23.9.12 Release Notes
InsightCloudSec Software Release Notice - 23.9.12 Release
DivvyCloud Docs Site End-of-Life (EOL) Update
On August 1st, 2023, the InsightCloudSec documentation transitioned to docs.rapid7.com
to be with the documentation for the rest of the Rapid7 software portfolio. The old site (docs.divvycloud.com
) will continue to exist until Tuesday, September 19th, 2023, but will remain static. After this date, any links to the old site will be redirected to their docs.rapid7.com/insightcloudsec/
counterpart, so the old site will functionally not be visible publicly. Visit our Getting Support page for details on contacting support for any questions or issues with the transition.
Release Highlights (23.9.12)
InsightCloudSec is pleased to announce Release 23.9.12. This release includes added visibility and harvesting for Azure Event Grid System Topics. We have resolved CVE-2022-23647 and CWE-79 vulnerabilities, which relate to Cross-site Scripting. This release also includes numerous tweaks to improve the User Experience and performance. In addition, 23.9.12 includes one updated Insight, one deprecated Insight, one new Insight, four updated Query Filters, one new Query Filters, one new Bot action, and 13 bug fixes.
- Contact us through the unified Customer Support Portal with any questions.
Self-Hosted Deployment Updates (23.9.12)
Release availability for self-hosted customers is Thursday, September 14, 2023. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update
command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
latest
23.9.12
23.9.12.5cece7b87
New Permissions Required (23.9.12)
Note: Additional permissions references can be found at the end of the release notes under “Required Policies & Permissions”.
New Permissions: Azure
New Permissions: AzureFor Azure Commercial and GovCloud Standard (Reader Role):
- "Microsoft.EventGrid/systemTopics/read",
- "Microsoft.EventGrid/systemTopics/eventSubscriptions/read"
These permissions support the newly added resource Azure Event Grid System Topic. [ENG-30980]
Features & Enhancements (23.9.12)
Resolved CVE-2022-23647 and CWE-79 vulnerabilities, which relate to Cross-site Scripting. [ENG-31106]
Added display of associated SSH Key Pairs and Instances to the Related Resources tab of the Resource Detail side-panel. Only Related Resources opened for an Instance resource will display associated SSH keys; only Related Resources opened for an SSH Key Pair will display associated Instances. [ENG-28643]
Reduced the memory usage of the IaC analyzer. [ENG-30344]
Added Exemption ID columns to the Exemptions table and the CSV export. [ENG-30876]
Standardized Azure attack path name from
Internet exposed VM has high severity vulnerabilities
ToPublicly exposed VM has high severity vulnerabilities
. [ENG-28224]Added “Application” and “Application Business Critical” advanced filters to the Vulnerabilities page. [ENG-29865]
User Interface & User Experience Changes (23.9.12)
Minor UI/UX tweaks to enhance the user experience. These include:
- Changing the cursor to a pointer for click actions on charts
- Adjustments to tooltip content and formatting to aid user understanding
- Updating some chart color palettes
- [ENG-30066]
Added a Settings dropdown called 'Settings' on the Identity Analysis Page which has buttons linking to the IAM Settings page and the Identity ManagementIdentity Analysis Setting page. [ENG-29555]
Resources (23.9.12)
AZURE
Added visibility and harvesting for Azure Event Grid System Topics (Compute category, new resource type Event Grid System Topic). New permissions are required to access this new resource for both the Azure Custom Reader Role and the Azure GovCloud Custom Reader Role: “Microsoft.EventGrid/systemTopics/read” and “Microsoft.EventGrid/systemTopics/eventSubscriptions/read”. [ENG-30980]
For Attack Path Analysis, added relationships between Event Grid System Topics and Event Grid Subscriptions; Azure Event Grid System Topics (for the topic Microsoft.Resources.Subscriptions) and Azure Event Grid Subscriptions will now show as related resources. Azure Event Grid Subscriptions and Azure Service Bus Queues will also show as related resources. [ENG-31053]
Added infrastructure_encryption field to Storage Containers–as well as the associated Insight
Storage Container without Infrastructure Encryption
and the associated Query FilterStorage Container With/Without Infrastructure Encryption
--to check if the field is enabled. [ENG-30468]
GCP
Added GCP Source Document support for DNS Zones. [ENG-23632]
Added GCP Source Document support for Database Snapshots. [ENG-28076]
Insights (23.9.12)
AWS
Resource Specific Policy allows access to all Principals
- New Insight matches resource-based policies which have the "Principal":"*" wildcard. [ENG-29292]
AZURE
Storage Account with Unencrypted File Service (Azure)
- This Insight has now been deprecated. [ENG-30071]
Query Filters (23.9.12)
AWS
Resource Specific Policy allows access for all Principals
- New Query Filter identifies resource-based policies with wildcard characters allowing all principals. [ENG-29292]Storage Account Encryption Type
andStorage Resource Encryption Type
- These Query Filters have both been updated so that the "No Encryption" option is not auto-filled. Note: Pre-existing Bots with these Query Filters will not need reconfiguration. [ENG-30688]Web Application Firewall Version (AWS)
- Updated Query Filter now requires SelectionField. Note: Pre-existing Bots with this Query Filter will not need reconfiguration. [ENG-30688]
Bot Actions (23.9.12)
Azure
- New Bot action schedules the deletion of an Azure Open AI resource. [ENG-30547]
Bug Fixes (23.9.12)
Fixed an issue with the Azure IdentityDetailHarvester; missing permissions for Microsoft Graph (AuditLog.Read.All) were leading to false positives for missing MFA. [ENG-30873]
Fixed an issue where the
OracleStorageContainerHarvester
would crash if the cloud account being harvested had a custom log. [ENG-30834]Fixed an issue with adding a Query Filter to a Bot in BotFactory; when the Query Filter used a non-required single selection field, the Bot could not be saved without entering a selection. [ENG-30688]
Fixed a bug where the
Instance Without Defined Backup Policy
Query Filter would match replica Cache Instances even if the cluster did have a backup policy. [ENG-30358]Fixed a bug where the
Cache Instance without Automatic Failover Enabled
Insight was incorrectly configured. [ENG-30358]Fixed an issue with the Query Filter
Resource Provisioned From Unauthorized Network (AWS)
where malformed IPs caused the filter to err. [ENG-30315]Fixed a bug with Azure EDH that was preventing jobs from being scheduled after event detection. [ENG-30224]
Fixed an issue where Instances incorrectly appeared in Related Resources tab of the resource detail side panel of ResourceAccessListRules. [ENG-29993]
Fixed an edge case where pagination broke, preventing user from viewing and fetching next pages. [ENG-29284]
Fixed an issue where Service Access Keys on Azure would harvest without an associated principal attached. [ENG-28992]
Fixed Insights listing page when redirected to/from selecting a legacy pack from packs tab. [ENG-27447]
Fixed an issue where AWS Athena resources weren't deleted by EDH events. [ENG-22634]
Fixed an issue with EDH improperly handling DynamoDB delete events. [ENG-22574]
Required Policies & Permissions
Policies required for individual CSPs are as follows:
Alibaba Cloud
AWS
- Commercial
- Read Only Policy
- Power User Policy
- GovCloud
- Read Only Policy
- Power User Policy
- China
Azure
- Commercial
- GovCloud
GCP
- For GCP, since permissions are tied to APIs there is no policy file to maintain. Refer to our list of Recommended APIs that is maintained as part of our GCP coverage.
Oracle Cloud Infrastructure
Host Vulnerability Management
For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal.