23.9.19 Release Notes
InsightCloudSec Software Release Notice - 23.9.19 Release
DivvyCloud Docs Site End-of-Life (EOL) Update
On August 1st, 2023, the InsightCloudSec documentation transitioned to docs.rapid7.com
to be with the documentation for the rest of the Rapid7 software portfolio. The old site (docs.divvycloud.com
) will continue to exist until a near-future date but will remain static. After this date, any links to the old site will be redirected to their docs.rapid7.com/insightcloudsec/
counterpart, so the old site will functionally not be visible publicly. However, the API reference will still be available until further notice. Visit our Getting Support page for details on contacting support for any questions or issues with the transition.
Release Highlights (23.9.19)
InsightCloudSec is pleased to announce Release 23.9.19. This release includes content updates and scripting support to the GCP and Azure onboarding experiences, expanded Regex support for Query Filters, and a filtering behavior change to Identity Analysis. In addition, 23.9.19 includes two updated Insight, multiple updated Query Filters to add REGEX field options, and eight bug fixes.
- Contact us through the unified Customer Support Portal with any questions.
Self-Hosted Deployment Updates (23.9.19)
Release availability for self-hosted customers is Thursday, September 21, 2023. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update
command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
latest
23.9.19
23.9.19.c011c5581
Features & Enhancements (23.9.19)
Updated onboarding content:
Added GCP scripting support to onboarding. Review the GCP Onboarding documentation for more information. [ENG-29570]
Added a new script flow for Azure onboarding. Review the Azure Onboarding documentation for more information. [ENG-29571]
Other general Azure onboarding content updates. [ENG-29574]
Related resources denote whether or not they've been explored using new iconography. [ENG-29390]
Interacting with the Trends and Analytics charts on the Identity Analysis page will now additively filter instead of resetting the filters list. [ENG-29450]
Insights (23.9.19)
AWS
- Updated two Insights to have a severity of 5 for consistency with other similar Insights reporting the same public access but via another means (e.g., ACL). [ENG-31318]
Storage Container Public Access Via Resource Access Policy
Resource Violation Identified by IAM Access Analyzer – Public
Query Filters (23.9.19)
Validation for REGEX Fields
This change adds the REGEX field option to the remaining filters in ICS that use REGEX, but were not included on the first pass of filters to which the new option was added. Any Bots that are using these filters but have been supplied with an invalid REGEX pattern will be marked as invalid upon release. These can be reconfigured as normal through BotFactory. The following filters have been affected by this change:
App Run Service Repository Regular Expression (Regex)
Database Cluster Activity Stream Name Regular Expression (Regex)
Identity Provider Regular Expression
Instance Running Unapproved Image (Regex/Age)
Resource Associated With Access List (Regex)
Instance Using Specific Role (Regex)
Instance User Data Search (Regex)
– DEPRECATEDInstance Associated With Subnet By Name (Regex)
Instance Has Been Accessed Via SSM
Message Queue Redrive Policy Configuration (Regex)
Machine Learning Instance Environment
Machine Learning Instance Environment Version
Network Interface Description Regular Expression
Access List Name Regular Expression (Regex)
Access List Name Regular Expression Exclusion (Regex)
Instance Operating System Distribution (Regex)
Serverless Function Contains Specific Environment Variables (Regex)
Resource Encryption Key Name Regular Expression (Regex)
Snapshot Description Regular Expression
Stack Template Contains Regex (AWS)
Stack Template Excludes Regex (AWS)
Storage Container Configured With Lifecycle Rules
Storage Container Not Configured With Lifecycle Rules
Parent Resource Contains Tag Key and Value Regular Expression (Regex)
Resource Contains Tag Key and Value Regular Expression (Regex)
Resource Contains Tag Key Regular Expression (Regex)
Template Spec Includes/Excludes Regular Expressions (Regex)
Web Application Firewall Contains Rule Group Reference
Resource Web Application Firewall Contains Rule Group Reference
Web Application Firewall Rule Name Regular Expression Search
Resource Web Application Firewall Rule Name Regular Expression Search (AWS)
Web Application Firewall Rules Contain Expression (GCP)
Validation has been added to all options within the following Query Filters. Any Bots that are using these Query Filters, but have been supplied with invalid input, will be marked as invalid upon release. These can be reconfigured as normal through BotFactory. The following filters have been affected by this change:
Resource Exposing Specific Ports
Resource Exposing All Ports
Resource InsightVM Risk Score
Resource Vulnerability Wildcard Search
Resource Vulnerability Count By Severity
Resource Age Exceeds
Resource Age Exceeds Threshold
Resource Age At Most
Resource Monthly Cost
Resource In Region
Resource Not In Region
Resource Recently Modified
Resource Recently Created Or Discovered
Resource Is Marked Noncompliant
Resource In Cloud With/Without Badge Key/Value
Resource In Cloud With/Without Badge Key
Resource Scheduled For Deletion
Resource Not In Resource Group
Resource In Resource Group
Resource In Resource Group (Regex)
Resource Not Associated With Active Insight Exemptions
Resource In/Not In Cloud Account
Resource Not In Cloud With Badge Key/Value
Resource Allows Ingress Access From Unapproved Networks
Resource With Permissive Network Access Rules
Resource With Drift Protection
Resource With/Without Azure Lock (Azure)
Resource By Cloud Provider Name
Resource Provisioned From Unauthorized Network (AWS)
Resource With Suspicious Event
Resource Provisioned Using Terraform
Resource Not Provisioned Using Terraform
Resource Provisioned Using Cloud Formation
Resource Not Provisioned Using Cloud Formation
Resource Associated With Application By Category
Resource Associated With Business Critical Application
Resource Not Associated With Business Critical Application
Resource Violation Identified By IAM Access Analyzer
Cloud User/Role Console Logon From Unauthorized Network
Resource Contains Tag Key/Value Pair
Resource Contains Tag Key and Value Regular Expression (Regex)
Resource Contains Multiple Tag Keys And Value Regular Expressions (Regex)
Resource Contains Tag Key Regular Expression (Regex)
Resource Contains Tag Key With Empty Value
Resource Contains Tag Key and Value Email Validation
Resource Does Not Contain Tag Key/Value Pair
Resource Contains Tag Key
Resource Missing Tag Keys (Any Missing)
Resource Missing Tag Keys (All Missing)
Resource Associated With Map Reduce Cluster
Resource Tag Date Comparison
Resource Tag Date/Time Comparison
[ENG-30498]
Bug Fixes (23.9.19)
Fixed an edge case where the notification topic harvester for AWS was not finding resources triggered by EDH. [ENG-31387]
Fixed a bug involving ability to disable the following AWS regions: ap-south-2, eu-south-2, eu-central-2, and ap-southeast-4. [ENG-31093]
Fixed an issue with Related Resources for Azure Subnet and Azure Route Table. [ENG-30886]
Fixed an issue with false positives with the
Instance With/Without Default Route To Internet
Query Filter limited to Azure resources. [ENG-30886]Fixed an issue that caused OCI DatabaseInstanceHarvester to sometimes crash when trying to find IPNetworks for Autonomous Databases. [ENG-30815]
Fixed an issue with Resource Created (Delayed) hookpoint. [ENG-30694]
Fixed an issue with Query Filter
App Service Not Enforcing Client Certificate Validation
giving false positives. Query Filter now excludes resources with HTTP Version 2.0 from the results as resources with this field automatically have 'Client Certificate Model’ set to ignore. [ENG-30577]Fixed KeyError in AWSContainerClusterHarvester. [ENG-29690]
Required Policies & Permissions
Policies required for individual CSPs are as follows:
Alibaba Cloud
AWS
- Commercial
- Read Only Policy
- Power User Policy
- GovCloud
- Read Only Policy
- Power User Policy
- China
Azure
- Commercial
- GovCloud
GCP
- For GCP, since permissions are tied to APIs there is no policy file to maintain. Refer to our list of Recommended APIs that is maintained as part of our GCP coverage.
Oracle Cloud Infrastructure
Host Vulnerability Management
For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal.