InsightCloudSec Release Notes / Apr 02, 2024

Apr 02, 202424.4.2

Release Summary

InsightCloudSec is pleased to announce Release 24.4.2. This release includes enablement of Container Vulnerability Assessment (CVA) for containers running in GCP Kubernetes clusters and container images hosted in GCR repositories. We have also increased IAM Permission coverage, improved the user experience, and fixed a handful of bugs.

Details for self-hosted customers
  • Release Availability - Thursday, Apr 4, 2024
  • The latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
  • latest
  • 24.4.2
  • 24.4.2.4c312089a
  • ECR Build ID - 4c312089af7957d64d4fd4644f6a2fb137392143

New Permissions: AWS

For AWS Commercial Standard (Read-Only) Users:

  • "bedrock:GetModelInvocationLoggingConfiguration"
  • "elasticmapreduce:GetBlockPublicAccessConfiguration"
  • "route53:ListQueryLoggingConfigs"

These permissions are required for harvesting AWS commercial cloud accounts. The following CloudFormation Templates have been updated to reflect the new permissions:

New

  • We have enabled Container Vulnerability Assessment (CVA) for containers running in GCP Kubernetes clusters and container images hosted in GCR repositories.

  • Added Source Documentation support for:

    • GCP Domain Groups
    • GCP Domain Users

Improved

  • We have increased IAM Permission Coverage.

  • When entitlements are changed for a Basic User, the user will be notified that they need to logout and login to see the changes reflected.

  • On the Security > Threat Findings page, the Last Detected time will now be shown as a timestamp in the format "YYYY-MM-DD HH:mm:SS".

Fixed

  • Fixed an issue where the GCP DomainUserHarvester was failing.

  • Fixed a bug where container resources listed on the Vulnerabilities page might never be deleted even if the corresponding container is.

  • Fixed an issue with Bots using Query Filter MapReduce Cluster Without Properly Configured Security Config; updated the Query Filter to account for cases where we have harvested an EMR Cluster but not its Security Configuration.

  • Fixed a bug where the Compliance Scorecard would include resources from other organizations when scoping to those applications.

  • Fixed a bug involving Lifecycle policy screen helper text; added JSON format support for AWS's Storage Container "Update Lifecycle Configuration" on-demand action.

  • Fixed a bug where tags were not imported for GCP Projects that were part of an Organization.

  • Added error handling for the AWS:SharedFileSystemHarvester for calls to retrieve FSx data failing due to missing permissions.

  • Resolved an issue where Read Only Admins were unable to view Organizations In the Organizations List (Cloud > Cloud Accounts > Organizations).