Skip to Content
Release NotesInsightcloudsec22.4.8 Release Notes

Aug 30, 2022

InsightCloudSec is pleased to announce Minor Release 22.4.8

InsightCloudSec Software Release Notice - 22.4.8 Minor Release (08/31/2022)

Our latest Minor Release 22.4.8 is available for hosted customers on Wednesday, August 31, 2022. Availability for self-hosted customers is Thursday, September 1, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

New Release Versioning

**Coming Soon - Updates to Release Versioning **

Beginning September 7, 2022 - InsightCloudSec will be implementing date-based release versions. All future releases will remove Major/Minor and use the release date to allow us to focus on efficiently deploying features and bug fixes for every release.

  • Release Notes will be identified by date and will be provided with each release.
  • Product documentation will be versioned by calendar month (e.g., v22.9 (yy.m/mm)) and updated to reflect content applicable to releases issued during the specified month.
  • Health of service for InsightCloudSec will be available as part of http://status.rapid7.com/. If you have any questions or concerns, reach out to your Cloud Customer Success Specialist, or contact us through the Customer Support Portal.

Release Highlights (22.4.8)

InsightCloudSec is pleased to announce Minor Release 22.4.8. This Minor Release includes the launch of our new Threat Findings capability. 22.4.8 adds visibility into SSH key(s) associated with an AWS EKS Node Group, detection of transit encryption settings on Redis Cache instances for Alibaba Cloud, and harvesting the “supports redirect” property for GCP load balancers. 22.4.8 also includes version updates around our IaC Terraform support.

In addition, this release includes three updated Query Filters, three new Query Filters, and 17 bug fixes.

  • This release does not contain any specific updates for our Cloud IAM Governance module.

  • Contact us through the unified Customer Support Portal with any questions.

New Permissions Required (22.4.8)

⚠️

New Permission Required: Alibaba Cloud

For Alibaba Cloud Standard (Read-Only) Users: “kvstore:DescribeInstanceSSL”

Note: This new permission supports added detection of transit encryption settings on Redis Cache instances for Alibaba Cloud. [ENG-18756]

Features & Enhancements (22.4.8)

THREAT FINDINGS Beginning with 22.4.8, InsightCloudSec has launched the first iteration of our new Threat Findings feature. This multi-cloud capability curates runtime threat detections from customer resources (presently supporting AWS, Azure and GCP). Threat Findings provides a single view that collects all runtime threat detection findings from various sources. Check out the documentation for expanded details on this new feature, along with details on configuration and use.

OTHER/GENERAL

  • Added resource type filtering to the list_insights endpoint. [ENG-18749]

Resources (22.4.8)

Alibaba Cloud

  • Added detection of transit encryption settings on Redis Cache instances for Alibaba Cloud. A new permission is required for standard (read only) policies: “kvstore:DescribeInstanceSSL”. [ENG-18756]

  • Added harvesting to determine whether Alibaba Database Instances have deletion protection enabled. [ENG-18827]

AWS

  • Added visibility into the SSH key that is associated with an EKS Node Group. [ENG-19014]
    • Added two new Query Filters—Container Node Group With SSH Remote Access Configured and Container Node Group Without SSH Remote Access Configured---to identify container node group resources that do/do not have an SSH key associated.
    • Modified Query Filter SSH Keypair Orphaned to include container node groups in its evaluation.

GCP

  • We now harvest the “supports redirect” property for GCP load balancers, surface that property in the UI, and include GCP resources in the Query Filter Load Balancer With/Without Redirection Rules. [ENG-19001]

Query Filters (22.4.8)

AWS

  • Container Node Group With SSH Remote Access Configured - New Query Filter identifies container node group resources that have an associated SSH key. [ENG-19014]

  • Container Node Group Without SSH Remote Access Configured - New Query Filter identifies container node group resources that do not have an associated SSH key. [ENG-19014]

  • Load Balancer SSL Protocol Version - New Query Filter is linked to the Query Filter Resource Does Not Support TLS 1.2 to identify AWS Application, Network and Gateway Load Balancers running SSL policies that support TLS 1.0/1.1. [ENG-18778]

  • SSH Keypair Orphaned - Query Filter modified to include container node groups in its evaluation. [ENG-19014]

AZURE

  • Serverless Function Invalid Diagnostic Logging Configuration (Azure) - Updated the Query Filter to return any serverless functions where their parent function app has an invalid diagnostic setting configuration. [ENG-18577]

GCP

  • Load Balancer With/Without Redirection Rules - Updated Query Filter to include GCP resources. [ENG-19001]

Infrastructure as Code (IaC) New Support (22.4.8)

  • Upgraded Terraform IaC scanning to support the latest version of the AzureRM provider. Scanning Terraform plans containing supported Azure resources that were generated with a AzureRM provider version prior to v3.x.x may produce unexpected results. We recommend using the latest 3.x version of the AzureRM provider. Additionally, support for performing IaC scans against Azure DataLake Store resources has been removed as it is no longer supported by Terraform. [ENG-18315]

  • Upgraded Terraform IaC scanning to support the latest version of the Google provider. Scanning Terraform plans containing supported Google resources that were generated with a Google provider version prior to v4.x.x may produce unexpected results. We recommend using the latest 4.x version of the Google provider. [ENG-18316]

Bug Fixes (22.4.8)

  • [ENG-19010] Addressed an issue when inspecting past scheduled events in “Resource Details > Activity > Scheduled Events” that prevented the events from loading correctly.

  • [ENG-18998] Fixed an issue where the Bot action “Mirror Resource Tags From Parent” might fail when attempting to update the tags of an EC2 that is not a member of an autoscaling group.

  • [ENG-18872] Fixed an edge case where a duplicate record could exist in the ResourceAgent table, resulting in a count mismatch for several agent filters; hardened associated Query Filters—e.g., Instance With Qualys Agent Configured—against this edge case.

  • [ENG-18856] Fixed a display bug where the wrong resource types were being displayed in the Harvest Info screen for the ResourceVulnerabilityHarvester and InstanceInterfaceIpHarvester jobs.

  • [ENG-18827] Fixed an issue in Alibaba Cloud where we were not detecting whether some Alibaba Database Instances were publicly accessible. Alibaba database instances on a VPC can have a public endpoint associated with them which is similar to enabling the publicly accessible property in AWS.

  • [ENG-18822] Fixed an issue where Insight cache did not exclude cloud accounts in a paused state, which could result in result discrepancies.

  • [ENG-18821] Fixed an issue where GCP Database resources did not have the correct direct link.

  • [ENG-18817] Fixed an issue that occurred when running IaC scans on Terraform plans containing AWS MQ instances caused by Terraform adding double quotes around boolean values in the Terraform plan.

  • [ENG-18742] Fixed a bug where the harvesting job AzureArmInstanceInterfaceIpHarvest was failing when Azure Virtual Machines/Virtual Machine Scale sets did not return a storage profile.

  • [ENG-18721] Added fix for Notification Topic and Storage Container policy Bots. Previously these bots would have worked as expected when replacing policies but on append the policy would update in AWS but not in the database. Added supplemental error handling to relay malformed policies messages in the UI and ensure that all scheduled events enter a completed state.

  • [ENG-18707] Fixed an issue where the Compliance Scorecard did not include Insight metadata for core Insights that were associated with custom Insight Packs.

  • [ENG-18686] Resolved an issue where, in some cases, the body preview in BotFactory email actions didn’t match what was displayed to the user.

  • [ENG-18620] Fixed an issue preventing newly added cloud accounts managed by an AWS or Azure organization from emitting a creation event for Bots.

  • [ENG-18577] Fixed a bug with the Query Filter Serverless Function Invalid Diagnostic Logging Configuration (Azure).

  • [ENG-18423] Fixed an edge case where Bot’s launched from a core/custom Insight would be created when the Cancel button was clicked.

  • [ENG-16124] Fixed an issue where duplicate cloud scopes would be shown on the resources page if an Insight was scoped to a badge and then results for an individual cloud were inspected.

  • [ENG-15623] Fixed an issue with Azure PostgreSQL Flexible servers in scope for Query Filter Resource has a Private Endpoint. These servers do not support private endpoints.