Release Summary

InsightCloudSec is pleased to announce Release 24.4.30. This release includes an updated Attack Paths feature for export to PDF, JPG, PNG, and SVG capabilities, and an improved multiple attack path user experience.

New

• Updated the Attack Paths feature for export to PDF, JPG, PNG, and SVG capabilities and an improved multiple attack path user experience. Now when navigating through grouped attack paths, you can point to a particular attack path instance and its path will be highlighted in the graph.

• Added a new field for the Storage Account resource type: default_to_oauth_authentication.

• Storage Account Default to OAuth Authentication Status - New Query Filter matches storage accounts based on whether they default to OAuth authentication. For Azure, this equates to defaulting to Microsoft Entra authorization in the Azure Portal.

Improved

• Instance with Resource Agent Operating System Platform - Query Filter renamed from Instance Operating System Platform to clarify that a Resource Agent is required for an Instance to be returned by this Query Filter. Updated the description of this Query Filter for the same reason.

• Added a new field to cloud_properties for Azure Organization Services. The new field, securityCenterOfferingsSubPlans, holds the sub-plans for Microsoft Defender Plans. Updated the Query Filter Cloud Account Microsoft Defender For Cloud Status to account for the recent deprecation of Defender for DNS. Updated the format, overview, and remediation steps of the Insight DNS Zone With Microsoft Defender for Cloud Disabled to reflect the deprecation of Defender for DNS.

• Added EDH support for AWS Kinesis resource.

• Added the ability to filter by badges in the Identity Dashboard.

• Enabled source documents harvesting for Azure Web Application Firewall Policies.

• Expanded our coverage for the AWS Foundational Security Best Practices and the NIST 800-53 (Rev 5) compliance packs with the Task Definition Resource Has Host Process Namespace Insight.

• Renamed background job CloudAccountProcessor to GCPOrganizationOnboardingKickoff.

• Updated the AWS RouteTableHarvester to collect edge associations for route tables (such as Internet Gateway).

• Improved performance of Advanced Filter dropdown for Resource Tag options by removing user role permission scope. Tags associated with resources from other ICS organizations are still filtered out in the results.

• We have updated 2 background jobs to import GCP Tags in addition to the existing import of GCP Labels as ICS Cloud Account badges and also as Cloud Account resource tags, respectively.

  • The CloudMetadataHarvester job does this for Cloud Accounts not associated with an ICS Organization and the GCP tags are an entirely new addition there, both as badges and as resource tags.

  • The GCPOrganizationOnboardingKickoff job does this for Cloud accounts that are associated with an ICS Organization and the import of the GCP Tags is pre-existing but defective as badges and entirely new as resource tags.

  • The GCP Tags will be prefixed with the GCP Organization ID if they are defined at the GCP Organization level or prefixed with the GCP Project ID if they are defined on the project level as returned from the GCP API.

• Cloud Details > API (GCP Only) view has been converted to React with an updated UI.

Fixed

• Fixed issue with false positives from Query Filter Load Balancer Associated To Backend Service With Logging Disabled.

• Fixed an edge case where serverless function actions from Bot Factory were ignored when multiple actions of the same type were present.

• Fixed scenario in CloudVM where assessments would fail if the KMS key used to encrypt a snapshot was from a different AWS account than the snapshot.

• Fixed logic for HTTPS flag in Insight Web App With HTTPS Configuration State.

• Fixed edge case where License Harvester failed to report health data.