InsightCloudSec Software Release Notice - 22.4.3 Minor Release (07/27/2022)

Release Highlights (22.4.3)

InsightCloudSec is pleased to announce Minor Release 22.4.3. This Minor Release includes improvements to our AWS Foundational Security Best Practices Compliance Pack and a new Jinja2 attribute supporting Threat Findings from AWS GuardDuty. We have also improved our resource download capabilities with asynchronous functionality for better performance and updated permissions supporting AliCloud. In addition, 22.4.3 includes ten new Insights, seven updated Insights, eight new Query Filters, and ten bug fixes.

• For our Cloud IAM Governance module scroll to the lower half of this page for details around one bug fix.

• Contact us through the unified Customer Support Portal  with any questions.

Permissions Required (22.4.3)

Features & Enhancements (22.4.3)

We have added a new Jinja2 template action, resource.get_threat_finding_details(). This will allow customers to return a list of threat finding JSON blocks for AWS GuardDuty findings matching the response syntax specified in this AWS document . Note: Other threat finding types do not currently support this action. A new Query Filter, Resource With Threat Finding By Regex, supports looking up the content of the above specified JSON blocks using key:regex pairs to match properties and values within the JSON, e.g. “Region:us-*” will return resources with a known threat finding within US data centers. [ENG-15238]

Resources (22.4.3)

AWS

• Added AWS Event-Driven Harvesting coverage to include AWS China. InsightCloudSec now provides EDH coverage for AWS Commercial, AWS GovCloud, and AWS China. [ENG-18110]

AZURE

• Added ability to harvest domain names for Azure Front Doors (Classic). [ENG-18107]

MULTI-CLOUD/GENERAL

• Added asynchronous download support to the Resources section download feature. By providing asynchronous downloads, we are able to support much larger data downloads and support the ability for the user to move on to other activities while the data is being prepared in the background. [ENG-17912]

Insights (22.4.3)

AWS FOUNDATIONAL SECURITY BEST PRACTICES COMPLIANCE PACK

We have updated our AWS Foundational Security Best Practices Compliance Pack by adding new Insights, linking existing Insights to the appropriate controls, and updating Insight content. [ENG-16946]

**New Insights by AWS FSBP control: **

• RDS.11 — Database Instance Without Automatic Backups or 7 Days Retention - New Insight

• Autoscaling.5 — Autoscaling Launch Configuration With Public IP - New Insight

• ELB.9 — Load Balancer Classic Type and Cross Zone Balancing Disabled - New Insight

• ELB.10 — Load Balancer Classic Type and Without Multi-AZ - New Insight

• EC2.20 — Site-to-Site VPN With Tunnel Status Down - New Insight

• ACM.1 — SSL Certificate Managed by AWS Set To Expire In 30 Days - New Insight

• WAF.1 — Web Application Firewall Classic Global Without ACL Logging - New Insight

Insight content (description) updates by FSBP control:

• Autoscaling.2 — Autoscaling Group Not Configured For Multi-AZ - Content update

• CloudFront.7 — Content Delivery Network Using Default SSL Certificate - Content update

• CloudFront.2 — Content Delivery Network Without Origin Access Identity - Content update

• KMS.3 — Encryption Key with Pending Deletion - Content update

• S3.9 — Storage Container Without Access Logging - Content update

• SSM.4 — Systems Manager Document Publicly Accessible - Content update

Insight name change by FSBP control:

• APIGateway.5 — Application Gateway With Unencrypted Caching - Renamed Insight from REST API With Unencrypted Caching and updated.

OTHER NEW INSIGHTS

• Cloud User with Unused Original API Keys - New Insight supports AWS CIS 1.4 compliance rule 1.11. The Insight matches users when they have API keys the same age as their account and those API keys have not been used. To support the Insight, we have added the following new Query Filters: Cloud User With Original API Keys, Cloud User With Unused API Keys, and API Access Key Not Used. [ENG-18051]

• Control 1.17 Cloud Account Without AWS Support Role and Control 1.12 Cloud User without Activity in Past 45 days - These two new Insights are part of the AWS CIS 1.4 compliance framework. We also added a Query Filter Cloud Account With/Without AWS Support Role to support the first Insight and used an existing Query Filter Cloud User Last Activity (Password & API) to support the second. [ENG-18026]

Query Filters (22.4.3)

AWS

• API Access Key Not Used – New Query Filter created for new Insight Cloud User with Unused Original API Keys supporting AWS CIS 1.4 compliance rule 1.11. [ENG-18051]

• Cloud Account With/Without AWS Support Role – New Query Filter supports new Insight Control 1.17 Cloud Account Without AWS Support Role, part of the AWS CIS 1.4 compliance framework. [ENG-18026]

• Cloud Region Without AWS Config Enabled (AWS) - New Query Filter identifies cloud opted-in regions with zero resources. [ENG-17198]

• Cloud User With Original API Keys – New Query Filter created for new Insight Cloud User with Unused Original API Keys supporting AWS CIS 1.4 compliance rule 1.11. [ENG-18051]

• Cloud User With Unused API Keys – New Query Filter created for new Insight Cloud User with Unused Original API Keys supporting AWS CIS 1.4 compliance rule 1.11. [ENG-18051]

• Resource With Threat Finding By Regex - New Query Filter identifies resources with a threat finding that matches a specified Regex pattern.’ [ENG-15238]

• Web App Platform Branch Lifecycle State - New Query Filter matches web apps with the selected platform branch lifecycle state. [ENG-13110]

MULTI-CLOUD/GENERAL

• Resource Namespace Id Regular Expression - New Query Filter that can be used to search for resources based on namespace identifiers such as AWS ARNs and GCP full resource names. [ENG-14800]

Bug Fixes (22.4.3)

• [ENG-18152] Fixed a bug that resulted in false positive analysis of AWS CIS Benchmark 4.1 - 4.15 rules when set up on an account with Organization CloudTrail resources.

• [ENG-18063] Resolved an issue where “Clear All” button click on resource page caused the resources grid to disappear when filters were applied.

• [ENG-18013] Fixed a bug that prevented EDH parsing of the CreateCluster/DeleteCluster events for EKS resources.

• [ENG-17949] Fixed a bug in IAC conversion for NeptuneDB. Transit Encryption is always enforced.

• [ENG-17944] Fixed an issue where the network Url returned from the GCP DNS API did not match the network self link returned by GCP Cloud Asset Inventory.

• [ENG-17804] Fixed a bug where GCP DNS policies were not properly mapped to VPC networks.

• [ENG-17576] Fixed an issue in navigation where we were not using the system setting for logo override (aka allowlisting).

• [ENG-16410] Fixed broken link in scorecard setup dialog that should lead to the documentation for adding a cloud.

• [ENG-15476] Fixed a bug that didn’t maintain badge scoping when navigating from Insight Packs to the Insight Report/Resources views.

• [ENG-10551] Fixed a bug when filtering, selecting all, and bulk editing exemptions to now update all under the current set of filter parameters.

Cloud IAM Governance (Access Explorer) Updates - 22.4.3 Minor Release (07/27/2022)

Cloud IAM Governance Bug Fixes (22.4.3)

• [ENG-17007] Fixed a bug with parameter validation failure. Added a check to verify that a valid RoleARN is used for EIAM configuration in Access explorer -> Settings.