November 2025 Platform Releases

Generally Available

• Red Hat Core OS support added

  Red Hat Core OS version 4.x is now supported for host vulnerability scanning.

• AWS Terraform, Cloudformation, and Control Tower configuration module upgrades

  These releases add or update permissions to scan the following AWS services and APIs:

  • AWS Step Functions (SFN)

    • ListTagsForResource

    • GetActivityTask

    • ListActivities

    • DescribeExecution

    • GetExecutionHistory

    • ListExecutions

    • DescribeMapRun

    • ListMapRuns

  • SES

    • GetExportJob

    • GetMultiRegionEndpoint

    • ListExportJobs

    • ListMultiRegionEndpoints

  • AppStream

    • ListTagsForResource

  • User Notifications

    • ListEventRules

    • ListManagedNotificationChildEvents

    • ListOrganizationalUnits

    • ListMemberAccounts

    • ListNotificationConfigurations

    • ListManagedNotificationConfigurations

    • ListManagedNotificationEvents

    • ListTagsForResource

    • ListManagedNotificationChannelAssociations

    • ListNotificationEvents

    • ListChannels

    • ListNotificationHubs

  Some of these permissions are added for services that are not currently supported. They are included to prepare for possible future additions to the supported services and to reduce the need for re-deployments when new services are supported.

  The following new versions of these modules have been released:

  • Terraform terraform-aws-config version 0.23.0

  • CloudFormation lacework-aws-cfg version 0.7.0

  • Config+CloudTrail CloudFormation lacework-aws-ct-cfg version 0.6.0

  • Control Tower lacework-control-tower-cfnversion 1.6.9

  • AWS Organizations aws-org-cf-laceworkversion 1.1.10

  You should upgrade to the latest release for the appropriate module you use to manage your AWS configuration integration.

  For more information about Terraform, see Maintain Cloud Integrations with Terraform.

  For more information about CloudFormation, see AWS Integration Using CloudFormation.

  For more information about Control Tower, see AWS Control Tower Integration Using CloudFormation.

• New AWS service coverage added

  The following AWS services and related datasources are now available:

  • AMP (Managed Service for Prometheus)

  • Elastic Container Registry Public

  • Fault Injection Service

  • AppStream

  • Resource Groups

  • Service Catalog AppRegistry

  • Q in Connect

  • CloudWatch Observability Access Manager

  • Cloud Map

  • Cost Explorer

  • Transfer Family

  • Budgets

  For more information, see Datasource Metadata. Note that the introduction of new services may require you to modify the privileges of the FortiCNAPP user in your cloud accounts. For more information, see Maintain Cloud Integrations with Terraform.

• Policy ID and management consistency for alerts

  All anomaly, compliance and violation alerts now show the associated policy IDs, with direct links to policy management, on the alert detail page, ensuring quick access and updates for each alert.

  The policy-based exception entity lists have been updated to reflect the relevant suppression options unique to each alert type.

• New Azure service coverage added

  The following Azure services and related datasources are now available:

  CDN:

  • microsoft.cdn/profiles/customdomains

  • microsoft.cdn/profiles/origingroups

  For more information, see Datasource Metadata. Note that the introduction of new services may require you to modify the privileges of the FortiCNAPP user in your cloud accounts. For more information, see Maintain Cloud Integrations with Terraform.

• AWS Terraform, Cloudformation, and Control Tower configuration module upgrades

  These releases add or update permissions for User Notifications:

  • Removed:

    • ListManagedNotificationChildEvents

    • ListOrganizationalUnits

    • ListMemberAccounts

    • ListManagedNotificationConfigurations

    • ListManagedNotificationEvents

    • ListManagedNotificationChannelAssociations

  • Added:

    • GetNotificationConfiguration

    • GetEventRule

    • GetNotificationEvent

  Some of these permissions are added for services that are not currently supported. They are included to prepare for possible future additions to the supported services and to reduce the need for re-deployments when new services are supported.

  The following new versions of these modules have been released:

  • Terraform terraform-aws-config version 0.24.1

  • CloudFormation lacework-aws-cfg version 0.7.1

  • Config+CloudTrail CloudFormation lacework-aws-ct-cfg version 0.6.1

  • Control Tower lacework-control-tower-cfnversion 1.6.10

  • AWS Organizations aws-org-cf-laceworkversion 1.1.11

  You should upgrade to the latest release for the appropriate module you use to manage your AWS configuration integration.

  For more information about Terraform, see Maintain Cloud Integrations with Terraform.

  For more information about CloudFormation, see AWS Integration Using CloudFormation.

  For more information about Control Tower, see AWS Control Tower Integration Using CloudFormation.

• New intrusion graph for composite alerts

  The new composite alerts Intrusion Graph is now available. This new graph:

  • Provides a concise visual summary of an alert that augments and complements the Observation Timeline.

  • Explains how the different entities within a composite alert relate to one another (and why they have been included in the same alert).

  The Intrusion Graph presents selected entities involved in the alert as nodes and selected relationships between them as edges.

  • Nodes represent one or more entities of the same type. If a node includes more than one entity, a number in the upper right, indicates the number of entities it includes. Click the node to view the list of entities.

  • Edges represent one or more relationships of the same type. If an edge includes more than one relationship, click the edge to view the list of specific relationships.

  The Intrusion Graph is available for most composite alerts. When available, it can be found in the Observations tab, above the Observation Timeline.

  See Composite Alerts Reference in the Lacework FortiCNAPP Administration Guide for more information.

• Enhanced vulnerability severity reporting

  The Vulnerabilities dashboard now provides enhanced vulnerability and CVE severity reporting, allowing you to view and filter by severity at the observation level.

  The Severity column previously only displayed the maximum severity across all hosts or packages. This column now provides a breakdown of CVE vulnerability levels, along with a count of vulnerabilities for each type, which you can drill down into for additional detail.

  This feature provides greater visibility into the risk posture of your environment, enabling more informed decisions about remediation and mitigation efforts.

• New Google Cloud service coverage

  Many GCP services and related datasources are now available. For the full list, see the LQL Reference.

  For more information, see Datasource Metadata. Note that the introduction of new services may require you to modify the privileges of the FortiCNAPP user in your cloud accounts. For more information, see Maintain Cloud Integrations with Terraform.

Public Preview

• Code security lock file generation

  Package manager lock files are required when performing SCA scanning in order to detect complete sets of dependencies within a repository. If lock files are not available in your repository, FortiCNAPP will generate lock files using the SCA CLI and available tool chains. See Vulnerabilities: 3rd party in the FortiCNAPP Administration Guide.

• Code security severity recalibration

  Security scanners often flag hard coded credentials that are actually harmless test values or placeholders left by developers during development. Lacework FortiCNAPP code security's recalibration feature automatically identifies low-risk findings and adjusts their severity, prioritizing real security threats. See Vulnerabilities: Hard-coded secrets in the FortiCNAPP Administration Guide.