22.2.4 Release Notes

Mar 29, 2022

InsightCloudSec is pleased to announce Minor Release 22.2.4

InsightCloudSec Software Release Notice - 22.2.4 Minor Release (03/30/2022)

Our latest Minor Release 22.2.4 is available for hosted customers on Wednesday, March 30, 2022. Availability for self-hosted customers is Thursday, March 31, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal .

Release Highlights (22.2.4)

InsightCloudSec is pleased to announce Minor Release 22.2.4. This Minor Release includes several updates to Resources including: the ability to surface the “Transit Encryption property for storage containers, an update to how we harvest the Azure data instance property private_endpoint_connections, and an update to the License administration portion of the product to include a breakdown by cloud type. 22.2.4 also provides an update to the BotFactory UI to add cloud accounts to the resource type search, one new Bot action, and the expansion of a Bot Action related to ServiceNow to include support for additional fields. This release also includes four updated Query Filters, two new Query Filters, and ten bug fixes.

For our Cloud IAM Governance module, we have details around one bug fix.

Permissions (22.2.4)

⚠️

Permissions Removed: Azure

**The following permissions have been removed from the Azure Standard (Read-Only) policy [ENG-15336]:

“Microsoft.DBforMySQL/flexibleServers/administrators/read”, “Microsoft.DBforMySQL/flexibleServers/keys/read”, “Microsoft.DBforMySQL/flexibleServers/virtualNetworkRules/read”, “Microsoft.DBforPostgreSQL/flexibleServers/administrators/read”, “Microsoft.DBforPostgreSQL/flexibleServers/keys/read”, “Microsoft.DBforPostgreSQL/flexibleServers/virtualNetworkRules/read”

Features & Enhancements (22.2.4)

Updated the License administration portion of the product to include a breakdown by cloud type. [ENG-15337]
Added a setting to retain input/output operations per second (IOPS) configurations when modifying Volume types while using Bot Factory. [ENG-10463]
Updated the Compliance Scorecard and Report Card export to include the full image identifier (repository and hash) as the name to improve the remediation process. [ENG-7058]

User Interface Changes (22.2.4)

On the main BotFactory listing page, added the resource Cloud Account to the Resource Type Search option. [ENG-15275]

Resources (22.2.4)

AWS

Added surfacing of the Transit Encryption property for storage containers in the UI. [ENG-15348]

AZURE

Updated how we harvest the Azure data instance property private_endpoint_connections; using that property, improved the performance of the Azure Query Filter Resource has a Private Endpoint. [ENG-15266]
Added ability to harvest the CName attribute for global load balancers, and surface it in the UI resource listing. [ENG-13392]

Query Filters (22.2.4)

AWS

Resource Transit Encryption Enforcement - Enhanced Query Filter adds support for Storage Containers to the Query Filter. [ENG-15348]

GCP

Load Balancer Type - Updated Query Filter now supports GCP; GCP now harvests either classic or application load balancer types. [ENG-12928]

MULTI-CLOUD/GENERAL

Delivery Stream Destination Is Encrypted and Delivery Stream Destination Is Not Encrypted - Two new Query Filters check destination-level encryption for delivery streams. [ENG-10112]
Resource Name Regular Expression Exclusion (Regex) - Query Filter enhanced to support evaluation of NULL values in the name field, adding a new option that customers can include if they so choose. [ENG-15264]

Infrastructure as Code (IaC) New Support (22.2.4)

Added support for Secrets Detection in IaC, specifically for EC2 instances and Autoscaling Launch Configurations. [ENG-15069]

Bot Actions (22.2.4)

“Delete Backup Vault Access Policy” - New Bot and resource action to automatically delete an access policy when backup vaults having public access show up post-provisioning. [ENG-14428]
Added new fields to Bot actions of Service Now: Business Service and Contact Type. [ENG-13069]

Bug Fixes (22.2.4)

[ENG-15348] Fixed an issue with evaluating AWS GovCloud/China S3 policies for transit encryption enforcement.
[ENG-15324] Fixed a modeling issue with AWS Secrets that caused IaC to fail.
[ENG-15312] Fixed an issue involving the Insight API Key Unused For 90 Days; customers can now take action to delete/deactivate keys that are inactive.
[ENG-15229] Fixed a relationship/Foreign Key constraint issue that exists for Azure Redis instances. The issue impacted our ability to collect inventory data after resource modifications.
[ENG-15212] Fixed text to indicate that Query Filter is no longer AWS-specific. Before fix: Content Delivery Network With/Without Geo Restriction (AWS). After fix: Content Delivery Network With/Without Geo Restriction.
[ENG-15136] Fixed an issue with IaC-CFT Security Group Converter failing to capture GroupName; modified how we set the ResourceAccessList name for a Security Group when scanning IaC CFT Security Group resources for consistency with how we set it for TF resources and live harvesting.
[ENG-14973] Fixed the logic that caused an issue with Big Data Instances not being properly filtered by Big Data Instance Without A Recent Manual Snapshot.
[ENG-14596] Fixed an issue where Org Admins did not have ability to edit harvesting strategies.
[ENG-13455] Corrected an edge case in identifying Application Load Balancers (ALBs) in ICS from AWS.
[ENG-10408] Minimized the occurrence of a database deadlock when updating badges for AWS resources.

Cloud IAM Governance (Access Explorer) Updates - 22.2.4 Minor Release (03/30/2022)

** The following updates are related to enhancements and bug fixes for our Cloud IAM Governance (Access Explorer) capabilities.**

Cloud IAM Governance Bug Fixes (22.2.4)

Fixed a performance regression in the IAM Cache Build to speed up the background job. [ENG-15244]