InsightCloudSec Release Notes / Jan 18, 2022

Jan 18, 2022

22.1.0 Release Notes

InsightCloudSec Software Release Notice - 22.1.0 Major Release (01/19/2022)

Our latest Major Release 22.1.0 is available for hosted customers on Wednesday, January 19, 2022. Availability for self-hosted customers is Thursday, January 20, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

Release Highlights (22.1.0)

InsightCloudSec is pleased to announce Major Release 22.1.0. While our first release of this year, 21.7.8, included numerous bug fixes, this major release focuses on the introduction of two substantial new features. 22.1.0 includes support for AWS Inspector V2, which works with our InsightVM integration and provides three new query filters. The second item is support for User Activity within our Cloud IAM Governance module. User Activity takes the first step towards establishing our planned Least-Privileged Access (LPA) feature; you can read more details below. In addition, this release includes three new Azure Insights, two new Azure filters, and a single bug fix for GCP.

Contact us through the new unified Customer Support Portal with any questions.

Features & Enhancements (22.1.0 )

AWS Inspector V2 InsightCloudSec can be configured to retrieve vulnerability findings from AWS Inspector V2. This requires that the Inspector API be configured and that IAM permissions are enabled. For information on how to enable Inspector V2 in AWS, refer to AWS' documentation. The IAM permission required to allow InsightCloudSec to retrieve Inspector findings is "inspector2:ListFindings".

Once configured, InsightCloudSec will retrieve findings from the AWS Inspector service every few hours. This cadence can be adjusted using Harvesting Strategies if desired.

The results of the vulnerabilities can be viewed in the resource details of EC2 instances, as illustrated above, and can be queried using the following query filters: Resource Vulnerable To Specific Vulnerability, Resource Vulnerability Wildcard Search, and Resource Vulnerability Count. Note: Risk Score and Vulnerabilities will only display valid data for users with a functional InsightVM integration. [ENG-10048]

In support of Inspector V2, the permission "inspector2:ListFindings"--currently included in our Standard Read-Only policy-–is now required.

Least-Privileged Access (LPA) User Activity 22.1.0 includes a new feature called User Activity. User Activity is the first element of our anticipated Least-Privileged Access (LPA) functionality. This new feature enables Access Explorer users to view stored data around user actions for up to 90 days through the Principal Explorer and helps you identify IAM activity risk and take action to reduce exposure of critical cloud assets. With User Activity, you can see all the recent actions taken by a User. Use cases include:

  • Auditing - capture footsteps of internal and external actors
  • Forensics - a powerful incident response tool
  • Look back 1, 7, 30, 60, or 90 days
  • Sort by Name, Count, or Date

Click for details on configuration for this new feature.

OTHER FEATURES & ENHANCEMENTS

  • Added Container Image information to Container properties. Now you can see the digest for the Image associated with the Container. [ENG-12619]
  • For AWS instances, when presenting metadata service, we have been showing the values v1 or v2 Allowed or v2 Required. We are now showing Disabled when the service is disabled. The filter for that property, Instance IMDS Protocol Version (AWS), also filters on Disabled. [ENG-12801]

Insights (22.1.0 )

AZURE

  • Storage Container And Storage Account Open To Public (Azure) - New Insight matches storage containers that are public due to their permission(s) and that reside in storage accounts that are both open to the world and allow public storage container access. [ENG-12664]
  • Web App Allowing a Configuration State of All Allowed - New Insight identifies Web Apps with a configuration state of All Allowed. Azure FTP deployment endpoints are public; an attacker listening to traffic on a Wi-Fi network used by a remote user or resource could see login traffic in clear-text which would then grant them full control of the code base of the app or service. If FTP is required for an essential deployment workflow, FTPS should be required for FTP login for all App Service Apps. [ENG-12599]
  • Web App Not Requiring HTTP2 - New Insight identifies Web Apps not using HTTP 2.0. Periodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for Web Apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. [ENG-12597]

Query Filters (22.1.0 )

AWS

  • The following new query filters support the InsightCloudSec feature to retrieve findings from AWS Inspector V2 [ENG-10048]:
    • Resource Vulnerability Count
    • Resource Vulnerable To Specific Vulnerability
    • Resource Vulnerability Wildcard Search

AZURE

  • Added the following new query filters for Azure [ENG-11893]:
    • Web App Without Private Endpoint Connection (Azure)
    • Web App with Unallowed Outbound Public IP Addresses (Azure)

Bug Fixes (22.1.0 )

  • For GCP Storage Containers, we’ve corrected displaying false positives for public access. [ENG-12571]

Cloud IAM Governance (Access Explorer) Updates - 22.1.0 Major Release (01/19/2022)

** The following updates are related to enhancements and bug fixes for our Cloud IAM Governance (Access Explorer) capabilities.** Contact us at Customer Support Portal with any questions.

Cloud IAM Governance Features & Enhancements (22.1.0 )

  • We’ve added a new feature called User Activity. See the notes under Features & Enhancements for the main release for more information.
  • In the interest of reducing noise and improving correctness, we are removing AWS's Service-Linked-Roles from our analysis in the Access Explorer. AWS's Service-Linked-Roles behave slightly differently than normal IAM roles, and usually have the same access across each AWS Account. [ENG-11484]