What Changed
The GDPR Compliance & Data Security workbook expanded its asset monitoring capabilities from hostname-only filtering to support multiple cloud and storage asset types. The watchlist schema changed from HostName to AssetName as the search key.
Security Impact (Visibility & Fidelity)
Previously, the workbook only tracked security alerts against traditional servers/hosts listed in the GDPR watchlist. Organizations using cloud resources to store personal data had a compliance monitoring blind spot — incidents against Azure storage accounts, AWS resources, or GCP assets were invisible in GDPR reporting.
The updated KQL logic now extracts entity names from multiple entity types:
- azure-resource: ResourceId field
- amazon-resources: AmazonResourceId field
- gcp-resource: FullResourceName field
- blob-container and blob: Name field
- host: HostName or FQDN fields (retained)
This eliminates the cloud asset blind spot for GDPR compliance monitoring. Organizations must update their watchlist format and repopulate with all personal data hosting assets.
Affected Files
Solutions/GDPR Compliance & Data Security/Workbooks/GDPRComplianceAndDataSecurity.json
(packaging artefacts: Workbooks/WorkbooksMetadata.json)