Fix Release

0.4.3 (2024-08-08)

Fixes

• Fix pgoc on arm64
• Update documentation for PGO user initial setup
• Update default group_id for Container Security on EKS clusters

VNS, Istio, new scenarios, and more

0.4.2 (2024-08-08)

Changes

• Added support for Vision One Virtual Network Sensor. If enabled the Virtual Network Sensor is deployed into the PGO VPC. The PGO Active Directory and PGO instances will mirror their traffic to the data port of VNS. Requires the VNS Token from Vision One UI.
• Added support for Istio on EKS EC2.
• New Scenarios:
  • XDR -> Detection Model Exceptions for Container Security.
  • Endpoint Security -> Deep Security -> Integrate Deep Security with Vision One and Demo Benefits.
  • Cloud Security -> Container Security -> EKS -> Playing with Istio Service Mesh.
• You can now choose the OS SKU for the nodes in the AKS Cluster. It defaults to AzureLinux.
• The EKS cluster deployment of V1 Container Security now supports group_id using the Terraform Provider.
• The pgo command now checks if your local IP has changed and needs and update.

Scenarios, Custom PGO User and more

0.4.1 (2024-07-18)

Changes

• AWS ECS configurations are now split into two separate configurations ecs-ec2 and ecs-fg. This simplifies the deployment and now works the same way as AWS EKS.
• All Terraform Modules and Providers are now version fixed.
• Improved Naming of instances in regards to the PGO Active Directory
• pgo --config does now allow to disable initialization of Terraform after a first run. This speeds up configuration changes dramatically.
• Playground One can optionally use its own AWS user with limited privileges. The user can be created by running pgo --apply user, which of course requires administrative privileges with your own AWS user. You have to enable the PGO user in the configuration, but you can disable it at any time.
• Migrated EKS cluster deployments to use the Vision One Terraform Provider.
• There are new scenarios available:
  • Deploy Service Gateway on AWS manually
  • Deploy Service Gateway on AWS automatically
  • Integrate an Active Directory via Service Gateway on AWS
• New Scenario section: Workflow and Automation - Third-Party Integration:
  • Setup Splunk
  • Integrate Splunk with Vision One XDR
  • Integrate V1CS Customer Runtime Security Rules with Splunk
  • Setup Elastic Stack
  • Integrate Elastic Stack with Vision One
• XDR Threat Investigation: CloudTrail
• Identity Posture: Populate the Active Directory

Fix release

0.2.1 (02/27/2024)

Fixes

• The implementation of a proper Vision One Container Security life-cycle broke the deployment since the DELETE api_call was fired too early.

Changes

• Simple S3 Bucket scanner now part of Playground One. This includes a dedicated scenario.
• Improved handling of public IPs in configflow when running on Cloud9.
• Eventually existing Azure credentials are now made available within the container.

Maintenance release

0.2 (02/20/2024)

Fixes

• Vision One Container Security gets unregistered from Vision One on cluster destroy.
• Cluster deployments are now correctly destroyed in the correct order.
• Allow docker client to work with docker.sock on Cloud9

Changes

• Playground One Container now supports versioning.
• ECS Fargate task definition patcher bumped to version 2.3.30
• New scenario added: Container Image Vulnerability and Malware Scanning as GitHub Action.
• Removed openssl3 demo app.