mode for the additional information. This reduces the need to scroll horizontally and lose context as you click through the report details. 

New Feature: Switch Active Company 

Users who are members of multiple OpsCompass companies can now switch between them directly in the web application. 

Switching companies this way will take you to the default view of the new company (usually the OpsCompass Dashboard). If a user is a member of only one company, they will not see this “Switch Active Company” option. 

Enhanced Feature: Entitlement Manager Numbers and Costs 

When displaying quantities and costs, License Manager Entitlement Manager now renders costs as currency ($1,234.00) and quantities with digit separators (1,234) rather than rendering them as plain numbers (1234). 

New Resource Type: Amazon SQS Queues 

OpsCompass now scans Amazon SQS Queues, allowing you to see inventory and drift on your SQS queue configurations. 

April 2022

This release of OpsCompass brings new features and some bug fixes for some older features. 

New Feature: License Manager License Entitlements 

The License Manager area of OpsCompass now has a section for License Entitlements, a place for you to store and manage your licenses for Oracle products. Navigate to License Entitlements from the new License Manager Dashboard. 

The Entitlements area shows the products you’ve purchased from Oracle, which orders, and how many of the appropriate metric you’ve purchased (processor or named user licenses). It also shows usage limitations and the support begin and end date, where applicable. 

Clicking on one of the products shows the details for that product: the summarized totals as well as the individual orders that add up to those totals. These details can be dismissed by clicking the background outside the details or by pressing the “Escape” key on the keyboard. 

Add new entitlements by exporting your support data from Oracle and uploading the resulting CSV into OpsCompass. Click on the “Upload Entitlements” button and upload your data. 

Once the data has been uploaded and processed, you can review your uploaded data from the notification in the Notifications area or by clicking the “Review Upload” button on the Entitlement Manager. 

Users can edit this entitlement data before submitting it by clicking on the “Edit” button. This allows users to add data that’s not provided by Oracle’s export or to add additional information found outside Oracle’s system. 

Once submitted, the data will be added to the current entitlement data. Any incomplete data will be flagged for the user to update before submitting. 

New Feature: AWS Marketplace Integration 

Users can now sign up for a paid OpsCompass subscription using the AWS Marketplace. 

New Resource Type: Amazon SNS Topics 

OpsCompass now supports Amazon SNS Topics as a resource type for AWS accounts. This resource type has basic support for inventory and drift, though we don’t currently have any compliance checks for SNS topics. 

Improvement: Layout for Deleting Data 

Users with broad access to a company have a more consistent experience on their “Settings” page for the data they can delete. The layout on this page was not consistent before. 

February 2022

The February 2022 release of OpsCompass comes with a brand-new feature, Document Manager, as well as a variety of other smaller changes to improve the app’s experience. 


  • • New Feature: Document Manager 
  • • New Feature: Activity Report 
  • • Updated Admin Area 

New Feature: Document Manager 

You can use OpsCompass to share documents with your team and with OpsCompass employees. This new functionality is available under the “Document Manager” heading in the main navigation. Document Manager comes with some default directories for certain report outputs. You can also make new directories and upload documents into those directories. 

By default, users in the “Company Sysadmin” role were granted access to the Document Manager feature. You can grant people access to all the company’s documents in OpsCompass by granting them the “Document Administrator” role. You can also grant people access to specific directories rather than the whole directory tree. 

Creating Directories 

Before you can upload any documents, you need to create a directory to upload those documents to. 


 Provide the name of the new directory in the dialog that appears. 

More Information 

Detailed instructions for all the features of Document Manager are available in our Knowledge Base, including detailed steps for managing the documents, generating a report of which documents were uploaded, downloaded, and deleted, and managing access to documents. 

New Feature: Activity Report 

We’ve created an activity log for OpsCompass. At this time, the only activities being logged involve the Document Manager, logging creations, deletions, and downloads of documents and directories. You can generate a report from the Manage Users Page.

Over time, additional OpsCompass activities will be logged here. 

Updated Feature: “Admin” Navigation 

We’ve merged the Teams, Drift Concerns, and Users pages together into a single “Admin” section. 

Once you enter the “Admin” section, you can switch between the areas using a tabbed navigation. 

        October 14, 2021

        New Features
        • Compliance Reporting has been expanded to include a new PDF report.  
        • OpsCompass License Manager has been improved with new data gathering script packaging and deployment.  
        • OpsCompass License Manager has been improved with automated data ingestion.  
        • OpsCompass API Command Line Interface (CLI) is available as a downloadable NPM package. 
        • New APIs have been added for listing accounts.  
        • Added checks for AWS Password Policy 
        • Added checks for AWS S3 bucket configuration & security 
        • Added checks for AWS EC2 EBS volumes 
          Bug Fixes/Improvements
          • The Drift View has been updated to change the visual indicators. Now shaded green/red areas show additions and deletions, and a teal bar has been added to show the area of JSON detected in the evaluation. 
          • Fixed a bug that caused the Virtual Machine Name to disappear in the deployments section of OpsCompass License Manager.  
          • Added CloudFormation Templates to Event Driven scanning for faster detection of changes. 
          • Minor fixes and improvements to compliance checks, improving rule names, error messages, framework assignments and attribution.  
          • Fixed a bug where the latest resource version would incorrectly show “undefined.” 
          • Improved the user experience for conditions where no new alerts exist. 

                September 16, 2021

                New Features
                • OpsCompass API Preview – A new API for OpsCompass is available as a preview. This API allows authenticated access to resource information in the product via API. The initial release of the OpsCompass API will include a handful of functional interfaces with more to be added over time. Initially, OpsCompass will provide a ‘resources’ API that will get resource configuration information, recent drift notifications, and compliance problems. A command line interface will be released during the week of September 20.   
                • Notification BarOpsCompass now includes a notification experience to alert users to drift concerns and newly found compliance problems. A new notification feed page is available to navigate through a 2-week history of alerts.   
                • AWS Account Connections – the AWS account connection experience has been redesigned to provide a more reliable experience. A new progress bar and user notification experience helps users understand progress in connecting accounts. Newly connected accounts have prioritized scanning to ensure the fastest possible connection experience. New CloudFormation Templates allow users to create appropriate and safe roles for OpsCompass, to enable scanning and event detection. New Command Line Interface (CLI) instructions are available to enable OpsCompass through AWS CLI directly. 
                Bug Fixes/Improvements
                • Last Scanned time has been changed to reflect the last periodic scan, rather than the last event detected.
                • Resources listed on the Check Page now reflect a status icon specific to that check, rather than indicating a general error state. 
                • Fixed an issue where Related Resources were not detected correctly due to excessive request size. 
                • Fixed an issue in account connections, to prioritize new account resource scanning and avoid new account processing delays. 
                • Fixed an issue where AWS account setup would fail during periodic scanning setup, leaving users stuck in the sign-up process. 
                • Fixed an issue where newly created AWS account connections were not processing notifications consistently. 
                • Fixed a scale limitation in AWS account setup limiting AWS account connections. 
                • Fixed an issue where errors in the AWS account setup process were not being displayed to users. 
                • Eliminated excessive drift alerts caused by Microsoft 365 “originating server” drift, AWS Dynamo data record count changes, and certain non-event CloudTrail alerts. 

                    August 11th, 2021

                    New Features
                    • Receive alerts without having to log in via our Slack Integration! Drift Concern alerts can now be sent to a Slack channel. More detail can be found in our Slack KB article
                    • CIS Controls v7.1 have been updated to CIS Controls v8
                    • The navigation sidebar is now collapsible, yielding more room for your resource details
                    • The Compliance Dashboard headline numbers previously showed total/high/medium/low counts that summarized all selected frameworks. Due to adding frameworks, these numbers have been growing and are not best serving user understanding of their compliance landscape. To address this, OpsCompass will now show the number of: Compliant Resources, Open Problems, Policy Exceptions, and Mitigations.
                    Bug Fixes/Improvements
                    • Fixed a scanning bug with gke#cluster resources where regional clusters were marking zonal clusters as deleted
                    • On the Dashboard, moved ‘Add Account’ icon from Accounts card to the Inventory card
                    • Made phrasing consistent on the Add Account Page
                    • Updated sender on weekly digest from ‘digest’ to ‘OpsCompass Weekly Digest’
                    • Modified an S3 bucket check to meet new CIS recommendation to block all public access for every bucket, not just CloudTrails
                    • AWS: Connecting Account Field Validation
                    • Improved user input validation associated with adding Cloud Accounts
                    • Improved resource type filtering for Inventory

                    July 20th, 2021

                    New Features
                    • OpsCompass is adding two-factor authentication (2FA) as a requirement to further protect all user accounts. For more information read ‘How to Enable 2FA Within OpsCompass’ 
                    • Added CIS Controls Version 8 framework
                    Bug Fixes/Improvements
                    • Fixed an issue where a resource’s details could fail to load if related resources did not return as expected
                    • Fixed an issue where the compliance status of a check for a resource could continue to display “Not compliant” after the issue with the resource was resolved in a rare initial condition that affected about 0.2% of resources
                    • Fixed a bug where Drift for some Azure Resource Types erroneously was showing resources being removed and re-added
                    • Changing sort order will display the resource card of the first resource in the list
                    • Changed session cookie timeout value to one (1) hour
                    • Upgraded jQuery to latest version 3.6.0
                    • Session cookies are now properly destroyed on logout

                    July 1st, 2021

                    New Features
                    • Inventory now includes a card that displays resource details so that users can better understand the activity and detail of specific resources while remaining in the context of an inventory filter
                    Bug Fixes/Improvements
                    • Removed ‘Cloud Provider’ tab from Inventory page since Scope is used for filtering by Cloud Provider the utility of this tab as a drilldown has been diminished
                    • Removed ‘Region’ and ‘Created On’ from the Inventory Resource table since these are displayed on the new Resource card
                    • OpsCompass now checks for the use/configuration of AWS Secrets Manager and checks for the use of secret rotation scheduling.
                    • Removed cloud provider prefix from Resource Types as it is redundant information
                    • Fixed a bug where sometimes GCP scans would run out of memory; this typically only happened with new GCP accounts
                    • Changed the target of Dashboard’s ‘View all Inventory’ link to land on Resources tab
                    • Fixed Export Report function on compliance status for all resources page
                    • Fixed a bug where in certain cases users were not able to export Compliance reports
                    • Fixed a bug where EC2 SecurityGroup relations were not being properly parsed even though they were present in the scan
                    • Added sql#database resource type (GCP)
                    • Expanded type dependency scanning to cover Azure
                    • Expanded type dependency coverage of GCP scanning
                    • Break up `sync-subscription-resources`
                    • Corrected remediation steps for AWS CloudWatch KMS Key management
                    • Updated style of buttons and icons used on Inventory page
                    • Added check for AWS S3 Buckets to ensure CloudTrail buckets are not exposed to the internet.
                    • Authored compliance check for AWS accounts to ensure there are more users than just root
                    • Corrected the remediation steps for AWS CloudWatch compliance checks

                    June 17th, 2021

                    Bug Fixes/Improvements
                    • OpsCompass now checks for the use/configuration of AWS Secrets Manager and checks for the use of secret rotation scheduling.
                    • To remove confusion introduced by showing framework-specific severity levels for problems, OpsCompass has removed the framework-specific severity levels and now shows only the framework control references. Note that the Severity is still present at the control/requirement level.
                    • Corrected the remediation steps for AWS CloudWatch compliance checks
                    • Changed the target of Dashboard’s ‘View all Inventory’ link to land on Resources tab
                    • Fixed a couple issues that caused compliance problems for deleted resources to be counted on the dashboard and inventory.
                    • Fixed a bug where in certain cases users were not able to export Compliance reports
                    • Changed header on Exception/Mitigation modal popup when no resources selected
                    • Improved check coverage for NIST CSF v1.1
                    • Display popup to show “Select resources using checkboxes” on clicking Add exception button on check page
                    • Changed default tab in inventory to ‘Resources’
                    • Added tags for severities to the controls display on disabled checks
                    • Tabular display of related resource for resource no longer contains entry for itself
                    • Fixed bug where duplicate Compliance Framework sub controls displayed on resource in inventory.
                    • Added additional check information to Inventory Resource page
                    • Improved loading message in inventory
                    • Updated paging controls and entries per page styles used in DataTable
                    • Authored compliance check to ensure Redis Cache is not publicly exposed
                    • Assigned network checks to CIS AWS Benchmark 5.2 control
                    • Assigned network checks to CIS AWS Benchmark 5.1 control
                    • Improved sort widget indicators
                    • Updated References: Update references to Compliance Status for Resource page
                    • Updated References: Run migration script to migrate rule data to checks
                    • Clean Up: Remove (now obsolete) Rule Pages
                    • Updated References: Replace disabled checks card with disabled rules
                    • Top Fix card now links to new Check Page
                    • Refactored Manage Check Page to improve use and presentation
                    • Created Manage Check Page

                    May 26th, 2021

                    New Features
                    • OpsCompass now includes support for FedRAMP (technical controls of the Moderate Baseline template)
                    • Compliance Problems and Top Fix links now link to a new Check page that improves the use and presentation of compliance information for resources
                    Bug Fixes/Improvements
                    • Changed default tab in Inventory to ‘Resources’
                    • Updated paging controls and entries per page styles used in DataTable
                    • Improved sort widget indicators
                    • Added tags for severities to the controls display on disabled checks
                    • Tabular display of related resource for resource no longer contains entry for itself
                    • Improved loading message in inventory
                    • Changed text for Exception/Mitigation modal popup when no resources selected
                    • Top Fix card now links to new Check Page
                    • Fixed intermittent datatable initialization issue
                    • Fixed bug where duplicate Compliance Framework sub controls displayed on resource in inventory.
                    • Removed legacy artifacts from setupEventForwarding AWS Lambda
                    • Added OpsCompass Master Control expansion to checks on controls on upload
                    • Fixed compliance rules upload script bug where proper cloud rule was not being generated
                    • Added mapToKey functionality in Auger processConfig function
                    • Make getResourceRelationships return a better JSON object
                    • Authored compliance check: AWS EKS Ensure clusters are created with private endpoint enabled and public access disabled
                    • Authored compliance check: AWS EKS Restrict access to the control plane endpoint
                    • Authored compliance check for: CIS AWS EKS 2.1 Enable audit logs check
                    • Added additional check information to Inventory Resource page
                    • Authored compliance check to ensure Redis Cache is not publicly exposed
                    • Assigned network checks to CIS AWS Benchmark 5.2 control
                    • Ignore disabled checks during compliance scan
                    • Updated References: Update references to Compliance Status for Resource page
                    • Updated References: Run migration script to migrate rule data to checks
                    • Removed Compliance Status for Resource page
                    • Updated References: Replace disabled checks card with disabled rules
                    • Updated References: Update Inventory Resource Page to Link to Check Page

                    May 12th, 2021

                    New Features
                    • OpsCompass now includes support for NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations ( Technical controls are evaluated for adherence to the NIST defined requirements.
                    • Resource Inventory now includes a ‘Related Resources’ tab that shows resources that have a direct relationship to the current resource. This helps users identify change impact and better understand workload resources. The tab contains resource name, related by information, resource type, region, problems, changes, and created date. All columns are sortable.
                    Bug Fixes/Improvements
                    • Authored compliance check for AWS accounts to ensure there are more users than just root
                    • Authored compliance check for signing certificates on AWS root account
                    • Authored compliance check for MFA on AWS Root account
                    • Authored compliance check for the presence of Access Keys for AWS root user
                    • Standardized checkbox classes used in UI
                    • Added AWS Account Summary Resource Type

                    May 4th, 2021

                    New Features
                    • OpsCompass will now send out Dashboard-level information to users on a weekly basis. This weekly report provides you with high-level visibility of your cloud infrastructure’s security posture without needing to login and without including sensitive information.
                    Bug Fixes/Improvements
                    • Fixed bug with CIS rule requiring MFA devices when users do not have console access
                    • Fixed an issue where AWS S3 buckets showed the wrong region in OpsCompass
                    • Re-enabled initial email for account validation
                    • Fixed text box that allows searching inventory by resource name
                    • Updated the framework “MLSS” to “Oracle Database Licensing”

                    April 28, 2021

                    New Features
                    • New users will be able to sign up for accounts secured with a password again, rather than being forced to use Microsoft or Google to log into the app.
                    Bug Fixes/Improvements
                    • Updated Terms of Service for April 2021. Note that you will need to review and approve.
                    • Users who use a password to log in to OpsCompass can change their password through their “Settings” page.
                    • Fixed bug that caused a deleted user to not be immediately logged out.
                    • Fixed bug where a modal could not be dismissed after a company was downgraded to Free Tier.

                    April 14, 2021

                    Bug Fixes/Improvements
                    • Improved No Results Messaging for (most) Pages that Use Page Filters
                    • Addressed empty OLM deployment details table date rendering
                    • Improved consistency with names used in navigation, breadcrumbs and page titles
                    • Added friendly message to user when scope conflicts with a saved filter
                    • Added more descriptive text indicating what is filtered on a page
                    • We inform the user when they authorize OpsCompass in Azure AD but don’t have permissions to set up OpsCompass in any subscriptions.
                    • Improved sizing on Dashboard for smaller screens so that Top Fixes show properly

                    March 25, 2021

                    New Features
                    • Compliance and Drift pages have a new filtering interface! Filters are now presented as a modal window with collapsible sections to improve usability. Of course, Saved Filters are still supported; now accessed through a dropdown list right next to the Filter button.
                    Bug Fixes/Improvements
                    • Updated labels in JSON differencing view in Drift to be bold, black text.
                    • Fixed for issue with viewing drift change where if more than one concern was tied to a change the carets associated with the first concern pointed the wrong direction.
                    • Confirm user delete action
                    • Fixed a bug where whitespace provided with AWS role or external ID would cause an AWS account to fail to connect.
                    • Prevented users from accessing Add Account if they do not have permission to add accounts
                    • Clarified Azure/O365 onboarding instructions to highlight that CSCM only requires read-only access
                    • Fixed a bug with Azure Key Vault Soft Delete Compliance Check checking for Purge Protection property
                    • Resources that are removed from cloud should not display in inventory or dashboard

                    March 10, 2021

                    New Features
                    • Users can now delete user accounts for their company or initiate a delete for their company. If deleting a user or company, the user is brought to a page thanking them for trying OpsCompass. The page has a link back to User deletions are prevented if the user is the only user with the role “company_sysadmin”. They are instructed that they need to transfer the role before the deletion can be completed. All deletion types tell the user the deletion can take up to 30 days to complete.
                    Bug Fixes/Improvements
                    • Fixed not submitting the form for Bulk Mitigation/Policy Exception
                    • Fixed extra ‘Last Known Configuration’ text on resource page
                    • Fixed a bug where a ‘removed’ tag was displaying next to active accounts.
                    • Fixed issue with inconsistencies between Drift Concerns counts on Dashboard and on Drift Page
                    • Modified styles associated with editing Drift Concerns
                    • Added support for assigning teams when creating/updating Drift Concern
                    • Updated column name on Companies page in admin portal from “Age” to “Created On”

                    March 01, 2021

                    New Features
                    • New Accounts Filter Experience on Drift: We have a new way to select the accounts you want to see on the Drift page. This feature will be expanded and grown over time. Try it out and let us know what you think!
                    Bug Fixes/Improvements
                    • Accounts Filter Updates: Every page that has the option to filter by cloud accounts now sorts them by cloud then alphabetically. This is the same order the accounts appear on the dashboard.
                    • Updated teams page to have label ‘Drift Concerns’ instead of ‘Alert Concerns’
                    • New URLs for the “Upgrade” and “Free Trial” links: these now link to new pages in our dot-com experience. Upgrade links to our Pricing Page and the “free trial” links to our “Start for Free” page.
                    • Fixed time zone issue with setting mitigations/policy exceptions on resources that leads to incorrect history information
                    • Modified Welcome pages 14-day Free Trial link
                    • Ignoring realtime event processing errors related to short-lived Azure resources (such as Databricks resources)

                    February 16, 2021

                    New Features
                    • N/A
                    Bug Fixes/Improvements
                    • Support AWS CloudFormation template: So that OpsCompass can successfully discover and monitor resources while using only read-access permissions within AWS, we have authored a forwarding rule. The forwarding rule monitors all AWS service events, both raw and CloudTrail sourced, that sends events to OpsCompass and stores them in an S3 bucket. To ensure that data sources are not readable to OpsCompass a deny policy is used to explicitly prevent access of data source contents.
                    • Added additional information to ‘Add Account’ page including KB references and invite user button
                    • Updated new AWS signup experience to Pharos Styles
                    • Chrome browser issue – Fix mega-caret issue seen on compliance framework page
                    • Updated time zone should not give you a confirmation prompt about legal settings
                    • Updated AWS Lambdas to allow non-administrative signup
                    • Updated ‘Add Account’ workflow to use new Pharos styles and colors
                    • Corrected inconsistency between number of accounts displayed on dashboard and inventory
                    • Updated styles and layout in Inventory pages
                    • Updated Inventory Page to use Pharos Colors and Icons
                    • Corrected bug associated with MLSS date checking that created unnecessary compliance drift
                    • Capture CloudFormation stacks with similar names
                    • Modified CIS check to remove ports 22 and 3389 validation from AWS default security groups
                    • MS 365: Split scanning functions from HTTP-triggered functions
                    • Added CIS rule for microsoft.graph.identitySecurityDefaultsEnforcementPolicy

                    Like what you see? Try OpsCompass for free!

                    Get started right now by signing up for a free trial of OpsCompass. Or, learn more with a live demo.