16.4.0 Release Notes

12/10/24

New Cloud Control Center updates for 16.4.0

This release includes various bug fixes, updates to the UI, updates to the API, and several new and improved features detailed below. 

 

Elisity IdentityGraph

Claroty xDome Enforcement Status Integration
Cloud Control Center will now send enforcement status updates on a per-device basis to Claroty xDome. To learn more, read the Connect Claroty xDome or the Connect Medigate article.

Disable IP-Only Lookup Support
IP-only lookup in IdentityGraph can now be disabled for any connector that supports this function. This setting is configured on the backend and requires assistance from Elisity Support. Review the appropriate connector classification details document to learn more. 

Locked Devices Purging Behavior Change
Locked devices will remain in the Device List indefinitely, even if they are offline for an extended period. To learn more, read the Policy Groups article.

Connector Priority Adjustment
The order and priority of IdentityGraph's evaluation of Connector data for inclusion in Core Effective Attributes are now simpler and faster to configure. Currently, this functionality is available only to Elisity Support, and customers must contact them for any adjustments.

Policy

Policy Set Enforcement Score
Cloud Control Center now calculates a Policy Set Enforcement Score, which is determined by the number of Policy Groups, Security Levels, and both Active and Simulated Policies. To learn more, read the Policy Set Enforcement Score article. 

Palo Alto Networks Dynamic Address Group Integration
Cloud Control Center 16.4 now supports integration with Palo Alto Networks firewalls. This integration allows Cloud Control Center to share the IP addresses of devices assigned to selected Policy Groups with Palo Alto Networks firewalls as Dynamic Address Groups (DAGs). To learn more, read the Palo Alto Networks Firewall Integration - Policy Group Derived Dynamic Address Groups (DAG) article. 

Policy Group Additional Match Criteria Operators for ServiceNow and Native
Additional match criteria operators are now available for ServiceNow and Native match criteria when defining a Policy Group. This includes operators such as "Not Equals" and "Does not Contain". To learn more, read the Policy Groups article. 

Unassigned Policy Group Behavior Change
Before Cloud Control Center version 16.4.0, the Unassigned Policy Group utilized the default 0.0.0.0/0 security group. In the latest version, devices in the Unassigned Policy Group now receive device tag mappings just like any other Policy Group. 

Analytics

The Analytics dashboard in Cloud Control Center has received the following improvements, which are all documented in our Visibility and Traffic Analytics article. 

Simulated and Active Policy Details
In the Traffic Flow view of the Policy Matrix, clicking on a cell now highlights whether the hits originated from a Simulated Policy or an Active Policy.

General UI

Logs and Events is now "Monitoring"
The Logs and Events page has been renamed to "Monitoring".

Notifications Bar Enhancement
The Notifications Bar now features updated colors to clearly indicate the status and urgency of each notification. To learn more, read the Elisity Cloud Control Center User Guide and Initial Configurations article. 

Devices Page Saved Filter Reset
Loading a saved filter will clear any existing filters or searches applied in the search bar. To learn more, read the Policy Matrix

+N notification for Dashboard Tiles
The "Sites," "Virtual Edge Nodes," and "Policies" tiles on the Cloud Control Center dashboard now display the count of newly added Sites, Virtual Edge Nodes, and Policies within each tile.

Saved Filters Per Policy Set
Saved filters are now only displayed within the relevant Policy Set. To learn more, read the Policy Matrix article.

Virtual Edge

Arista 7050 Support
This release introduces support for onboarding the Arista 7050 switch as a Virtual Edge Node. See the Switch Compatibility Matrix for more details.

Changing Virtual Edge Group Association
Virtual Edge group association can now be changed in the UI. To learn more, read the Virtual Edge Groups article. 

API Updates

API Endpoints have been added or deprecated to accommodate new functionality. These can be viewed in the API Documentation portal in Cloud Control Center. Read the How to Access Elisity APIs article for details on how to access API documentation.

API Endpoints Removed

Policy Group Bulk

DELETE /api /policy /v2 /policy-groups /bulk
Bulk delete Policy Groups

 

API Endpoints Added

Device - recalculate-attributes

PUT /api /identity-graph /v1 /devices /recalculate-attributes
Recalculate attributes on all devices

Settings

GET /api /identity-graph /v1 /settings /elisity-enrichment-order
Read the enrichment order for CCC connectors

POST /api /identity-graph /v1 /settings /elisity-enrichment-order
Update/change the enrichment order for CCC connectors

DELETE /api /identity-graph /v1 /settings /elisity-enrichment-order
Delete enrichment order settings entry

GET /api /identity-graph /v1 /settings /elisity-enrichment-order /raw
Read raw enrichment order settings entry

GET /api /identity-graph /v1 /settings /elisity-enrichment-order /dto
Read enrichment order settings entry

GET /api /identity-graph /v1 /settings /all
Read all settings entries

Device - Attach

POST /api /identity-graph /v1 /devices /attached
Attach devices by MAC or create new ones if not exists

GET /api /policy /v2 /policy-groups /vens /{id}
Get Policy Groups assigned to a VEN

Policy Group Bulk

PUT /api /policy /v2 /policy-groups /bulk
Bulk update of Policy Groups

DELETE /api /policy /v2 /policy-groups /bulk
Bulk delete Policy Group

Policy

GET /api /policy /v1 /policy-sets /policies /count
Get Policies count for a given Policy Set

Virtual Edge

PUT /api /topology /v1 /virtual-edges /{id} /change-group /{idNewVirtualEdgeGroup}
Change virtual edge group for existing virtual edge

Virtual Edge Group

PUT /api /topology /v1 /virtual-edge-groups /{id} /rebalance
Rebalance Virtual Edges within a VE Group

GET /api /topology /v1 /virtual-edge-groups /{id} /is-imbalanced
Check if Virtual Edge Group is imbalanced

distribution-zone-controller

POST /api /topology /v1 /distribution-zones /bulk /delete
Bulk delete distribution zones

Bulk Validation

POST /api/topology/v1/virtual-edges/bulk/change-group
Virtual Edges bulk change group

 

Was this article helpful?
1 out of 1 found this helpful