InsightCloudSec Release Notes / Feb 20, 2024

Feb 20, 2024

24.2.20 Release Notes

InsightCloudSec Software Release Notice - 24.2.20 Release

Release Highlights (24.2.20)

InsightCloudSec is pleased to announce Release 24.2.20, which offers user experience improvements to the Attack Paths feature, expanded Azure Source Document support, and performance improvements. Additionally, this release includes one new Insight, six updated Query Filters, three new Query Filters, and four bug fixes.

Self-Hosted Deployment Updates (24.2.20)

Release availability for self-hosted customers is Thursday, February 22, 2024. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):

  1. latest
  2. 24.2.20
  3. 24.2.20.8f6c018bf

ECR Build ID: 8f6c018bfb3e30a05963fef300e60d07d8e6a692

For Self-Hosted Customers Using Custom Plugins

We've recently made changes to low level plugin data encryption APIs. These changes remove the need for understanding storage structure of the encrypted data. Most plugins do not use these low level primitives. Only customers that are manually managing credentials or other secrets for a custom integration will be impacted. The following changed jobs may impact customers directly using these classes in their plugins:

EncryptDataJob:

  • Previously: Output (on run) returned encrypted_data (without the secret ID and colon)

  • With Change: Output of run returns concatenated secret ID and encrypted value

  • Example Changed Output: "%d:%s" % (secret_id, encrypted_data)

DecryptDataJob:

  • Previously: Took secret ID and encrypted data (as separate input parameters)

  • With Change: Job parameters now expect concatenated secret ID and encrypted value [ENG-35216]

Features & Enhancements (24.2.20)

  • Added a new field, scp_blocked, in the Service Region resource. Added two new Query Filters, Cloud Region With Zero Resources and Cloud Region Blocked by SCP, to use the added field. [ENG-31414]

  • The Attack Paths table can now be sorted first by Severity and then by Count. [ENG-34561]

  • Improved Host Vulnerability Assessment report processing performance. [ENG-35286]

Resources (24.2.20)

AWS

  • Added relation between AWS Glue Crawler and AWS Glue Database, which is visible in the resources detailed view on the Related Resources tab. [ENG-34997]

  • Enabled EDH feature for AWS Glue Crawler resource. [ENG-34601]

AZURE

  • Added Azure Source Document support for Access List Flow Log resources. [ENG–34268]

  • Extended Azure source retrieval to cover Databricks Workspace Harvester. [ENG-19115]

  • Added Web App type configuration to the Web App Has No Network Access Restrictions (Azure) Query Filter as well as the Network Access Restrictions field in the Web App resource details blade. [ENG-34762]

Insights (24.2.20)

AWS

  • Bedrock Job Without Logging Configured - New Insight identifies Bedrock Jobs without logging configured. [ENG-33599]

Query Filters (24.2.20)

AWS

  • Bedrock Job Without Logging Configured - New Query Filter identifies Bedrock Jobs Without Logging Configured. [ENG-33599]

GCP

  • Added GCP to supported Clouds for the QueryFilters:

    • Storage Container Minimal TLS Version
    • Resource Does Not Support TLS 1.2 Minimum

    [ENG-30514]

MULTI-CLOUD/GENERAL

  • Cloud Region With Zero Resources - New Query Filter identifies cloud regions with zero resources. [ENG-3141]

  • Cloud Region Blocked by SCP - New Query Filter identifies cloud regions blocked by service control policy. [ENG-31414]

  • Resource Not Associated With Active Insight Exemptions - Expanded Query Filter with "Resource Is Associated With Active Insight Exemptions" option. [ENG-35062]

  • Updated descriptions of two Query Filters to note that they now omit address from the Unique Local Address range. The updated descriptions read as follows:

    • Access List Contains Public IPs - Matches Access Lists which have at least one address that is neither RFC 1918, nor belongs to the Unique Local Address range.

    • Access List Contains Public Addresses Outside Of Known IPs - Matches Access Lists/rules which have at least one address that is neither RFC 1918, nor belongs to the Unique Local Address range, and that is not associated with known NAT Gateway, Instance or Elastic IP resources. [ENG-35242]

Bug Fixes (24.2.20)

  • Fixed the assignment of the minimal TLS version for S3. [ENG-34714]

  • Fixed an issue with RBAC: Compliance Scorecard Nav item will not be visible to users with Compliance scorecard Disabled entitlement. [ENG-33705]

  • Fixed improper handling of incorrect Azure responses for Automatic Account Public Access parameter. [ENG-32751]

  • ConnectTimeout exception catching added. [ENG-31113]

Required Policies & Permissions (24.2.20)

Required Policies & Permissions

Policies required for individual CSPs are as follows:

Alibaba Cloud

AWS

Azure

GCP

Oracle Cloud Infrastructure

Host Vulnerability Management

For any questions or concerns, reach out to us through your CSM or the Customer Support Portal.