Multicloud Defense Terraform Provider Version 0.2.5 November 6, 2023

Adds support in a cloud service provider account ciscomcd_cloud_account resource for onboarding GCP folder hierarchies to accommodate asset and traffic discovery of all projects that are contained within a Folder hierarchical structure. Onboarding GCP folders permits asset and traffic discovery, but does not permit full orchestration. Discovery is beneficial and necessary for creating a dynamic policy that adapts in real time to changes made within the GCP projects. In order to orchestrate within a project, each project where orchestration is required should be onboarded individually.

Adds support for sending Multicloud Defense Gateway metrics to 3rd-party SIEMs. This introduces a new metrics forwarding profile ciscomcd_profile_metrics_forwarding resource that can be configured and assigned to Multicloud Defense Gatewayciscomcd_gateway resources in order for gateway metrics to be sent to the SIEM. The first implementation supports Datadog as a SIEM. Support for other SIEMs will follow in future releases.

Changes the Multicloud Defense Gatewayciscomcd_gateway resource aws_gateway_lb argument default value from false to true. When deploying an AWS egress gateway, the supported transit architecture is an AWS gateway load balancer (GWLB) architecture. This argument is optional and if not specified should default to the appropriate value.

Adds support for sending audit and system logs to Splunk. This introduces an update to the alert profile ciscomcd_alert_profile resource by adding Splunk as a new value for the type argument.

Adds support for sending audit and system logs to Microsoft Teams. This introduces an update to the alert profile ciscomcd_alert_profile resource by adding Microsoft Teams as a new value for the type argument.

Enhances the forward proxy policy to validate the server certificate when negotiating the backend TLS session. The certificate validation is disabled by default, but can be configured in a decryption profile ciscomcd_profile_decryption resource for all TLS sessions and in an FQDN match object ciscomcd_profile_fqdn resource on a per-domain (or set of domains) basis.

Adds support for creating an Azure Resource Group (RG) as part of the service VNet ciscomcd_service_vpc resource. The RG is required such that all resources orchestrated by the Multicloud Defense Controller will be associated within the specified (or newly created) RG.

Fixes an issue where validation was not being performed when configuring a forward or reverse proxy service object ciscomcd_service_object resource to require a decryption profile ciscomcd_profile_decryption to be assigned to the tls_profile argument when using a secure proxy (TLS, HTTPS, WEBSOCKETS) value assigned to the transport_mode argument. If a secure proxy is configured, it must have a decryption profile assigned otherwise the proxy will not operate as a secure proxy and TLS encrypted traffic will be denied.