InsightCloudSec Release Notes / Jan 30, 2024

Jan 30, 2024

24.1.30 Release Notes

InsightCloudSec Software Release Notice - 24.1.30 Release

Release Highlights (24.1.30)

InsightCloudSec is pleased to announce Release 24.1.30. This release includes visibility and support for AWS Glue Job and AWS Glue Crawler. In addition, 24.1.30 includes vulnerability fixes, one new Insight, one updated Query Filter, five new Query Filters, one new Bot action, and eight bug fixes.

Self-Hosted Deployment Updates (24.1.30)

Release availability for self-hosted customers is Thursday, February 1, 2024. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):

  1. latest
  2. 24.1.30
  3. 24.1.30.c52eb95ac

ECR Build ID: c52eb95ace181962cf5be09fa849780eb6c105d9

New Permissions Required (24.1.30)

Note: Additional permission references can be found at the end of the release notes under “Required Policies & Permissions”.

New Permissions: AWS

New Permissions: AWS

For AWS Commercial and GovCloud Standard (Read-Only) Users:

  • "glue:GetCrawler"
  • "glue:GetCrawlers"
  • "glue:GetJob"
  • "glue:GetJobs"
  • "glue:GetSecurityConfiguration"
  • "glue:ListJobs"

These permissions support the newly added resources AWS Glue Job and AWS Glue Crawler. [ENG-33161, ENG-33159].

UI Enhancement (24.1.30)

  • Added two new modals for Resource Group and Cloud account role scoping. [ENG-34495]

Resources (24.1.30)

AWS

  • Added visibility and support for AWS Glue Job (new Resource Type ETL Job in category Storage). Two new permissions, "glue:GetJob" and "glue:GetJobs" are required for AWS Commercial and AWS GovCloud Read-only users. [ENG-33161]

  • Added visibility and support for AWS Glue Crawler (new Resource Type ETL Crawler under Storage category). The following four new permissions are required for both the AWS Commercial and AWS GovCloud Read-only policies: "glue:GetCrawler", "glue:GetCrawlers", "glue:GetSecurityConfiguration", and "glue:ListJobs". [ENG-33159]

Insights (24.1.30)

GCP

  • Cloud Credential For Disabled API - New Insight identifies cloud credentials scoped to specific APIs which are disabled for the project. [ENG-32564]

Query Filters (24.1.30)

AWS

  • Database Instance Parameter Group Filter- New Query Filter matches database instances that are associated with a parameter group that does/doesn't have a specified value of the parameter. [ENG-32117]

  • Database Instance Option Group Filter - New Query Filter matches database instances that are associated with an option group that does/doesn't have a specified option name or value of the option setting. [ENG-32117]

  • Database Cluster Parameter Group Filter - New Query Filter matches database clusters that are associated with a parameter group that does/doesn't have a specified value of the parameter. [ENG-32117]

  • Resource Web Application Firewall Contains Managed Rule Names - Updated description to clarify the filter matches resources based on the associated web application firewall having one or more supplied managed rule names. Please note this is not applicable to CloudFront resources." [ENG-33307]

GCP

  • Cloud Account Without Sink Configured For All Log Entries - New Query Filter identifies GCP projects which do not have Sink configured for all log entries. [ENG-32571]

  • Cloud Credentials For Disabled API - New Query Filter identifies cloud credentials scoped only to disabled APIs. [ENG-32564]

Bot Actions (24.1.30)

GCP

  • "Disable Service Role" - New Bot action to disable a GCP Service Role. A new permission "iam.serviceAccounts.disable" is required; this permission is accounted for in our list of Recommended APIs. [ENG-33574]

Bug Fixes (24.1.30)

  • Fixed an issue where the following Insights were returning false positives: Database Instance Flag 'log_error_verbosity' Not Default, Database Instance Flag 'log_min_error_statement' Not Set Appropriately, and Database Instance Flag 'log_min_messages' Not Set Appropriately. [ENG-34030]

  • Fixed a bug where deleted and re-created resources were treated as deleted and skipped by the parser. [ENG-33796]

  • Fixed an issue inserting AWS Shield events with live attack data in Threat Findings. [ENG-33525]

  • Fixed a bug where the “Cleanup Resource Policy” action incorrectly cleaned up resource policies on resources marked as public by related Insights (e.g., the Insight Serverless Function Exposed to the Public) and Query Filters. [ENG-32837]

  • Fixed the filter for MySQL database that checks if the database uses Active Directory Authentication. [ENG-31488]

  • Fixed the sorted order of the "Clouds by Bot" card on the Summary view. [ENG-31170]

  • Fixed navigation to Related Resources. [ENG-30607]

  • Resolved CWE-1321 vulnerability, which relate to Prototype Pollution affecting axios package. [ENG-34200]

Required Policies & Permissions

Policies required for individual CSPs are as follows:

Alibaba Cloud

AWS

Azure

GCP

Oracle Cloud Infrastructure

Host Vulnerability Management

For any questions or concerns, reach out to us through your CSM or the Customer Support Portal.