24.2.27 Release Notes
InsightCloudSec Software Release Notice - 24.2.27 Release
Release Highlights (24.2.27)
InsightCloudSec is pleased to announce Release 24.2.27. This release includes the overhauled Container Vulnerability Assessments feature and user experience improvements to Host Vulnerability Assessments, Attack Paths, and Query Filters that support Data Collections. In addition, 24.2.27 includes one new Insight, six updated Query Filters, two new Query Filters, and three bug fixes.
- Contact us through the unified Customer Support Portal with any questions.
Self-Hosted Deployment Updates (24.2.27)
Release availability for self-hosted customers is Thursday, February 29, 2024. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal. Our latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update
command. The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
latest
24.2.27
24.2.27.4757ddd65
ECR Build ID: 4757ddd65a7717dc8461d1f272281ee0094401bb
Features & Enhancements (24.2.27)
Released the overhauled Container Vulnerability Assessments feature, which includes performance optimizations, risk prioritization capabilities, enhanced visibility, simplified remediation, and an improved filtering and sorting experience. The Vulnerabilities page is now a unified dashboard containing both host and container vulnerability assessments, which will enable you to quickly and efficiently prioritize and respond to CVEs found in your cloud environments. For details on support and configuration, review the documentation. [ENG-35099]
Host Vulnerability Assessments that have been in progress two or more days will now automatically fail. [ENG-35390]
Added the ability to filter by resource type and account badge on the Attack Paths page. [ENG-35018, ENG-34311]
When configuring a Query Filter on the Resource page, there is now an option to view the contents of the selected Data Collection in a new tab. [ENG-32914]
Resources (24.2.27)
AWS
InsightCloudSec now harvests CORS details from AWS S3 buckets. Added new Query Filter
Storage Container With/Without CORS
to identify Storage Containers that have CORS configurations. [ENG-33013]Added the following relations to the Related Resources feature under the resources detailed view:
AWS Glue Crawler and AWS Glue Connection [ENG-34842]
AWS Glue Job and AWS Glue Security Config [ENG-33246]
AWS Glue Crawler and AWS Glue Security Configuration [ENG-33245]
AWS Glue Connection and VPC Subnet [ENG-34841]
Enabled Event-Driven Harvesting (EDH) for AWS Glue Job resource. [ENG-34603]
Insights (24.2.27)
MULTI-CLOUD/GENERAL
Vertex Custom Job Encrypted Using Cloud Managed Key Instead Of Customer Managed Key
- New Insight identifies Vertex jobs that are configured to use cloud managed keys for encryption. [ENG-35209]
Query Filters (24.2.27)
AWS
Resource Specific Policy Conditions by PrincipalOrgID (AWS)
- New Query Filter identifies any Resource that has avalue within the conditions section of its policy. Alternatively you can return every resource with a
value excluding the one stated. [ENG-35213]Storage Container With/Without CORS
- New Query Filter identifies Storage Containers that have CORS configurations. [ENG-33013]
MULTI-CLOUD/GENERAL
- Added Vertex Job support to the following Query Filters:
Resource Encrypted With Key
Resource Encrypted With Cloud Managed Key
Resource Encrypted With Customer Managed Key
Resource Not Encrypted Or Encrypted With Cloud Managed Key
Resource Using Encryption Key Without Rotation Enabled
Resource Encryption Key Name Regular Expression (Regex)
[ENG-35209]
Bug Fixes (24.2.27)
Corrected the displayed CVSS vector in the Vulnerabilities table. [ENG- 35472]
Fixed a bug where applying Query Filter
Resources containing Package Version contains "amd64"
returns duplicate entries in Layered Context. [ENG-35130]Fixed an issue involving display of legacy clouds and removed unsupported clouds from System Admin/Harvesting Strategy. [ENG-35053]
Required Policies & Permissions (24.2.27)
Required Policies & Permissions
Policies required for individual CSPs are as follows:
Alibaba Cloud
AWS
- Commercial
- Read Only Policy
- Power User Policy
- GovCloud
- Read Only Policy
- Power User Policy
- China
Azure
- Commercial
- GovCloud
GCP
- For GCP, since permissions are tied to APIs, there is no policy file to maintain. Refer to our list of Recommended APIs, which is maintained as part of our GCP coverage.
Oracle Cloud Infrastructure
Host Vulnerability Management
For any questions or concerns, reach out to us through your CSM or the Customer Support Portal.