Release Summary
InsightCloudSec is pleased to announce Release 24.4.2. This release includes enablement of Container Vulnerability Assessment (CVA) for containers running in GCP Kubernetes clusters and container images hosted in GCR repositories. We have also increased IAM Permission coverage, improved the user experience, and fixed a handful of bugs.
Details for self-hosted customers
- Release Availability - Thursday, Apr 4, 2024
- The latest Terraform template (static files and modules) can be found here. Modules can be updated with the
terraform get -update
command. - Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
latest
24.4.2
24.4.2.4c312089a
- ECR Build ID -
4c312089af7957d64d4fd4644f6a2fb137392143
New Permissions: AWS
For AWS Commercial Standard (Read-Only) Users:
"bedrock:GetModelInvocationLoggingConfiguration"
"elasticmapreduce:GetBlockPublicAccessConfiguration"
"route53:ListQueryLoggingConfigs"
These permissions are required for harvesting AWS commercial cloud accounts. The following CloudFormation Templates have been updated to reflect the new permissions:
New
We have enabled Container Vulnerability Assessment (CVA) for containers running in GCP Kubernetes clusters and container images hosted in GCR repositories.
- All SaaS customers have this capability enabled by default.
- Additional information can be found in the CVA configuration documentation.
Added Source Documentation support for:
- GCP Domain Groups
- GCP Domain Users
Improved
We have increased IAM Permission Coverage.
When entitlements are changed for a Basic User, the user will be notified that they need to logout and login to see the changes reflected.
On the Security > Threat Findings page, the Last Detected time will now be shown as a timestamp in the format "YYYY-MM-DD HH:mm:SS".
Fixed
Fixed an issue where the GCP DomainUserHarvester was failing.
Fixed a bug where container resources listed on the Vulnerabilities page might never be deleted even if the corresponding container is.
Fixed an issue with Bots using Query Filter
MapReduce Cluster Without Properly Configured Security Config
; updated the Query Filter to account for cases where we have harvested an EMR Cluster but not its Security Configuration.Fixed a bug where the Compliance Scorecard would include resources from other organizations when scoping to those applications.
Fixed a bug involving Lifecycle policy screen helper text; added JSON format support for AWS's Storage Container "Update Lifecycle Configuration" on-demand action.
Fixed a bug where tags were not imported for GCP Projects that were part of an Organization.
Added error handling for the
AWS:SharedFileSystemHarvester
for calls to retrieve FSx data failing due to missing permissions.Resolved an issue where Read Only Admins were unable to view Organizations In the Organizations List (Cloud > Cloud Accounts > Organizations).