InsightCloudSec Software Release Notice - 22.3.3 Minor Release (05/18/2022)

Release Highlights (22.3.3)

InsightCloudSec is pleased to announce Minor Release 22.3.3. This Minor release includes added support for Azure Virtual Network Gateways with a corresponding update to the Public IP Orphaned Query Filter, and updates to EDH support for AWS Athena Workgroup. We’ve improved loading times for Insight results with large quantities of Insight Exemptions, added a new Jinja getter for Public IP resources, and applied updates to two API endpoints (group entitlements and create API only user). In addition, 22.3.3 includes ten bug fixes.

Contact us through the new unified Customer Support Portal  with any questions.

New Permissions Required (22.3.3)

Features & Enhancements (22.3.3)

GCP

• GCP User-Managed access keys are now shown to differentiate from customer-created keys. [ENG-15586]

AZURE

• Updated InsightCloudSec to use dynamic harvesting for Azure to address Azure architecture issues that were causing rate limiting. [ENG-16441]

MULTI-CLOUD/GENERAL

• Improved load times when viewing Insight Results with an Insight that has hundreds/thousands of Insight Exemptions. [ENG-16309]

• Added a new Jinja getter resource.get_attached_instance_name() that can be used on Public IP resources to pull the name of the attached compute (EC2) instance/NAT gateway. [ENG-16296]

• Enhanced the set entitlements endpoint so it returns the complete group entitlements. [ENG-9510]

• We have added support for processing the event AddTagsToResource and RemoveTagsToResource locally for Storage Gateways so that updates are reflected locally without the need for harvesting. [ENG-15945]

• Updated /v2/public/user/create_api_only_user with an optional field called “expiration_date”. The expiration date needs to be sent if the console setting for max API Key age is configured. [ENG-16286]

• Updated InsightCloudSec to display a visual representation of the filters in the (Container) Vulnerability Assessment view. [ENG-15592]

Resources (22.3.3)

AWS

• Added EDH support for AWS Athena Workgroup, including the following events: CreateWorkGroup, DeleteWorkGroup and UpdateWorkGroup. [ENG-16329]

AZURE

• Added visibility and support for Azure Virtual Network Gateways. Updated Query Filter Public IP Orphaned to take attachments to the Azure Virtual Network Gateway into consideration. (Resource is found under Network category, Virtual Private Gateway resource type.)

  • New permissions required: “Microsoft.Network/virtualNetworkGateways/read”. [ENG-16334, ENG-16333]

• Added tag functionality and delete functionality to Azure Traffic Manager. [ENG-16392]

Bug Fixes (22.3.3)

• [ENG-16333] Fixed a bug with the filter Public IP Orphaned to take attachments to Azure Virtual Network Gateways into consideration.

• [ENG-16304] Fixed a bug where the resource type Query Filter did not include Cloud Advisor Check as a resource type.

• [ENG-16028] Fixed an issue that would prevent plugins from loading properly if the worker and scheduler restarted at the same time.

• [ENG-16452] Fixed an edge case that prevented harvesting of Azure Network Firewalls which don’t have the threat intelligence capability enabled.

• [ENG-16451] Fixed a bug that prevented harvesting of GCP Autoscaling Groups.

• [ENG-16430] Removed incorrectly duplicated global Insight packs.

• [ENG-16411] Fixed a bug that prevented on-demand resizing of AWS compute instances.

• [ENG-16393] Updated the Insight Resource Orphaned to include cloud filtering when it calls through to the appropriate filter. This update ensures that we aren’t leaking results for unsupported cloud types.

• [ENG-16374] Fixed an issue when building exemptions from the report card and using the “select all” button.

• [ENG-15914] The IacReaperProcessor was identified as having potentially extremely long transaction locks on the database. This bugfix reduced the frequency of reaper runs and split the large UPDATE transaction into multiple, row-level ones.