23.10.24 Release Notes

Oct 24, 2023

InsightCloudSec is pleased to announce Release 23.10.24

InsightCloudSec Software Release Notice - 23.10.24 Release

⚠️

DivvyCloud Docs Site End-of-Life (EOL) Update

On August 1st, 2023, the InsightCloudSec documentation transitioned to docs.rapid7.com to be with the documentation for the rest of the Rapid7 software portfolio. The old site (docs.divvycloud.com) will continue to exist until a near-future date but will remain static. After this date, any links to the old site will be redirected to their docs.rapid7.com/insightcloudsec/ counterpart, so the old site will functionally not be visible publicly. However, the API reference will still be available until further notice. Visit our Getting Support page for details on contacting support for any questions or issues with the transition.

Release Highlights (23.10.24)

InsightCloudSec is pleased to announce Release 23.10.24. This release includes vulnerability fixes, updating AWS onboarding content and paths, better BotFactory and Scheduled Events performance, expanded source documents support, and additional supported Attack Paths. In addition, 23.10.24 includes 24 new Insights, one new Query Filter, and eight bug fixes.

Self-Hosted Deployment Updates (23.10.24)

Release availability for self-hosted customers is Thursday, October 26, 2023. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal . Our latest Terraform template (static files and modules) can be found here . Modules can be updated with the terraform get -update command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here ):

latest
23.10.24
23.10.24.032ce929c

Features & Enhancements (23.10.24)

Resolved package security vulnerabilities in accordance with our vulnerability resolution policy. [ENG-32327, ENG-32271]
Added a new supported attack path that finds Azure publicly accessible instances that have Azure System-Assigned identities for which there are non-compliant Insight findings related to risky permissions. Insights (back-office or custom) must be tagged: riskypermissions and azure. [ENG-29654]
Optimized aspects of the BotFactory and Scheduled Events experience for better performance. [ENG-32355]
Updated AWS onboarding content and added an AWS onboarding script path. [ENG-29572, ENG-29569]

User Interface Changes (23.10.24)

Updated the Vulnerability Details blade (accessed from the Vulnerabilities tab in the Vulnerabilities feature)Vulnerabilities tab in the Resource Properties blade so that packages shown are only those related to the associated resource. [ENG-32188]
Improved color contrast in related resources nodes. [ENG-31307]

Resources (23.10.24)

GCP

Added GCP Source Document support for GCP ServiceEncryptionKeyVaults and ServiceEncryptionKeys. [ENG-28607]
Added Image Name information for GCP Instances in the UI. [ENG-31817]

Insights (23.10.24)

AZURE

Added 24 new risky permission Insights for Azure. As any permissions barred by Contributor are risky, that describes eight permission/action designators:
- Microsoft.Authorization/*/Delete
- Microsoft.Authorization/*/Write
- Microsoft.Authorization/elevateAccess/Action
- Microsoft.Blueprint/blueprintAssignments/write
- Microsoft.Blueprint/blueprintAssignments/delete
- Microsoft.Compute/galleries/share/action
- Microsoft.Purview/consents/write
- Microsoft.Purview/consents/delete
Each Insight has one of three scopes (tenant - severity 4, management group - severity 3, and subscription - severity 2), leading to 24 Insights. The new Insights are:
- Identity Resources with Microsoft Authorization Delete (management group): Identifies Identity Resources with permissions to delete Microsoft Authorization resources (management group).
- Identity Resources with Microsoft Authorization Elevate Access (management group): Identifies Identity Resources with permissions to perform a Microsoft Authorization elevate access action (management group).
- Identity Resources with Microsoft Authorization Write (management group): Identifies Identity Resources with permissions to write Microsoft Authorization resources (management group).
- Identity Resources with Microsoft Blueprint Delete (management group): Identifies Identity Resources with permissions to perform a Microsoft Blueprint delete (management group).
- Identity Resources with Microsoft Blueprint Write (management group): Identifies Identity Resources with permissions to perform a Microsoft Blueprint write (management group).
- Identity Resources with Microsoft Computer Gallery Share (management group): Identifies Identity Resources with permissions to perform a Microsoft Computer gallery share (management group).
- Identity Resources with Microsoft Purview Consents Delete (management group): Identifies Identity Resources with permissions to perform a Microsoft Purview consents delete (management group).
- Identity Resources with Microsoft Purview Consents Write (management group): Identifies Identity Resources with permissions to perform a Microsoft Purview consents write (management group).
- Identity Resources with Microsoft Authorization Delete (subscription): Identifies Identity Resources with permissions to delete Microsoft Authorization resources (subscription).
- Identity Resources with Microsoft Authorization Elevate Access (subscription): Identifies Identity Resources with permissions to perform a Microsoft Authorization elevate access action (subscription).
- Identity Resources with Microsoft Authorization Write (subscription): Identifies Identity Resources with permissions to write Microsoft Authorization resources (subscription).
- Identity Resources with Microsoft Blueprint Delete (subscription): Identifies Identity Resources with permissions to perform a Microsoft Blueprint delete (subscription).
- Identity Resources with Microsoft Blueprint Write (subscription): Identifies Identity Resources with permissions to perform a Microsoft Blueprint write (subscription).
- Identity Resources with Microsoft Computer Gallery Share (subscription): Identifies Identity Resources with permissions to perform a Microsoft Computer gallery share (subscription).
- Identity Resources with Microsoft Purview Consents Delete (subscription): Identifies Identity Resources with permissions to perform a Microsoft Purview consents delete (subscription).
- Identity Resources with Microsoft Purview Consents Write (subscription): Identifies Identity Resources with permissions to perform a Microsoft Purview consents write (subscription).
- Identity Resources with Microsoft Authorization Delete (tenant): Identifies Identity Resources with permissions to delete Microsoft Authorization resources (tenant).
- Identity Resources with Microsoft Authorization Elevate Access (tenant): Identifies Identity Resources with permissions to perform a Microsoft Authorization elevate access action (tenant).
- Identity Resources with Microsoft Authorization Write (tenant): Identifies Identity Resources with permissions to write Microsoft Authorization resources (tenant).
- Identity Resources with Microsoft Blueprint Delete (tenant): Identifies Identity Resources with permissions to perform a Microsoft Blueprint delete (tenant).
- Identity Resources with Microsoft Blueprint Write (tenant): Identifies Identity Resources with permissions to perform a Microsoft Blueprint write (tenant).
- Identity Resources with Microsoft Computer Gallery Share (tenant): Identifies Identity Resources with permissions to perform a Microsoft Computer gallery share (tenant).
- Identity Resources with Microsoft Purview Consents Delete (tenant): Identifies Identity Resources with permissions to perform a Microsoft Purview consents delete (tenant).
- Identity Resources with Microsoft Purview Consents Write (tenant): Identifies Identity Resources with permissions to perform a Microsoft Purview consents write (tenant).
[ENG-31898]

Query Filters (23.10.24)

AZURE

Storage Account Type - New Query Filter identifies Azure Storage Accounts by their type, e.g., Premium Storage, Standard Storage V2, etc. [ENG-27764]

Bug Fixes (23.10.24)

Fixed an issue where instances in some regions failed to assess due to incorrect snapshot permission handling. [ENG-32401]
Fixed an issue where storage containers with location in the name were causing the harvester to crash. [ENG-32297]
Fixed an issue where GCP storage containers with more than about 1 PB of data weren’t harvested. [ENG-32018]
Fixed an issue where logins would intermittently fail through the Insight Platform. [ENG-31459]
Fixed an issue where ‘AuditLog.Read.All’ was surfacing for Azure China when it wasn’t actually required. [ENG-30503]
Fixed the Query Filters Load Balancer Logging To Specified Storage Container and Load Balancer Not Logging To Specified Storage Container so that they now support classic load balancers. [ENG-29667]
Fixed a pagination bug in the Report Card view of the Compliance Scorecard where entering a search string would not reset the pagination index, resulting in “No Results” rendering incorrectly to the user. [ENG-29132]
Fixed a bug with AzureOrganizationHarvest and AzureOrganizationSyncSubscriptions where bad credentials with one organization would prevent others from updating. [ENG-25216]

Required Policies & Permissions

Policies required for individual CSPs are as follows:

Alibaba Cloud

Read Only Policy

AWS

Commercial \t- Read Only Policy \t\t - Part 1 \t\t- Part 2 \t\t- Part 3 \t- Power User Policy
GovCloud \t- Read Only Policy \t\t- Part 1 \t\t- Part 2 \t\t- Part 3 \t- Power User Policy
China \t- Read Only Policy \t\t- Part 1 \t\t- Part 2 \t\t- Part 3

Azure

Commercial \t- Custom Reader User Role \t- Power User Role \t- Reader Plus User Role
GovCloud \t- Custom Reader User Role \t- Power User Role

GCP

For GCP, since permissions are tied to APIs there is no policy file to maintain. Refer to our list of Recommended APIs that is maintained as part of our GCP coverage.

Oracle Cloud Infrastructure

Host Vulnerability Management

AWS Host VM User Policy

For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal .