Skip to Content
Release NotesInsightcloudsec22.2.0 Release Notes

Mar 01, 2022

InsightCloudSec is pleased to announce Major Release 22.2.0

InsightCloudSec Software Release Notice - 22.2.0 Major Release (03/02/2022)

Our latest Major Release 22.2.0 is available for hosted customers on Wednesday, March 2, 2022. Availability for self-hosted customers is Thursday, March 3, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

⚠️

Increased Upgrade Times for Release 22.2.0

Larger customers can expect the 22_2_add_resource_secrets.sql schema update to take 45-90m to complete.

Release Highlights (22.2.0)

InsightCloudSec is pleased to announce Major Release 22.2.0. This release includes added visibility into Compute resources that are exposing clear text Secrets, along with visibility into clear text Secrets/sensitive data across several GCP and AWS resource types. We have expanded our Event-Driven Harvesting support for additional events related to AWS API Gateway Authorizers, and added visibility into the last usage date for GCP Service Accounts and their associated API Keys. 22.2.0 also adds one new Query Filter to support GCP visibility, updates seven existing Query Filters for support across multiple clouds, and includes 18 bug fixes.

In addition, for our Cloud IAM Governance module, we have details around one feature enhancement.

Contact us through the new unified Customer Support Portal with any questions.

⚠️

Enabling Critical APIs for GCP

As part of 22.2.0, InsightCloudSec will now enable critical read-only GCP APIs by default. In addition users will need to enable the serviceusage.services.enable permission as part of the custom role. These APIs are required for harvesting visibility and failure to enable them may create critical blind spots. As the usage for these API’s is read-only, enabling them by default is low risk and is intended to reduce manual overhead for our customers. Any customer that is not interested in enabling these by default can reach out to support for assistance in disabling this feature. [ENG-14595]

New Permission(s) Required (22.2.0)

GCP

  • serviceusage.services.enable

Additional information around these permissions can be found on our Projects (GCP) page. [ENG-14595]

Features & Enhancements (22.2.0 )

  • Added visibility into Compute resources that are exposing clear text Secrets. Introduced regular expression detection for Secrets across the following asset types [ENG-14624]:

    • GCP Compute Instances (metadata)
    • GCP Cloud Functions (environment variables)
    • GCP CloudRun (environment variables)
    • AWS EC2 Instances (userdata)
    • AWS Lambda (environment variables)
    • AWS AppRunner (environment variables
    • AWS CloudFormation (environment variables)
    • AWS Task Definition Containers (environment variables / run command arguments)
    • AWS Autoscaling Launch Configurations (userdata)

  • Expanded our Event-Driven Harvesting support for additional events related to AWS API Gateway (normalized as Application Gateway) Authorizers. Now you can capture these events—CreateAuthorizer, DeleteAuthorizer, and UpdateAuthorizer—in near real time and make Bots to generate appropriate notifications. [ENG-14421]

  • Added visibility into the last usage date for Service Accounts and their associated API Keys. This expands our Insight and filter support to help cover additional use cases within Google. Added one new Query Filter Cloud Role Scoped To Separate Project (GCP) and updated four existing Query Filters–Cloud Role Recently Used, Cloud Role Last Used, API Access Key Recently Used, and API Access Key Last Used—to now support GCP. Note: To properly harvest Service Accounts and Service Account Keys, the Cloud Policy Analyzer API (policyanalyzer.googleapis.com) must be enabled. [ENG-13350]

  • Our IVM integration now supports Oracle, AliBaba, and other cloud types. [ENG-12991]

Query Filters (22.2.0 )

GCP

  • Cloud Role Scoped To Separate Project (GCP) - New Query Filter supports added visibility into the last usage date for Service Accounts and their associated API Keys. [ENG-13350]
  • Updated four existing Query Filters to now support GCP [ENG-13350]:
    • Cloud Role Recently Used
    • Cloud Role Last Used
    • API Access Key Recently Used
    • API Access Key Last Used Note: To properly harvest Service Accounts and Service Account Keys, the Cloud Policy Analyzer API (policyanalyzer.googleapis.com) must be enabled. [ENG-13350]

MULTI-CLOUD/GENERAL

  • Resource Not In Region - Query Filter updated to explicitly exclude resources which are global. ENG-14433]
  • Resource Recently Created or Discovered - Updated Query Filter to fall back on the discovered date only when the creation date does not exist. [ENG-13508]
  • Workspace Last Connection Date Exceeds Threshold - Updated this Query Filter to take the Workspace age into consideration and also include resources with a NULL value for the last user connection. It also expands Workspace visibility and Query Filter to support AWS China and AWS GovCloud. [ENG-12523]

Bug Fixes (22.2.0 )

  • [ENG-14477] Fixed a minor UI bug found when viewing disabled resources for GCP accounts, now showing the resource Identity Provider correctly if it is disabled.

  • [ENG-14472] Fixed a bug by updating Azure Advanced Threat Protection to Microsoft Defender.

  • [ENG-14435] Made minor name changes to Storage Container Insights to ensure they all align.

  • [ENG-14434] Fixed a bug involving incorrectly storing direct hyperlink resource types to S3 buckets and not IAM Users.

  • [ENG-14431] Fixed a BotFactory Overview display bug when the same action is included multiple times.

  • [ENG-12591] Fixed a bug involving user groups that were reporting a plus-1 to associated user groups; e.g., a user was reported in two groups when they actually were only in one group.

  • [ENG-12323] Fixed a bug involving Compliance Scorecard exports incorrectly reporting zero findings within the past 14 days.

  • [ENG-12081] Corrected Cloud App resource type from Compute to Identity & Management category in the UI.

  • [ENG-12022] Fixed a bug where volumes attached to snapshots were incorrectly harvested.

  • [ENG-11651] Fixed an issue involving inconsistent visibility for S3 buckets with Deny on s3:GetLifecycleConfiguration; updated our AWS S3 harvesting to persist the impaired_visibility_properties indicator when running a standard S3 harvest after the S3 Property Harvester has collected all properties and identified where visibility is impaired.

  • [ENG-11503] Fixed a bug involving V2 Snapshot Harvester not completing at scale.

  • [ENG-10795] Fixed an issue to restore the ability to delete network/gateway load balancers.

  • [ENG-10716] Fixed an issue with the resource Jinja getter resource.get_unlinked_accounts(), which identifies cloud accounts related to a payor account, but not harvesting in ICS.

  • [ENG-10557] Fixed a permissions issue related to Read-Only Domain Admins that now enables them to perform full read-only tasks under our Identity Management section.

  • [ENG-10329] Fixed wording and corrected typos that gave zero results in search sections of Identity Management search.

  • [ENG-10325] Fixed an issue where basic users with Bot Factory entitled set as disabled could not view cloud overview.

  • [ENG-10323] Fixed a potential edge case involving badges. This change allows badge keys to have an empty value (' ') to align with what CSPs allow.

  • [ENG-10320] Fixed the helper message when there’s no Authentication Servers configured within an organization.

Cloud IAM Governance (Access Explorer) Updates - 22.2.0 Major Release (03/02/2022)

** The following updates are related to enhancements and bug fixes for our Cloud IAM Governance (Access Explorer) capabilities.** Contact us at Customer Support Portal with any questions.

Cloud IAM Governance Features & Enhancements (22.2.0 )

  • Updated Access Explorer Resources results to return resources accessible by AWS-Gov Principals. [ENG-14331]