InsightCloudSec Release Notes / Sep 12, 2023

Sep 12, 2023

23.9.12 Release Notes

InsightCloudSec Software Release Notice - 23.9.12 Release

DivvyCloud Docs Site End-of-Life (EOL) Update

On August 1st, 2023, the InsightCloudSec documentation transitioned to docs.rapid7.com to be with the documentation for the rest of the Rapid7 software portfolio. The old site (docs.divvycloud.com) will continue to exist until Tuesday, September 19th, 2023, but will remain static. After this date, any links to the old site will be redirected to their docs.rapid7.com/insightcloudsec/ counterpart, so the old site will functionally not be visible publicly. Visit our Getting Support page for details on contacting support for any questions or issues with the transition.

Release Highlights (23.9.12)

InsightCloudSec is pleased to announce Release 23.9.12. This release includes added visibility and harvesting for Azure Event Grid System Topics. We have resolved CVE-2022-23647 and CWE-79 vulnerabilities, which relate to Cross-site Scripting. This release also includes numerous tweaks to improve the User Experience and performance. In addition, 23.9.12 includes one updated Insight, one deprecated Insight, one new Insight, four updated Query Filters, one new Query Filters, one new Bot action, and 13 bug fixes.

Self-Hosted Deployment Updates (23.9.12)

Release availability for self-hosted customers is Thursday, September 14, 2023. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):

  1. latest
  2. 23.9.12
  3. 23.9.12.5cece7b87

New Permissions Required (23.9.12)

Note: Additional permissions references can be found at the end of the release notes under “Required Policies & Permissions”.

New Permissions: Azure

New Permissions: AzureFor Azure Commercial and GovCloud Standard (Reader Role):

  • "Microsoft.EventGrid/systemTopics/read",
  • "Microsoft.EventGrid/systemTopics/eventSubscriptions/read"

These permissions support the newly added resource Azure Event Grid System Topic. [ENG-30980]

Features & Enhancements (23.9.12)

  • Resolved CVE-2022-23647 and CWE-79 vulnerabilities, which relate to Cross-site Scripting. [ENG-31106]

  • Added display of associated SSH Key Pairs and Instances to the Related Resources tab of the Resource Detail side-panel. Only Related Resources opened for an Instance resource will display associated SSH keys; only Related Resources opened for an SSH Key Pair will display associated Instances. [ENG-28643]

  • Reduced the memory usage of the IaC analyzer. [ENG-30344]

  • Added Exemption ID columns to the Exemptions table and the CSV export. [ENG-30876]

  • Standardized Azure attack path name from Internet exposed VM has high severity vulnerabilities To Publicly exposed VM has high severity vulnerabilities. [ENG-28224]

  • Added “Application” and “Application Business Critical” advanced filters to the Vulnerabilities page. [ENG-29865]

User Interface & User Experience Changes (23.9.12)

  • Minor UI/UX tweaks to enhance the user experience. These include:

    • Changing the cursor to a pointer for click actions on charts
    • Adjustments to tooltip content and formatting to aid user understanding
    • Updating some chart color palettes
    • [ENG-30066]

  • Added a Settings dropdown called 'Settings' on the Identity Analysis Page which has buttons linking to the IAM Settings page and the Identity ManagementIdentity Analysis Setting page. [ENG-29555]

Resources (23.9.12)

AZURE

  • Added visibility and harvesting for Azure Event Grid System Topics (Compute category, new resource type Event Grid System Topic). New permissions are required to access this new resource for both the Azure Custom Reader Role and the Azure GovCloud Custom Reader Role: “Microsoft.EventGrid/systemTopics/read” and “Microsoft.EventGrid/systemTopics/eventSubscriptions/read”. [ENG-30980]

  • For Attack Path Analysis, added relationships between Event Grid System Topics and Event Grid Subscriptions; Azure Event Grid System Topics (for the topic Microsoft.Resources.Subscriptions) and Azure Event Grid Subscriptions will now show as related resources. Azure Event Grid Subscriptions and Azure Service Bus Queues will also show as related resources. [ENG-31053]

  • Added infrastructure_encryption field to Storage Containers–as well as the associated Insight Storage Container without Infrastructure Encryption and the associated Query Filter Storage Container With/Without Infrastructure Encryption--to check if the field is enabled. [ENG-30468]

GCP

  • Added GCP Source Document support for DNS Zones. [ENG-23632]

  • Added GCP Source Document support for Database Snapshots. [ENG-28076]

Insights (23.9.12)

AWS

  • Resource Specific Policy allows access to all Principals - New Insight matches resource-based policies which have the "Principal":"*" wildcard. [ENG-29292]

AZURE

  • Storage Account with Unencrypted File Service (Azure) - This Insight has now been deprecated. [ENG-30071]

Query Filters (23.9.12)

AWS

  • Resource Specific Policy allows access for all Principals - New Query Filter identifies resource-based policies with wildcard characters allowing all principals. [ENG-29292]

  • Storage Account Encryption Type and Storage Resource Encryption Type - These Query Filters have both been updated so that the "No Encryption" option is not auto-filled. Note: Pre-existing Bots with these Query Filters will not need reconfiguration. [ENG-30688]

  • Web Application Firewall Version (AWS) - Updated Query Filter now requires SelectionField. Note: Pre-existing Bots with this Query Filter will not need reconfiguration. [ENG-30688]

Bot Actions (23.9.12)

Azure

  • New Bot action schedules the deletion of an Azure Open AI resource. [ENG-30547]

Bug Fixes (23.9.12)

  • Fixed an issue with the Azure IdentityDetailHarvester; missing permissions for Microsoft Graph (AuditLog.Read.All) were leading to false positives for missing MFA. [ENG-30873]

  • Fixed an issue where the OracleStorageContainerHarvester would crash if the cloud account being harvested had a custom log. [ENG-30834]

  • Fixed an issue with adding a Query Filter to a Bot in BotFactory; when the Query Filter used a non-required single selection field, the Bot could not be saved without entering a selection. [ENG-30688]

  • Fixed a bug where the Instance Without Defined Backup Policy Query Filter would match replica Cache Instances even if the cluster did have a backup policy. [ENG-30358]

  • Fixed a bug where the Cache Instance without Automatic Failover Enabled Insight was incorrectly configured. [ENG-30358]

  • Fixed an issue with the Query Filter Resource Provisioned From Unauthorized Network (AWS) where malformed IPs caused the filter to err. [ENG-30315]

  • Fixed a bug with Azure EDH that was preventing jobs from being scheduled after event detection. [ENG-30224]

  • Fixed an issue where Instances incorrectly appeared in Related Resources tab of the resource detail side panel of ResourceAccessListRules. [ENG-29993]

  • Fixed an edge case where pagination broke, preventing user from viewing and fetching next pages. [ENG-29284]

  • Fixed an issue where Service Access Keys on Azure would harvest without an associated principal attached. [ENG-28992]

  • Fixed Insights listing page when redirected to/from selecting a legacy pack from packs tab. [ENG-27447]

  • Fixed an issue where AWS Athena resources weren't deleted by EDH events. [ENG-22634]

  • Fixed an issue with EDH improperly handling DynamoDB delete events. [ENG-22574]

Required Policies & Permissions

Policies required for individual CSPs are as follows:

Alibaba Cloud

AWS

Azure

GCP

Oracle Cloud Infrastructure

Host Vulnerability Management

For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal.