Skip to Content
Release NotesInsightcloudsec22.4.1 Release Notes

Jul 12, 2022

InsightCloudSec is pleased to announce Minor Release 22.4.1

InsightCloudSec Software Release Notice - 22.4.1 Minor Release (07/13/2022)

Our latest Minor Release 22.4.1 is available for hosted customers on Wednesday, July 13, 2022. Availability for self-hosted customers is Thursday, July 14, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

Release Highlights (22.4.1)

InsightCloudSec is pleased to announce Minor Release 22.4.1. For AWS, this Minor Release includes support for one new resource (AWS Savings Plan) and updated support for five existing resources. For GCP we have expanded GCP Firewall coverage and added a Google-specific resource, Artifact Registry, for GCP Docker containers and GCP language packages. This release provides improvements to the Compliance Scorecard on two fronts: removing the download limitation on file size and revising the UI to communicate the last run status and error messaging for improved context. With this minor we have also introduced the integration of Github Actions for use with our IaC feature.

In addition, 22.4.1 includes two updated Query Filters, four new Query Filters, one updated Bot action, one new Bot action, and two bug fixes.

New Permissions Required (22.4.1)

⚠️

New Permission Required: AWS

For AWS Commercial Standard (Read-Only) Users: “savingsplans:DescribeSavingsPlans”

For AWS Commercial Power Users: “savingsplans:DescribeSavingsPlans”

For AWS GovCloud Standard (Read-Only) Users: “savingsplans:DescribeSavingsPlans”

For AWS GovCloud Power Users: “savingsplans:DescribeSavingsPlans”

This permission “savingsplans:DescribeSavingsPlans” is needed for access to the broadened support under AWS Reserved Instances to include AWS Savings Plans. Note: The explicit permission is needed in all four AWS policies. [ENG-14446]

Note: We recommend our AWS commercial (non-GovCloud) Standard (Read-Only) Users employ AWS’ managed read-only policy, supplemented by a small additional InsightCloudSec policy. The benefit of using the AWS managed policy lies in AWS’ continuously updating the policy for new services, making it easier for the customer to attach and maintain the policy. Details on this recommendation can be found at AWS IAM Policies Standard User (Read-Only) AWS-managed supplemental policy.

Features & Enhancements (22.4.1)

  • Added a UI enhancement to reflect the last run status, error message (if applicable), and impacted resources for Compliance Scorecard subscriptions. This provides additional feedback and context for customers in the event of a Compliance Scorecard subscription failure. [ENG-17733]

  • The 250,000 result limit for Compliance Scorecard downloads has been removed. On-demand downloads can now be made no matter the result size. Note that Microsoft Excel has a limitation of approximately 1,048,576 rows; if your download exceeds this size, we suggest updating your Compliance Scorecard scope to reduce the number of clouds. [ENG-17764]

  • Introduced initial integration support for GitHub actions, for use with our IaC feature. Read more about it in our updated documentation around the IaC CI/CD Pipeline Integrations. [ENG-16422]

Resources (22.4.1)

AWS

  • Broadened support under AWS Reserved Instances by generalizing it to include AWS Savings Plans. This support requires a new permission, “savingsplans:DescribeSavingsPlans”, which we have added to our Standard read-only and Power User AWS Commercial and GovCloud policies. [ENG-14446]

  • Retired the workspacebundle resource type, improving system performance and harvesting of AWS Workspace instances. [ENG-17755]

  • Expanded resource deletion support to the following resources [ENG-17741]:

    • AWS Glue Security Configurations
    • AWS Secrets
    • AWS Data Sync Tasks
    • AWS Elastic Beanstalk Groups
    • AWS Storage Gateways

GCP

  • Expanded GCP Firewall coverage to include network tags and have added two new Query Filters–Access List Without Network Tags and Access List With Specific Network Tags—to help customers better identify where and how network tags are used. [ENG-17671]

  • GCP Security Command Center baseline security checks now surface the display name of instances instead of the object ID. [ENG-14929]

  • Promoted Google Container Repositories (currently in ICS under Container Repositories) to a separate, Google-specific resource called Artifact Registry. Artifact Registry will include GCP Docker containers and GCP language packages. [ENG-14885]

Query Filters (22.4.1)

AWS

  • Resource With Specific Action and Missing Condition (AWS) - New Query Filter matches all resources with policies that contain a specific action string but are missing required conditionals. [ENG-17504]

AZURE

  • Instance Without Defined BackPolicy - Updated Query Filter inspects for Azure Microsoft SQL Server automatic backup property’s value when evaluating whether or not a database instance has a backup policy. [ENG-15141]

GCP

  • Two new Query Filters support expanded GCP Firewall coverage that includes network tags to help customers better identify where and how network tags are used [ENG-17671]:
    • Access List Without Network Tags
    • Access List With Specific Network Tags

MULTI-CLOUD/GENERAL

  • Container Image Vulnerability Severity Search - Updated Query Filter to use a multi-select instead of select field. [ENG-14842]

  • Resource In Resource Group (Regular Expressions) - New Query Filter identifies resource Resource Group linkage based on supplied regular expression(s). [ENG-16214]

Bot Actions (22.4.1)

  • “Modify Database/Big Data Instance Attribute” - Updated Bot action so that its actions are reflected locally immediately without the need for a full harvest before attributes are updated. In this way, Bots using hookpoints will not execute a second time in response to their own corrective action. [ENG-15109]

  • “Send Instance Agent Report (CSV)” - New Bot action sends a summary email to the supplied recipient list summarizing information from instance agents. [ENG-17667]

Bug Fixes (22.4.1)

  • [ENG-15141] Fixed a bug relating to Azure SQL Servers Failing Insight Database Instances Without Automatic Backups. Updated the automatic backup property of Azure Microsoft SQL Servers to reflect that automatic backups are enabled by default.

  • [ENG-15109] improved our local representation of state, e.g., “provisioning”, “resizing”, “loading sample data”, etc., when there are updates via EDH events.