What's New in ASMS A32.20
Release date: May 2022
Welcome to AlgoSec Security Management Suite (ASMS) version A32.20. This latest release further extends application connectivity visibility into the multicloud and across the entire hybrid environment.
Highlights of A32.20 include support for new devices like PAN Prisma Access (in EA) , risks for GCP, and extended support for NSX-T in AWS (in EA) .
There are also some nice new features for PAN Panorama devices: Support for URL Categories and now you can push rules to all Device Group levels.
We've also updated these compliance reports:
- MAS-TRM
- NIST 800-53v5
Application Connectivity
AppViz | Application flows: Enhanced filtering capabilities
Now you can define additional fields to filter application flows like Custom Fields and Network Application and Network User filters. See Filtering Flows.
Security Estate Visibility
Advanced Policy Search
New simplified syntax allows complex queries using OR and NOT operators. The search can include object content too. see Advanced Policy Search.
TSQ | Query Visualizer
The Query Visualizer helps you to better understand your network routing. You can set the TSQ map to show additional paths that were found, but disqualified. See Query Visualizer.
Policy & Compliance
We’ve updated these compliance reports:
- Monetary Authority of Singapore-Technology Risk Management (MAS-TRM) Compliance update (Revision Jan 2021).
- NIST 800-53v5 Compliance update (security and privacy controls for all US Federal information).
Cloud
GCP | Risk
ASMS now supports GCP Project policy visibility and risks for Google Cloud added in AlgoSec Cloud. See GCP (Google Cloud Platform) projects in AFA.
Microsoft Azure | Visibility of Policies with no VMs
AWS | Visibility of Polices with no EC2s
Enterprise Grade
ASMS Integration with AlgoSec Cloud and ObjectFlow via Proxy
New connectivity through a proxy improves ASMS integration with: AlgoSec Cloud, ObjectFlow, ASMS integration to SaaS services.
New APIs in A32.20
URL Category APIs (for Panorama devices)
- Get the list of URL categories. See Get the list of all URL Categories .
- Create or edit a list of URL categories. See Create/add URL Categories .
- Delete URL categories. See Delete URL categories .
- and more.
Advanced policy search APIs
- Rules Advanced Search - basic: Retrieve a list of rules according to the search query. See Rules Advanced Search - basic.
- Rules Advanced Search - full: Retrieve a list of rules according to the search query. See Rules Advanced Search - full .
Bulk update keys of AWS cloud accounts
- Change the keys of AWS cloud accounts in bulk. See Bulk update keys of AWS cloud accounts.
Devices & Orchestration
Check Point R8X Layers Now GA
Now in A32.20, ASMS supports Risk analysis and Traffic Simulation Query for Inline and Ordered Layers. Also, FireFlow supports ActiveChange for Inline and Ordered Layers. See Check Point layers behavior.
Cisco Firepower
Applications support
ASMS now supports application visibility and changes. We've added new applications-related risks and support for applications as part of TSQ.
FMC Support for SGT
ASMS now supports Security Group Tag objects.
Cisco ACI | Shared Services
Route Leaking & Export and Import Contracts
ASMS provides support for connectivity between VRFs in the same tenant and in different tenants, and between VRFs in a common tenant and other tenants, including support for automation in FireFlow. For this we've added three new contract types in the Policy tab:
- Inter-VRF contract
- imported contract
- Not formed contract
Cisco Meraki | Improvements GA
Support for visibility (in Policies and TSQ) in General Availability.
Palo Alto Networks
Panorama | URL Category Support
ASMS now supports visibility for URL Categories in TSQ, risks & policy optimization reports.
In FireFlow, you can create a ticket using panorama URL categories, implement the ticket, run ActiveChange and validate the results. See Working with Panorama URL Categories.
Panorama | Device Group Hierarchy
Now you can fully utilize Device Group hierarchy when creating a new traffic request rule. You can push rules to all Device group levels: By selecting upwards in the hierarchy, you can propagate rules to Device Groups below. You can create manually or automate the Device Group selection using hooks. See Palo Alto Networks Panorama devices and SelectPolicyForDevices.
Prisma Access visibility EA
ASMS now supports Prisma Access visibility for remote networks and service connections (in changes, TSQ and risks).
VMware NSX-T on AWS (in EA)
Now you can onboard an NSX-T deployed on AWS. See Support for NSX-T deployed on AWS (VMC).
Arista VRRP support (in EA)
AFA now supports Arista's VRRP cluster.
Clear your browser's cache