InsightCloudSec Release Notes / Sep 19, 2023

Sep 19, 2023

23.9.19 Release Notes

InsightCloudSec Software Release Notice - 23.9.19 Release

DivvyCloud Docs Site End-of-Life (EOL) Update

On August 1st, 2023, the InsightCloudSec documentation transitioned to docs.rapid7.com to be with the documentation for the rest of the Rapid7 software portfolio. The old site (docs.divvycloud.com) will continue to exist until a near-future date but will remain static. After this date, any links to the old site will be redirected to their docs.rapid7.com/insightcloudsec/ counterpart, so the old site will functionally not be visible publicly. However, the API reference will still be available until further notice. Visit our Getting Support page for details on contacting support for any questions or issues with the transition.

Release Highlights (23.9.19)

InsightCloudSec is pleased to announce Release 23.9.19. This release includes content updates and scripting support to the GCP and Azure onboarding experiences, expanded Regex support for Query Filters, and a filtering behavior change to Identity Analysis. In addition, 23.9.19 includes two updated Insight, multiple updated Query Filters to add REGEX field options, and eight bug fixes.

Self-Hosted Deployment Updates (23.9.19)

Release availability for self-hosted customers is Thursday, September 21, 2023. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):

  1. latest
  2. 23.9.19
  3. 23.9.19.c011c5581

Features & Enhancements (23.9.19)

  • Updated onboarding content:

    • Added GCP scripting support to onboarding. Review the GCP Onboarding documentation for more information. [ENG-29570]

    • Added a new script flow for Azure onboarding. Review the Azure Onboarding documentation for more information. [ENG-29571]

    • Other general Azure onboarding content updates. [ENG-29574]

  • Related resources denote whether or not they've been explored using new iconography. [ENG-29390]

  • Interacting with the Trends and Analytics charts on the Identity Analysis page will now additively filter instead of resetting the filters list. [ENG-29450]

Insights (23.9.19)

AWS

  • Updated two Insights to have a severity of 5 for consistency with other similar Insights reporting the same public access but via another means (e.g., ACL). [ENG-31318]
    • Storage Container Public Access Via Resource Access Policy
    • Resource Violation Identified by IAM Access Analyzer – Public

Query Filters (23.9.19)

Validation for REGEX Fields

This change adds the REGEX field option to the remaining filters in ICS that use REGEX, but were not included on the first pass of filters to which the new option was added. Any Bots that are using these filters but have been supplied with an invalid REGEX pattern will be marked as invalid upon release. These can be reconfigured as normal through BotFactory. The following filters have been affected by this change:

  • App Run Service Repository Regular Expression (Regex)
  • Database Cluster Activity Stream Name Regular Expression (Regex)
  • Identity Provider Regular Expression
  • Instance Running Unapproved Image (Regex/Age)
  • Resource Associated With Access List (Regex)
  • Instance Using Specific Role (Regex)
  • Instance User Data Search (Regex) – DEPRECATED
  • Instance Associated With Subnet By Name (Regex)
  • Instance Has Been Accessed Via SSM
  • Message Queue Redrive Policy Configuration (Regex)
  • Machine Learning Instance Environment
  • Machine Learning Instance Environment Version
  • Network Interface Description Regular Expression
  • Access List Name Regular Expression (Regex)
  • Access List Name Regular Expression Exclusion (Regex)
  • Instance Operating System Distribution (Regex)
  • Serverless Function Contains Specific Environment Variables (Regex)
  • Resource Encryption Key Name Regular Expression (Regex)
  • Snapshot Description Regular Expression
  • Stack Template Contains Regex (AWS)
  • Stack Template Excludes Regex (AWS)
  • Storage Container Configured With Lifecycle Rules
  • Storage Container Not Configured With Lifecycle Rules
  • Parent Resource Contains Tag Key and Value Regular Expression (Regex)
  • Resource Contains Tag Key and Value Regular Expression (Regex)
  • Resource Contains Tag Key Regular Expression (Regex)
  • Template Spec Includes/Excludes Regular Expressions (Regex)
  • Web Application Firewall Contains Rule Group Reference
  • Resource Web Application Firewall Contains Rule Group Reference
  • Web Application Firewall Rule Name Regular Expression Search
  • Resource Web Application Firewall Rule Name Regular Expression Search (AWS)
  • Web Application Firewall Rules Contain Expression (GCP)

Validation has been added to all options within the following Query Filters. Any Bots that are using these Query Filters, but have been supplied with invalid input, will be marked as invalid upon release. These can be reconfigured as normal through BotFactory. The following filters have been affected by this change:

  • Resource Exposing Specific Ports
  • Resource Exposing All Ports
  • Resource InsightVM Risk Score
  • Resource Vulnerability Wildcard Search
  • Resource Vulnerability Count By Severity
  • Resource Age Exceeds
  • Resource Age Exceeds Threshold
  • Resource Age At Most
  • Resource Monthly Cost
  • Resource In Region
  • Resource Not In Region
  • Resource Recently Modified
  • Resource Recently Created Or Discovered
  • Resource Is Marked Noncompliant
  • Resource In Cloud With/Without Badge Key/Value
  • Resource In Cloud With/Without Badge Key
  • Resource Scheduled For Deletion
  • Resource Not In Resource Group
  • Resource In Resource Group
  • Resource In Resource Group (Regex)
  • Resource Not Associated With Active Insight Exemptions
  • Resource In/Not In Cloud Account
  • Resource Not In Cloud With Badge Key/Value
  • Resource Allows Ingress Access From Unapproved Networks
  • Resource With Permissive Network Access Rules
  • Resource With Drift Protection
  • Resource With/Without Azure Lock (Azure)
  • Resource By Cloud Provider Name
  • Resource Provisioned From Unauthorized Network (AWS)
  • Resource With Suspicious Event
  • Resource Provisioned Using Terraform
  • Resource Not Provisioned Using Terraform
  • Resource Provisioned Using Cloud Formation
  • Resource Not Provisioned Using Cloud Formation
  • Resource Associated With Application By Category
  • Resource Associated With Business Critical Application
  • Resource Not Associated With Business Critical Application
  • Resource Violation Identified By IAM Access Analyzer
  • Cloud User/Role Console Logon From Unauthorized Network
  • Resource Contains Tag Key/Value Pair
  • Resource Contains Tag Key and Value Regular Expression (Regex)
  • Resource Contains Multiple Tag Keys And Value Regular Expressions (Regex)
  • Resource Contains Tag Key Regular Expression (Regex)
  • Resource Contains Tag Key With Empty Value
  • Resource Contains Tag Key and Value Email Validation
  • Resource Does Not Contain Tag Key/Value Pair
  • Resource Contains Tag Key
  • Resource Missing Tag Keys (Any Missing)
  • Resource Missing Tag Keys (All Missing)
  • Resource Associated With Map Reduce Cluster
  • Resource Tag Date Comparison
  • Resource Tag Date/Time Comparison

[ENG-30498]

Bug Fixes (23.9.19)

  • Fixed an edge case where the notification topic harvester for AWS was not finding resources triggered by EDH. [ENG-31387]

  • Fixed a bug involving ability to disable the following AWS regions: ap-south-2, eu-south-2, eu-central-2, and ap-southeast-4. [ENG-31093]

  • Fixed an issue with Related Resources for Azure Subnet and Azure Route Table. [ENG-30886]

  • Fixed an issue with false positives with the Instance With/Without Default Route To Internet Query Filter limited to Azure resources. [ENG-30886]

  • Fixed an issue that caused OCI DatabaseInstanceHarvester to sometimes crash when trying to find IPNetworks for Autonomous Databases. [ENG-30815]

  • Fixed an issue with Resource Created (Delayed) hookpoint. [ENG-30694]

  • Fixed an issue with Query Filter App Service Not Enforcing Client Certificate Validation giving false positives. Query Filter now excludes resources with HTTP Version 2.0 from the results as resources with this field automatically have 'Client Certificate Model’ set to ignore. [ENG-30577]

  • Fixed KeyError in AWSContainerClusterHarvester. [ENG-29690]

Required Policies & Permissions

Policies required for individual CSPs are as follows:

Alibaba Cloud

AWS

Azure

GCP

Oracle Cloud Infrastructure

Host Vulnerability Management

For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal.