Skip to Content
Release NotesInsightcloudsecIndex

May 07, 2024

This release includes a new Alibaba Cloud resource, a new AWS Query Filter, and several bug fixes.

Release Summary

InsightCloudSec is pleased to announce release version 24.5.7. This release includes a new Alibaba Cloud resource, a new AWS Query Filter, and several bug fixes.

Details for self-hosted customers

  • Release Availability - Thursday, May 9, 2024
    • The latest Terraform template (static files and modules) can be found here. Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
    • latest
    • v24.5.7
    • v24.5.7.069f61804
  • ECR Build ID - 069f6180485974842aac048bbe0ba3dcc86fff78
⚠️

New Permissions: Alibaba Cloud

These permissions support the new Alibaba Cloud Load Balancer (SLB/ALB/NLB/CLB) resource.

For Alibaba Cloud Read-Only Users:

  • \"alb:GetLoadBalancerAttribute\"
  • \"alb:ListListeners\"
  • \"alb:ListLoadBalancers\"
  • \"alb:ListRules\"
  • \"alb:ListSecurityPolicies\"
  • \"alb:ListServerGroupServers\"
  • \"alb:ListServerGroups\"
  • \"nlb:ListListeners\"
  • \"nlb:ListLoadBalancers\"
  • \"nlb:ListSecurityPolicy\"
  • \"nlb:ListServerGroupServers\"
  • \"nlb:ListServerGroups\"
  • \"slb:DescribeAccessLogsDownloadAttribute\"
  • \"slb:DescribeLoadBalancerListeners\"
  • \"slb:DescribeLoadBalancers\"
  • \"slb:DescribeMasterSlaveServerGroupAttribute\"
  • \"slb:DescribeMasterSlaveServerGroups\"
  • \"slb:DescribeRules\"
  • \"slb:DescribeVServerGroupAttribute\"
  • \"slb:DescribeVServerGroups\"
  • \"slb:ListTLSCipherPolicies\"

These permissions have been added to the Alibaba Cloud Read Only Policy for InsightCloudSec.

New

  • Added Web Application Firewall Rule With/Without Geo Restriction Query Filter for AWS. This Query Filter extends the AWS Web Application Firewall (WAF) harvesting capabilities to capture GeoMatch conditions for WAF Classic (global and regional).
  • Added a new Alibaba Cloud Load Balancer (SLB/ALB/NLB/CLB) resource.

Improved

  • Updated Load Balancer Query Filter logic to accommodate the new Alibaba Cloud Load Balancer (SLB/ALB/NLB/CLB) resource.
  • Added the following tags for all Insights mapped under controls for Requirement 1 of the PCI DSS v4.0 Compliance pack:
    • PCI DSS v4.0
    • PCI DSS v4.0 - 1.2.1
    • PCI DSS v4.0 - 1.2.2
    • PCI DSS v4.0 - 1.2.6
    • PCI DSS v4.0 - 1.3.1
    • PCI DSS v4.0 - 1.3.2
    • PCI DSS v4.0 - 1.3.3
    • PCI DSS v4.0 - 1.4.3
    • PCI DSS v4.0 - 1.4.4
    • PCI DSS v4.0 - 1.5.1
  • Added more detailed CVSS information to the Vulnerability APIs.

Fixed

  • Updated supported regions for Alibaba Cloud harvesters.
  • The Database Instance is no longer a supported resource for the Resource Lifecycle State Exceeds Threshold Query Filter.
  • Added mandatory transit encryption and minimum TLS version requirements for Neptune instances version 1.0.4.0 and greater.
  • Fixed a bug where exemptions could be created incorrectly, causing the Compliance Scorecard to report inconsistent data.
  • Fixed an issue where the ServiceAccessKey harvester could miss harvesting keys for a number of Service Users.
  • The waf_enabled field for AWS Load Balancer resources is now correctly displayed in the UI.