23.8.1 Release Notes

InsightCloudSec Software Release Notice - 23.8.1 Release

Release Highlights (23.8.1)

InsightCloudSec is pleased to announce Release 23.8.1. This release includes vulnerability fixes, updates to the Identity Management API, and interface improvements to Attack Paths and the Clouds Listing page. In addition, this release includes several Insight and Compliance pack updates, three new or modified Query Filters, one updated Bot Action, and nine bug fixes.

• Contact us through the unified Customer Support Portal with any questions.

New Permissions Required (23.8.1)

Features & Enhancements (23.8.1)

• Resolved CVE-2021-21306 and CWE-400 vulnerabilities, which relate to Regular Expression Denial of Service (ReDoS). [ENG-28483]

• Updated the identity-management API to reflect /principals and /federated-users endpoints. Updated the endpoint {{domain}}/v4/iam/identity-management/ to {{domain}}/v4/iam/identity-management/principals/. [ENG-30015]

• Attack Paths will now display an explicit "Internet" node when the viewed attack path is publicly accessible. [ENG-25951]

User Interface Changes (23.8.1)

• Clouds Listing, and associated modals, have all been implemented in React. The user experience has been improved. [ENG-28253]
• Disabled the "Console Access" button in the Just-In-Time IAM feature for roles meant for CLI access only. [ENG-29707]
• Added a visual indicator for active and inactive session credentials on the Just-in-time IAM feature. [ENG-29651]

Resources (23.8.1)

AWS

• We have added a new property to Cache Instances: Automatic Minor Version Upgrade.

• We have added a Query Filter, Cache Instance Automatic Minor Version Upgrade Status, to surface cache instances based upon the property.

• We added an Insight, Cache Instance without Automatic Minor Version Upgrades Enabled, to track status.

• We updated the BotFactory action "Modify Memcache Instance Attribute" to fix it.

• Further, we have updated our AWS Foundational Security Best Practices pack to include the new Insight as it matches the control "[ElastiCache.2] Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters".
  [ENG-29374]

• We have added suspicious event support for the AWS event AttachGroupPolicy. Now, if a group has a permission added that includes admin access, write access, and/or privilege escalation, we flag the event as suspicious and mark the group as having a suspicious event. [ENG-27885]

• Added support to the Host Vulnerability Management feature for assessing volumes encrypted with an AWS managed key. The new permissions (AWS commercial Read-Only users) required to use this feature are "kms:RetireGrant", "kms:GenerateDataKeyWithoutPlaintext", "kms:Encrypt", and "kms:Decrypt". [ENG-25743]

GCP

• Added GCP Source Document support for Spanner. We’ve also added Cloud Asset Inventory (CAI) support and added a direct link to the Spanner within the Resource Properties blade. [ENG-28594]
• Added GCP Source Document support for Service Account. [ENG-28636]
• Added GCP Source Document support for Cloud Functions. [ENG-28601]
• Added GCP Source Document support for Database Instance. [ENG-28517]

Insights (23.8.1)

AWS CIS 1.5
We are updating the AWS CIS 1.5 pack to the current release of AWS CIS 2.0. Major changes include:

• Adding two benchmarks:
  • 1.22 - Ensure access to AWSCloudShellFullAccess is restricted
  • 5.6 - Ensure that EC2 Metadata Service only allows IMDSv2
• Deleting one benchmark:
  • 2.1.1 - Ensure all S3 buckets employ encryption-at-rest
    [ENG-29902]

AWS

• Cache Instance without Automatic Minor Version Upgrades Enabled - New Insight tracks status of newly-added property for Cache Instances, Automatic Minor Version Upgrade. [ENG-29374]
  • We have updated our AWS Foundational Security Best Practices pack to include the new Insight as it matches the control "[ElastiCache.2] Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters".
    [ENG-29374]
• We have added the following Insights for AWS [ENG-29471]:
  • Cache Instance with Auth Token Disabled and using early Redis Version - New Insight identifies Redis cache instances which do not have auth token enabled and are running a version before version 6.0.
  • Cache Instance without Automatic Failover Enabled - New Insight identifies cache instances that do not have automatic failover enabled.
  • Cache Instances without Automatic Backups - New Insight identifies cache instances without automatic backups that require a snapshot retention period of 1 day or longer.
• We have updated our AWS Foundational Security Best Practice Pack to support the following controls [ENG-29471]:
  • ElastiCache.1 ElastiCache for Redis clusters should have automatic backups scheduled
  • ElastiCache.2 Minor version upgrades should be automatically applied to ElastiCache for Redis cache clusters
  • ElastiCache.3 ElastiCache for Redis replication groups should have automatic failover enabled
  • ElastiCache.4 ElastiCache for Redis replication groups should be encrypted at rest
  • ElastiCache.5 ElastiCache for Redis replication groups should be encrypted in transit
  • ElastiCache.6 ElastiCache for Redis replication groups before version 6.0 should use Redis AUTH

AZURE

• Serverless Function Configured with Deprecated Runtime - Updated Insight now supports Azure. [ENG-23328]

Query Filters (23.8.1)

AWS

• Cache Instance Automatic Minor Version Upgrade Status - New Query Filter surfaces cache instances based upon the newly-added property Automatic Minor Version Upgrade. [ENG-29374]

AZURE

• Serverless Function Using/Not Using Deprecated Runtime - Updated Query Filter now supports Azure. [ENG-23328]
  Oracle
• Database Instance/Cluster/Snapshot Engine - Query Filter modified to include several Oracle options [ENG-29924]:
  • Oracle Custom EE
  • Oracle EE CDB
  • Oracle Custom EE CDB
  • Oracle SE2 CDB

Bot Actions (23.8.1)

AWS

• "Modify Memcache Instance Attribute" - We updated this BotFactory action to be able to fix issues related to the new Insight Cache Instance without Automatic Minor Version Upgrades Enabled. [ENG-29374]

Bug Fixes (23.8.1)

• Fixed slow loading Vulnerabilities result rows. [ENG-30000]
• Hardened EDH harvesting for the AWS legacy event UpdateGlobalTable to allow the enqueuing of a subsequent harvest to collect full details. [ENG-29916]
• Added fix for Host Assessment in Azure and GCP where instances were failing to be assessed. [ENG-29881]
• Fixed an issue with CVSS score not showing iIn merged Vulnerabilities dashboard. [ENG-29775]
• Fixed error on downloading Vulnerabilities report. [ENG-29774]
• Changed apply remediation button to primary ghost button and added space. We also fixed the alignment between permission count and button. [ENG-29197]
• Fixed an error when harvesting an OCI database with a storage size of None. [ENG-28821]
• Fixed an issue involving API activity not logging for users who login via Rapid7 Insight platform. [ENG-28694]
• Fixed an issue where badge fields weren't appearing for the Snapshot With Active Share (AWS) and Resource Not In Cloud With Badge Key/Value Query Filters. [ENG-28304]