What's New in R24-1

Note to Customers with Tiered Licenses

Since R23-2, TOS features are enforced on tiered licenses according to solution tier. Examples are topology and some SecureChange workflows that are available only in the SecureChange+ tier, and provisioning that is available only in the Enterprise tier - see Solution Tiers. For more information contact your account team.

To filter the results, enter text in one or more of the filter fields.

To see all items, clear the filter fields.




Cleanup Enhancements for Azure FW and NSG rules.

Last hit date is now supported for Azure Firewall and NSG rules. The field appears in the Rule Viewer for these rules and can be queried using TQL. In SecureTrack Reporting Essentials (STRE), users can generate, schedule, and share reports that identify Azure FW or NSG unused rules using the reports: Rule Analytics and Security Best Practice. This enhancement helps identify unused rules to remove unneeded access, improve security posture, reduce the attack surface, and simplify cleanup initiatives in Azure.

rule viewer, rules, query, tql, azure, last hit, nsg, firewall, securetrack, cloud & platforms

Topology Support for GCP

GCP is now incorporated in the topology map. This release also supports path analysis calculations based on GCP network tag objects. These enhancements reduce MTTR, simplify network troubleshooting, and provide clear, dynamic visibility for the entire hybrid environment.

topology, gcp, vpc, palo alto, vm series, securetrack, cloud & platforms

Topology Support for Panorama Managed Prisma Access

Panorama Managed Prisma Access is now included in topology. This means Prisma on the Topology Map and automation is enhanced, allowing access requests to be made in Topology mode assisted by auto-suggest target selection. In addition, USP violations and shadowing are now calculated for Prisma policies. These enhancements improve network topology accuracy, visibility to Prisma remote networks and remote users in topology map automation and analysis, reduce MTTR as well as increase dynamic visibility for the entire hybrid environment and troubleshooting capabilities of Prisma policies specifically.

panorama, prisma, securetrack, managed, access, cloud & platforms

Addition of GCP and Cisco Meraki Via Proxy Authentication

Cisco Meraki and GCP projects can be added to SecureTrack via proxy authentication. The proxy acts as an intermediary between TOS and GCP/Cisco Meraki, providing secure connection from TOS to the external platforms while still meeting the corporate security requirements for external connections via a proxy.

gcp, proxy server, securetrack, cloud & platforms

Support for Cisco Cloud-Delivered FMC

Tufin offers full feature parity with on-premises Cisco management platforms to ensure a smoother transition to the cloud without compromising on policy management capabilities. You can leverage the scalability and flexibility of cloud-delivered FMC, while still getting the Tufin value for visibility, topology, cleanup, compliance, and automation.

cisco, cdfmc, fmc,

cloud & platforms

Support for Palo Alto Cloud NGFW on Azure

Palo Alto Device Groups that manage Palo Alto Cloud NGFW on Azure are now supported. This enables policy visibility in the Rule Viewer, comparing revisions, creating reports, and automation / provisioning. You can now understand risk mitigation, cleanup calculations, audit and compliance, policy visibility and automate firewall change requests to Palo Alto Cloud NGFW on Azure.

palo alto, azure, cloud, ngfw, securetrack, securechange, cloud & platforms

Support for Palo Alto VM series on GCP

All functionality for Palo Alto is now provided for VM Series firewalls deployed on GCP.

palo alto vm, firewall, fw, gcp,cloud & platforms

Ticket Search Enhancement

Ticket search has a brand-new look-and-feel. All search functions on the Ticket page now appear at the top of the page, instead of in a pop-up window. You can easily swap between free search and detailed search and enjoy a smoother user experience.

tickets, search, securechange, automation

SecureChange Reporting API

This new API retrieves SecureChange ticket and step events providing new and more granular reporting possibilities. It will enable you to develop custom dashboards and reports of SecureChange ticket statistics, to identify ticket handling bottlenecks, and improve processes and response times.

api, lifecycle, access request, dashboard, reports, securechange, automation

Automation for ACI-based Panorama DAGs

Customers using Panorama and ACI integration with DAG-based ACI EPG tags in their Panorama security policies can now securely automate changes with SecureChange workflow tools. This includes Risk Analysis to ensure compliance and help avoid risks, topology map for enhanced network connectivity troubleshooting, and auto-target selection, Verifier, and Designer to accelerate the change process.

panorama, aci, epg, palo alto,


Automation for Panorama UserID from Specific Network

SecureChange now supports Palo Alto rules and access requests whose source includes both UserID (LDAP Groups) and IP addresses. Automation tools are now available for this type of access request, providing enhanced change automation, saving time and improving accuracy.

user identity, access request, palo alto, securechange, automation

PCI-DSS 4.0 USP Template

The PCI-DSS USP template has been updated to meet the latest PCI-DSS 4.0 standard.

Available from PGA.0.0.

PCI, USP, template, security & compliance

Rule Viewer- Rule Selection Enhancements

In the Rule Viewer, a contiguous group of rules can be quickly selected by using the mouse and keyboard. In addition, the selection limit has been increased from 300 to 5,000 rules for three actions: Edit rule documentation, Add related ticket and Export to CSV. This increases flexibility and saves time.

rule viewer, limit, selection, list, group, shift, securetrack,

Rule Viewer – view rules that intersect with a subnet

The new Rule Viewer TQL operator, 'intersects', locates rules whose source or destination intersects with a given host IP, subnet, or range. This refined query capability enables you to check if a rule's source or destination belongs to a specific subnet and optimize firewall rules.

Available from PGA.0.0.

query, subnet, host, range, intersect, TQL, operator, rule viewer, securetrack, security & compliance

Support for Violations of Azure Firewall Rules Violations are now calculated for Azure firewalls, facilitating compliance of Azure firewall policies with regulatory requirements, continuous compliance, and successful audits. violation, risk, calculation, azure, firewall, securetrack,security & compliance,cloud & platforms

Customizable Validation for SecureApp Tickets

A new option to add a custom validation script is available for SecureApp, which allows you to ensure application properties, like object names, USP compliance and others, are correct before a ticket is created. This will prevent invalid tickets from being created and later rejected, therefore application owners will save time, avoid complications, and work more efficiently.

secureapp, validation, script

Shadowed Rules Active Display

When shadowing rules are shown in the Rule Viewer for a selected shadowed rule, hovering over rule objects shows tooltips and some items are clickable. This provides an improved user experience and helps users make more informed decisions.

shadowed rule, rule viewer, securetrack

TOS Cluster Health Alerts

New default alerts for file system usage and database status have been added. The result is simpler monitoring, aiding mitigation of risks to TOS cluster health before they affect the application. In addition, enhanced validation now prevents creating or changing incorrectly configured alerts.

cluster health, alerts, notifications, securetrack