23.11.14 Release Notes
InsightCloudSec Software Release Notice - 23.11.14 Release
Limited Release for 23.11.21 and 23.11.28
Due to the upcoming U.S. Thanksgiving holiday and AWS ReInvent, Release 23.11.14 will be the last formal release until 23.12.5. SaaS or self-hosted customers may have minor bug fixes and we may provide limited releases for those weeks, but our next full release for both SaaS and self-hosted customers will be on 23.12.5. Reach out to your CSM or InsightCloudSec support with questions or concerns.
Release Highlights (23.11.14)
InsightCloudSec is pleased to announce Release 23.11.14. This release includes added support for AWS Shield Events in Threat Findings as well as harvesting for Google App Engine (App Engine Service and App Engine Service Version). In addition, 23.11.14 includes vulnerability fixes, two new Insights, one new Query Filter, and eight bug fixes.
- Contact us through the unified Customer Support Portal with any questions.
Self-Hosted Deployment Updates (23.11.14)
Release availability for self-hosted customers is Thursday, November 16, 2023. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
latest23.11.1423.11.14.82c0e23e1
Features & Enhancements (23.11.14)
Threat Findings now has support for AWS Shield attack events. These events correspond to individual attacks made against your existing AWS Shield Protection Plan resources (Network > DDoS Protection Plan). Users of all AWS Shield subscription plans will benefit from this expanded support as you’ll be able to browse, filter, and investigate attacks across all of your onboarded AWS accounts and Organizations. This support is enabled using a feature flag; contact Support or your CSM for details. [ENG-22134]
Provided two additional options for advanced filtering results on the Attack Path Analysis page:
- Attack Path Source: filters on attack paths whose first node is in selected resources.
- Target Resource: filters on attack paths whose last node is in selected resources.
[ENG-32838]
Adds new Bot hookpoint, Resource Modified (Delayed), which will run Bot Actions after a period of time, giving resources more time to update or reconfigure. [ENG-32451]
Updated the Related Resources display to identify network-related resources for Azure Service Bus. [ENG-31967]
Resources (23.11.14)
AWS
- Expanded
MapReduceClusterHarvesterwith information about blocking public access. Added new Query FilterEMR With/Without Block Public Access setting (AWS)and new InsightMap Reduce Cluster Without Block Public Access Setting. [ENG-31378]
GCP
- Added Google App Engine harvesting functionality to ICS as well as two new resource types to represent the data on the ICS interface: "App Engine Service" and "App Engine Service Version" (both in the Compute category). No new APIs are needed; the permissions needed are pulled using the already-recommended Cloud Asset Inventory API. [ENG-21737]
Insights (23.11.14)
AWS
Map Reduce Cluster Without Block Public Access Setting- New Insight identifies Map Reduce Clusters without public access setting. Severity level is 5. [ENG-31378]
MULTI-CLOUD/GENERAL
Storage Container with Public ACL Grants- New Insight identifies Storage Containers, e.g., AWS S3 buckets, with permissive access lists. This Insight will use the existing Query FilterStorage Container Exposing Specific Permissions. [ENG-32726]
Query Filters (23.11.14)
AWS
EMR With/Without Block Public Access setting (AWS)- New Query Filter Map Reduce Clusters that are/are not (default) configured with block public access enabled. [ENG-31378]
Bug Fixes (23.11.14)
Resolved package security vulnerabilities in accordance with our vulnerability resolution policy. [ENG-32632, ENG-28488]
Fixed icons not loading in specific cases; fixed infinite loading in edge cases. [ENG-32672]
Fixed bug with improper wrapping of long API Activity logs. [ENG-32653]
Fixed an issue with the Vulnerability tab on the Resource blade defaulting to Host Vulnerability Assessment, even when there were no results. [ENG-32330]
Fixed an edge case where disabled regions were re-enabled after the region harvester ran for AWS accounts. [ENG-29973]
Fixed an issue where the Query Filter
Web Application Firewall With/Without Associated Resourcesdid not return resources that had zero associations. [ENG-29497]Fixed a bug with Host Vulnerability Analysis scans failing due to permissions issue; added two new permissions to the Rapid7 Egress Host Vulnerability Management policy that are required for InsightCloudSec to share modified encrypted snapshots with the Host Assessment Service for a Vulnerability Assessment. This policy is included with the onboarding CloudFormation Templates. [ENG-28043]
Required Policies & Permissions
Policies required for individual CSPs are as follows:
Alibaba Cloud
AWS
- Commercial
- Read Only Policy
- Power User Policy
- GovCloud
- Read Only Policy
- Power User Policy
- China
Azure
- Commercial
- GovCloud
GCP
- For GCP, since permissions are tied to APIs there is no policy file to maintain. Refer to our list of Recommended APIs that is maintained as part of our GCP coverage.
Oracle Cloud Infrastructure
Host Vulnerability Management
For any questions or concerns, as usual, reach out to us through your CSM, or the Customer Support Portal.