12/10/24
New Cloud Control Center updates for 16.4.0
This release includes various bug fixes, updates to the UI, updates to the API, and several new and improved features detailed below.
Elisity IdentityGraph
Claroty xDome Enforcement Status Integration
Cloud Control Center will now send enforcement status updates on a per-device basis to Claroty xDome. To learn more, read the Connect Claroty xDome or the Connect Medigate article.
Disable IP-Only Lookup Support
IP-only lookup in IdentityGraph can now be disabled for any connector that supports this function. This setting is configured on the backend and requires assistance from Elisity Support. Review the appropriate connector classification details document to learn more.
Locked Devices Purging Behavior Change
Locked devices will remain in the Device List indefinitely, even if they are offline for an extended period. To learn more, read the Policy Groups article.
Connector Priority Adjustment
The order and priority of IdentityGraph's evaluation of Connector data for inclusion in Core Effective Attributes are now simpler and faster to configure. Currently, this functionality is available only to Elisity Support, and customers must contact them for any adjustments.
Policy
Policy Set Enforcement Score
Cloud Control Center now calculates a Policy Set Enforcement Score, which is determined by the number of Policy Groups, Security Levels, and both Active and Simulated Policies. To learn more, read the Policy Set Enforcement Score article.
Palo Alto Networks Dynamic Address Group Integration
Cloud Control Center 16.4 now supports integration with Palo Alto Networks firewalls. This integration allows Cloud Control Center to share the IP addresses of devices assigned to selected Policy Groups with Palo Alto Networks firewalls as Dynamic Address Groups (DAGs). To learn more, read the Palo Alto Networks Firewall Integration - Policy Group Derived Dynamic Address Groups (DAG) article.
Policy Group Additional Match Criteria Operators for ServiceNow and Native
Additional match criteria operators are now available for ServiceNow and Native match criteria when defining a Policy Group. This includes operators such as "Not Equals" and "Does not Contain". To learn more, read the Policy Groups article.
Unassigned Policy Group Behavior Change
Before Cloud Control Center version 16.4.0, the Unassigned Policy Group utilized the default 0.0.0.0/0 security group. In the latest version, devices in the Unassigned Policy Group now receive device tag mappings just like any other Policy Group.
Analytics
The Analytics dashboard in Cloud Control Center has received the following improvements, which are all documented in our Visibility and Traffic Analytics article.
Simulated and Active Policy Details
In the Traffic Flow view of the Policy Matrix, clicking on a cell now highlights whether the hits originated from a Simulated Policy or an Active Policy.
General UI
Logs and Events is now "Monitoring"
The Logs and Events page has been renamed to "Monitoring".
Notifications Bar Enhancement
The Notifications Bar now features updated colors to clearly indicate the status and urgency of each notification. To learn more, read the Elisity Cloud Control Center User Guide and Initial Configurations article.
Devices Page Saved Filter Reset
Loading a saved filter will clear any existing filters or searches applied in the search bar. To learn more, read the Policy Matrix
+N notification for Dashboard Tiles
The "Sites," "Virtual Edge Nodes," and "Policies" tiles on the Cloud Control Center dashboard now display the count of newly added Sites, Virtual Edge Nodes, and Policies within each tile.
Saved Filters Per Policy Set
Saved filters are now only displayed within the relevant Policy Set. To learn more, read the Policy Matrix article.
Virtual Edge
Arista 7050 Support
This release introduces support for onboarding the Arista 7050 switch as a Virtual Edge Node. See the Switch Compatibility Matrix for more details.
Changing Virtual Edge Group Association
Virtual Edge group association can now be changed in the UI. To learn more, read the Virtual Edge Groups article.
API Updates
API Endpoints have been added or deprecated to accommodate new functionality. These can be viewed in the API Documentation portal in Cloud Control Center. Read the How to Access Elisity APIs article for details on how to access API documentation.
API Endpoints Removed
Policy Group Bulk
DELETE /api /policy /v2 /policy-groups /bulk
Bulk delete Policy Groups
API Endpoints Added
Device - recalculate-attributes
PUT /api /identity-graph /v1 /devices /recalculate-attributes
Recalculate attributes on all devices
Settings
GET /api /identity-graph /v1 /settings /elisity-enrichment-order
Read the enrichment order for CCC connectors
POST /api /identity-graph /v1 /settings /elisity-enrichment-order
Update/change the enrichment order for CCC connectors
DELETE /api /identity-graph /v1 /settings /elisity-enrichment-order
Delete enrichment order settings entry
GET /api /identity-graph /v1 /settings /elisity-enrichment-order /raw
Read raw enrichment order settings entry
GET /api /identity-graph /v1 /settings /elisity-enrichment-order /dto
Read enrichment order settings entry
GET /api /identity-graph /v1 /settings /all
Read all settings entries
Device - Attach
POST /api /identity-graph /v1 /devices /attached
Attach devices by MAC or create new ones if not exists
GET /api /policy /v2 /policy-groups /vens /{id}
Get Policy Groups assigned to a VEN
Policy Group Bulk
PUT /api /policy /v2 /policy-groups /bulk
Bulk update of Policy Groups
DELETE /api /policy /v2 /policy-groups /bulk
Bulk delete Policy Group
Policy
GET /api /policy /v1 /policy-sets /policies /count
Get Policies count for a given Policy Set
Virtual Edge
PUT /api /topology /v1 /virtual-edges /{id} /change-group /{idNewVirtualEdgeGroup}
Change virtual edge group for existing virtual edge
Virtual Edge Group
PUT /api /topology /v1 /virtual-edge-groups /{id} /rebalance
Rebalance Virtual Edges within a VE Group
GET /api /topology /v1 /virtual-edge-groups /{id} /is-imbalanced
Check if Virtual Edge Group is imbalanced
distribution-zone-controller
POST /api /topology /v1 /distribution-zones /bulk /delete
Bulk delete distribution zones
Bulk Validation
POST /api/topology/v1/virtual-edges/bulk/change-group
Virtual Edges bulk change group