InsightCloudSec Software Release Notice - 22.4.5 Minor Release (08/10/2022)

Release Highlights (22.4.5)

InsightCloudSec is pleased to announce Minor Release 22.4.5, which includes a new Insight to address CVE-2022-29149 , the ability to reboot AWS Redshift clusters on-demand or on a schedule, and the ability to search for specific terms in the condition property of IAM policies. Further, we have added a new integration for SentinelOne and have added support for Azure CDN Diagnostic Settings. This release also provides an “auto” theming system that automatically follows a customer’s operating system’s theme as a default for customers using Windows 10+ or Mac OS 10.14 (Mojave) and up.

In addition, 22.4.5 includes two updated Query Filters, six new Query Filters, one new Bot action, and eight bug fixes.

• This release does not contain any specific updates for our Cloud IAM Governance module.

• Contact us through the unified Customer Support Portal  with any questions.

Features & Enhancements (22.4.5)

**Integration for SentinelOne **

• Introduced an integration for SentinelOne. Once properly configured, users will have visibility for SentinelOne agent deployment status on compute instances in their environment. [ENG-15617]

AWS

• Added the ability to reboot AWS Redshift clusters on-demand or on a schedule using the Bot action “Scheduled Restart/Reboot”. [ENG-18424]

• Added the ability to search for specific terms in the condition property of IAM policies. Further, we have added the ability to identify resources using those policies, i.e., Users, Groups, and Roles. The two Query Filters are Cloud Policy With/Without Condition Search Term and Identity Resource Uses Policy With Condition Search Term. [ENG-18320]

MULTI-CLOUD Added backend logic to check if AWS and GCP Encryption Keys are scheduled for deletion when determining if they have key rotation enabled or disabled. Keys that are scheduled for deletion cannot be rotated. [ENG-17999]

User Interface Changes (22.4.5)

• New “auto” theming system automatically follows a customer’s operating system’s theme as a default. This feature is only available in Windows 10+ and Mac OS 10.14 (Mojave) and up. [ENG-18287]

Resources (22.4.5)

AZURE

• Added support for the Azure CDN Diagnostic Settings. [ENG-7485]

Insights (22.4.5)

AZURE

• Instance Or Autoscaling Group With Extensions Without Automatic Upgrade Enabled - New Insight addresses CVE-2022-29149 . We strongly recommend that customers with Azure subscriptions take a close look at this Insight to identify any and all Virtual Machines/Virtual Machine Scale Sets which are not taking advantage of the auto update capability that Microsoft introduced for extensions earlier this year. InsightCloudSec not only includes detections for our customers, but also on-demand and Bot actions to automatically enable this feature and keep it in place should a user/malicious actor attempt to turn it back off. [ENG-12387]

Query Filters (22.4.5)

AWS

• Cloud Policy With/Without Condition Search Term - New Query Filter identifies customer-managed cloud policies that use specific terms as part of Condition property. If a policy has any search term, it will be matched by default. Do not use quotes or expressions when providing search terms. Searches are case sensitive. [ENG-18320]

• Config Recording Enabled/Disabled - Updated Query Filter allows option to find configs that are not recording to specific storage containers and/or notification topics. [ENG-18302]

• DNS Zone With/Without TXT Record With SPF Value - New Query Filter allows inspection of DNS records for the presence of an A or MX record and the absence of a TXT record with a Sender Policy Framework (SPF) value. The Query Filter then identifies the parent DNS Zone of those records. [ENG-11424]

• Identity Resource Uses Policy With Condition Search Term - New Query Filter identifies users, groups, and roles with attached custom policies that use specific terms as part of Condition property. If a policy has any search term, it will be matched by default. Do not use quotes or expressions when providing search terms. Searches are case sensitive. [ENG-18320]

• Resource Specific Policy With/Without Conditions - New Query Filter finds resources whose direct policy has one or more Statements missing a Condition property. [ENG-18398]

GCP

• Added two new Query Filters to check for any users/service accounts exempt from any audit logging settings in a GCP project. [ENG-17908]
  • Cloud Role With Exemptions From Audit Logging
  • Cloud User With Exemptions From Audit Logging

MULTI-CLOUD/GENERAL

• Access List Contains Public Addresses Outside Of Known IPs - Updated Query Filter to better handle the use case of providing multiple CIDR blocks as “known” public IP addresses to be ignored. Originally, the Query Filter would remove an Access Control List from results if any of its rules match a CIDR block provided. Now the Query Filter removes an Access Control List from results only if all of its rules match a CIDR block provided. [ENG-18148]

Bot Actions (22.4.5)

AWS

• “Create Database Cluster Snapshot” - New Bot action allows for creation of a snapshot. This action allows the user, for example, to create a snapshot (backup) for any cluster with a backup older than 7 days. [ENG-18345]

Bug Fixes (22.4.5)

• [ENG-18485] Fixed a regression in the API endpoint /v2/prototype/cloud/<organization_service_id>/update that prevented settings from being updated for GCP and Kubernetes clusters.

• [ENG-18377] Fixed a bug that prevented cloud tags from being included in the Clouds CSV download.

• [ENG-18364] Fixed an issue with Query Filter Database Instance/Database Cluster Without IAM Authentication (AWS) where in some cases instances/clusters incompatible with IAM Auth were included in results.

• [ENG-18355] Fixed a case where downloading a CSV of Basic Users from the Identity Management section of ICS failed.

• [ENG-18221] Fixed a bug where the “Allow/Block Policy on Storage Container” action only applied to the first match found during a scan. All matches are now successfully assigned the new policy.

• [ENG-18148] Fixed an issue with Query Filter `Access List Contains Public Addresses Outside Of Known IPs to better handle the use case of providing multiple CIDR blocks as “known” public IP addresses to be ignored. Originally, the Query Filter would remove an Access Control List from results if any of its rules match a CIDR block provided. Now the Query Filter removes an Access Control List from results only if all of its rules match a CIDR block provided.

• [ENG-17991] Fixed a bug related to the Insight used for Azure CIS frameworks control 9.1. Changed the Insight used from App Service Not Requiring Authentication to Insight App Service Authentication Not Enabled. Updated the CIS pack Insight because the CIS control permits anonymous requests as long as authentication is enabled. The new Insight is less restrictive than the original Insight as it checks whether authentication is enabled, not whether access is restricted to authenticated requests.

• [ENG-17804] Fixed a bug where GCP DNS policies were improperly mapped to VPC networks.