Skip to Content
Release NotesInsightcloudsec22.3.9 Release Notes

Jun 28, 2022

InsightCloudSec is pleased to announce Minor Release 22.3.9

InsightCloudSec Software Release Notice - 22.3.9 Minor Release (06/29/2022)

Our latest Minor Release 22.3.9 is available for hosted customers on Wednesday, June 29, 2022. Availability for self-hosted customers is Thursday, June 30, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

Release Highlights (22.3.9)

InsightCloudSec is pleased to announce Minor Release 22.3.9. This Minor Release includes support for a new resource (AWS Lookout Equipment projects), improvements in the experience for viewing Insight results (by adding severity) when browsing individual resources, and an increase in the display count for badges in the Resources UI. 22.3.9 also includes eight updated Query Filters, two new Query Filters, two updated Bot actions, and 18 bug fixes.

Contact us through the unified Customer Support Portal with any questions.

New Permissions Required (22.3.9)

⚠️

New Permissions Required: AWS

For AWS Standard (Read-Only) Users: “lookoutequipment:DescribeDataset”, “lookoutequipment:ListDatasets”

For AWS Power Users: “lookoutequipment:*****”

The new permissions support the newly added resource AWS Lookout Equipment. [ENG-14379]

Note: We recommend our AWS commercial (non-GovCloud) Standard (Read-Only) Users employ AWS’ managed read-only policy, supplemented by a small additional InsightCloudSec policy. The benefit of using the AWS managed policy lies in AWS’ continuously updating the policy for new services, making it easier for the customer to attach and maintain the policy. Details on this recommendation can be found at AWS IAM Policies Standard User (Read-Only) AWS-managed supplemental policy.

Features & Enhancements (22.3.9)

  • Added the severity and improved the experience when viewing Insight results for individual resources. [ENG-17606]

  • Increased the badge result limit to 250 in the Scopes side panel of the Resources UI. [ENG-17571]

Resources (22.3.9)

AWS We have added support for AWS Lookout Equipment projects. New permissions are required: “lookoutequipment:DescribeDataset” and “lookoutequipment:ListDatasets”. We have updated Query Filters and Bot actions, as detailed below, with Lookout Equipment support. The resource AWS Lookout Equipment/Metrics/Vision can be found in the Identity & Management category as a new resource type, Lookout Project. [ENG-14379]

Query Filters updated with Lookout Equipment support:

  • Resource Encrypted With Key
  • Resource Encrypted With Provider Default Keys
  • Resource Encrypted With Keys Other Than Provider Default
  • Resource Using Encryption Key Without Rotation Enabled
  • Resource Not Running With Individual Encryption Key
  • Resource Encryption Key Name Regular Expression (Regex)
  • All tagging filters

Bot action updated with Lookout Equipment support:

  • “Scheduled Resource Deletion”

Query Filters (22.3.9)

AWS

  • Config Recording Enabled/Disabled (AWS) - Query Filter enhanced to support data collections. [ENG-17523]

  • Launch Template Requiring/Not Requiring IMDSv2 Protocol (AWS) - New Query Filter identifies launch templates requiring or not requiring the use of Metadata Service v2 (IMDSv2) protocol. [ENG-17521]

  • Resource Associated Role Contains Action (AWS) - Query Filter enhanced by adding options to use AND logic (instead of the default OR logic). Now, the Query Filter can inspect policies that contain multiple actions as a group instead of individually. [ENG-14838]

  • The following Query Filters were updated with AWS Lookout Equipment support [ENG-14379]:

    • Resource Encrypted With Key
    • Resource Encrypted With Provider Default Keys
    • Resource Encrypted With Keys Other Than Provider Default
    • Resource Using Encryption Key Without Rotation Enabled
    • Resource Not Running With Individual Encryption Key
    • Resource Encryption Key Name Regular Expression (Regex)
    • All tagging filters

AZURE

  • Cloud Account Network Watcher in Region Without Network (Azure) - New Query Filter shows all regions for an Azure Subscription that have a network watcher enabled but no virtual networks present. [ENG-15540]

Bot Actions (22.3.9)

AWS

  • “Scheduled Resource Deletion” - Updated action to support AWS Lookout Equipment. [ENG-14379]

  • “Update Distributed Table Class” - Expanded this Bot action to work in AWS GovCloud. [ENG-17545]

Bug Fixes (22.3.9)

AWS

  • [ENG-17622] Fixed a bug where the Query Filter Resource Is Not Encrypted was flagging AWS ECR resources with provider default encryption.

  • [ENG-17608] Fixed a bug where the LaunchTemplateHarvester was referencing the region incorrectly when adding a security group, causing it to fail.

  • [ENG-17589] Fixed a bug that would display the incorrect ARN for AWS Directory Service resources in GovCloud/China.

  • [ENG-17551] Fixed a bug that prevented tag assignments on legacy AWS CloudFront RMTP streaming distributions.

  • [ENG-17538] Fixed a bug where resources such as VPC Endpoints with an IAM policy that contains a single statement are properly evaluated for cross account access.

  • [ENG-17493] Updated our AWS GuardDuty harvesting to accommodate an edge case where Insight Exemption Rules are enabled.

  • [ENG-17051] Fixed an issue with MSK serverless harvesting where the incorrect values were being set for at rest encryption.

  • [ENG-12317] Fixed a bug in the Bot action “Enable Regional AWS Config Recorder” that prevented execution across multiple regions.

AZURE

  • [ENG-17600] Fixed a bug where the ThreatFindingHarvester could break when running Azure accounts.

  • [ENG-17569] Fixed a bug involving incorrect handling of an Azure HttpError.

  • [ENG-17553] Fixed bug in CDN Harvester in Azure China accounts.

  • [ENG-17095] Resolved an issue with Query Filter Cloud App Credential Expiration Threshold (Azure) referencing credential expiration.

  • [ENG-15494] Fixed a bug where Azure Blob Storage Containers were not displayed when viewing Azure Resource Group resources.

GCP

  • [ENG-17549] For customers not leveraging Organization level onboarding, GCP projects which have been deleted upstream will be marked as invalid and harvesting will be paused. Note: Customers will need to manually remove these projects from the tool. You can read more at Configuring Google Cloud Platform and Projects (GCP).

  • [ENG-16620] Fixed Add/Delete tags for GCP Encryption Keys.

MULTI-CLOUD/GENERAL

  • [ENG-17586] Updated the Crowdstrike integration to run more efficiently at scale with fewer API calls.

  • [ENG-17109] Fixed a bug where the ResourceVulnerabilityHarvester was breaking if a vulnerability didn’t have an attached CVSS vector string.

  • [ENG-15169] Fixed a bug that would prevent newly added cloud accounts from emitting a creation event for Bots.