Skip to Content
Release NotesInsightcloudsec22.9.14 Release Notes

Sep 13, 2022

InsightCloudSec is pleased to announce Release 22.9.14

InsightCloudSec Software Release Notice - 22.9.14 Release (09/14/22)

Our latest Release 22.9.14 is available for hosted customers on Wednesday, September 14, 2022. Availability for self-hosted customers is Thursday, September 15, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

New Release Versioning - Now Live

Beginning back on September 7, 2022 - InsightCloudSec implemented dates for our release versions. All releases have removed the Major/Minor designation and use the release date to allow us to focus on efficiently deploying features and bug fixes for every release.

  • Release Notes are now identified by the date and will be provided with each release.
  • Product documentation is now versioned by year/month (e.g., v22.9, v22.10 (yy.m/mm)) and will be updated to reflect content applicable to releases issued during the specified month. v22.9 is now live
  • Health of service for InsightCloudSec will be available as part of http://status.rapid7.com/. If you have any questions or concerns, reach out to your Cloud Customer Success Specialist, or contact us through the Customer Support Portal.

Release Highlights (22.9.14)

InsightCloudSec is pleased to announce Release 22.9.14. This release includes added AWS GovCloud permissions in support of the AWS QuickSight resource, expanded AWS EDH support for DynamoDB and DAX, and Azure China and Azure GovCloud support for Resource Vulnerability Harvester. In addition, 22.9.14 includes updates to the content of over 100 Insights, one updated Query Filter, one new Bot action, and 15 bug fixes.

  • This release does not contain any specific updates for our Cloud IAM Governance module.
  • Contact us through the unified Customer Support Portal with any questions.

New Permissions Required (22.9.14)

⚠️

New Permissions Required: AWS GovCloud

For AWS GovCloud Standard (Read-Only) Users: “quicksight:DescribeAccountSettings”, “quicksight:DescribeAccountSubscription”, “quicksight:DescribeIpRestriction”, “quicksight:ListUsers”

For AWS GovCloud Power Users: “quicksight:*****”

These new required permissions support the recently added QuickSight resource for AWS GovCloud. [ENG-19445]

Note: We recommend our AWS commercial (non-GovCloud) Standard (Read-Only) Users employ AWS’ managed read-only policy, supplemented by a small additional InsightCloudSec policy. The benefit of using the AWS managed policy lies in AWS’ continuously updating the policy for new services, making it easier for the customer to attach and maintain the policy. Details on this recommendation can be found at AWS IAM Policies Standard User (Read-Only) AWS-managed supplemental policy.

Features & Enhancements (22.9.14)

  • Added display of “Description” information on Azure “Cloud Policy” Resource type. [ENG-19421]

  • Added a new API endpoint to allow customers to delete one or more labels from an Insight. Check out Delete Insight Labels for more details [ENG-19346]

  • Updated the Insight Exemption view to show the Bot that created the exemption. [ENG-19224]

  • Added query Parameter “source” to v3/principals/<principal_resource_id>/actions endpoint. Refer to the List Principal Activity EndPoint for details. [ENG-19219]

  • Provides customers the option to retain existing scheduled events when modifying Bots. [ENG-18171]

Resources (22.9.14)

AWS

  • Added AWS EDH support for DynamoDB and DAX. [ENG-19244]

AZURE

  • Added Azure China and Azure GovCloud support for Resource Vulnerability Harvester. [ENG-18438]

Insights (22.9.14)

Updates to Insight Content This release includes updates for hundreds of Insights to revise Insight names and descriptions for core Insights. These updates include:

  • Insight names are provided in title case format and some Insight titles have been updated for consistency
  • Overviews have been revised for accuracy and to ensure the right information is displayed
  • Updated Insights will provide details on the clouds (Cloud Service Providers) supported by the Insights

For a complete list of Insights that are part of these updates reach out to your CSM or support.

[ENG-16795, ENG-18171, ENG-19207, ENG-19209]

Query Filters (22.9.14)

MULTI-CLOUD/GENERAL

  • Resource With Insight Finding By Severity - Query Filter updated to provide option to return resources flagged beyond a given time period. [ENG-15007]

Bot Actions (22.9.14)

  • New Bot action - “Disable Cosmos DB Public Access” created to disable public access on Azure Cosmos DB [ENG-14823]

Bug Fixes (22.9.14)

  • [ENG-19487] Fix to the NYDFS Compliance Pack findings to remove some licensed Insight findings and enable all customers to use this Compliance Pack without any additional changes or features.

  • [ENG-19480] We have added pagination support to AWS ECS cluster and service harvesting to reduce API calls and improve performance.

  • [ENG-19477] Fixed a bug that would prevent Qualys agent information from harvesting. Increased the limit for Resource Inventory exports from 250,000 to 1,000,000 results.

  • [ENG-19448] Fixed a bug in Azure Private Link related to harvesting service.private_endpoint_connections.

  • [ENG-19424] Updated our default Event-driven Harvesting rules to ignore events that have error codes. These events do not reflect state changes in resources, i.e,. create, delete, or update, so are less important to harvest. Further, we are filtering out some events generated by the AWS service ecs.amazonaws.com as these service-generated events can overwhelm the total number of events harvested without providing significant actionable or informative docs.information relative to other events:

    • CreateNetworkInterface
    • CreateTags
    • DeleteNetworkInterface
    • DeleteTags
    • ModifyNetworkInterfaceAttribute

  • [ENG-19383] Fixed an issue where the WebAppHarvester was failing when no possible outbound IP addresses were returned

  • [ENG-19335] Resolved an error in the Threat Findings resource panel to fix sorting.

  • [ENG-19332] Resolves issue to update filter operator in Threat Findings for Badges from “or” to “in”.

  • [ENG-18999] Fixed a bug that prevented the display of GCP BigQuery Dataset sizes.

  • [ENG-18744] Fixed an issue where the autoscaling group harvester wasn’t working for GCP.

  • [ENG-18251] Updated Azure App Service Plan in Bot action “Assign Multiple Tags To Resource” to call the correct method.

  • [ENG-17844] Fixed an issue with Query Filter Database/Big Data Instance Manual Backup Age (AWS) in which Database Cluster child instances were incorrectly flagged when a manual cluster snapshot was created.

  • [ENG-17842] Fixed performance issues with the Container Image Vulnerability Severity Search Query Filter.

  • [ENG-17232] Added static route count for VPN resources in GCP.

  • [ENG-15313] Previously, the check for a publicly accessible database instance used the ‘from_ip’ and ‘to_ip’ fields to check for the full ip address range of 0.0.0.0 to 255.255.255.255. This did not account for Azure’s ‘AllowAllWindowsAzureIps’ setting, which can be toggled on and off in the UI without the creation of a firewall rule.

This fix adds an additional check for the firewall rule name linked to this toggle (AllowAllWindowsAzureIps). A database instance is now classed as publicly accessible if it has a single firewall rule open to the full ip address range OR a firewall rule with the reserved name ‘AllowAllWindowsAzureIps’.