Release Notes

Release Summary

InsightCloudSec is pleased to announce release version 24.5.21. This release includes significant updates to Layered Context and public accessibility, several Insights and Query Filters, and a new attribute.

New

• Layered Context now prioritizes your riskiest resources by utilizing a new Risk Score that aggregates several types of risk factors into a number that's easy to understand. We have also introduced a new Risk tab, located on the Resource Details panel, that details all the risks impacting a resource in one view, transparently and efficiently diagnosing what is risky and why.
• Layered Context has undergone a significant overhaul to improve performance and the user experience. The Clouds and Application tabs are no longer available, but they have been replaced by the functionality to group results by either Cloud or Application. You must configure at least one Application in Application Context before you can group the data by applications.
• We have enhanced how we determine whether a resource is publicly accessible, increasing accuracy by improving our network path analysis. In the first iteration, support is provided for Compute Instances across AWS, Azure, and GCP. As a result you will likely see an overall reduction in Compute Instances identified as Publicly Accessible as we reduce false positives. In some cases, you may now be seeing Compute Instances identified as Publicly Accessible that were not previously, due to the increased accuracy and scope of our Network Analysis. Continue utilizing Layered Context and Risk Score to prioritize recommended remediation. Some Insights have been declassified as Public, meaning the results from them no longer determine whether a resource is publicly accessible. They have been replaced by the Compute Instance Open to the Public Insight. Compliance packs have also been updated to reflect these changes.
  • Declassified the following Insights from being used for determining Public Access and removes support for Alibaba Cloud and/or Oracle Cloud Infrastructure (OCI):
    • Compute Instance With Public IP Attached
    • Instance with a Public IP Exposing RDP
    • Instance with a Public IP Exposing SSH
    • Instance with Public IP Address and any Port Exposure to 0.0.0.0/0
    • Compute Instance With Open Management Interface (OMI) Ports Exposed
    • Instance Exposing Management Ports (Azure)
  • Lowered the severity of the following Insights:
    • Instance with a Public IP Exposing RDP (from Critical to High)
    • Instance with a Public IP Exposing SSH (from Critical to High)
    • Compute Instance With Open Management Interface (OMI) Ports Exposed (from Critical to High)
  • Created the following Insights and added them to Public Access classification:
    • Compute Instance With Public IP Attached (Alibaba Cloud, OCI)
    • Instance with a Public IP Exposing RDP (Alibaba Cloud)
    • Instance with a Public IP Exposing SSH (Alibaba Cloud)
    • Instance with Public IP Address and any Port Exposure to 0.0.0.0/0 (Alibaba Cloud)'
• Added the Public Accessibility Allow List feature to the System Settings. Review the documentation for more information.
• Added a new Insight, Non-Service account without MFA enabled for Google Cloud Platform (GCP), that is part of the GCP CIS 2.0 Compliance Pack.
• Added a new rules_engine attribute for Azure Front Door (Classic) resources that contains the names of both rules engine configurations and their individual rules
• Added a new Query Filter, Global Load Balancer Contains Rules Engine Name, to allow for filtering Azure Front Door (Classic) resources based on their rules engine configuration names

Improved

• Unused host assessment region override settings are now hidden from the user interface.
• Regional assessments for Cloud Vulnerability Management are now supported for AWS and Azure.
• Added source documents support for Azure Firewalls.
• Added the ability to store Network Policies and Encryption Policies attached to OpenSearch collection resources in a JSON format.
• Adds tags for all Insights mapped under controls for Requirement 3 of the PCI DSS v4.0 Compliance pack. Added the following tags:
  • PCI DSS v4.0
  • PCI DSS v4.0 - 3.3.2
  • PCI DSS v4.0 - 3.3.3
  • PCI DSS v4.0 - 3.5.1
  • PCI DSS v4.0 - 3.5.1.3
  • PCI DSS v4.0 - 3.6.1.2
  • PCI DSS v4.0 - 3.6.1.3
  • PCI DSS v4.0 - 3.6.1.4
  • PCI DSS v4.0 - 3.7.1
  • PCI DSS v4.0 - 3.7.3
  • PCI DSS v4.0 - 3.7.4
  • PCI DSS v4.0 - 3.7.5

Fixed

• Fixed an issue with the Create New Exemption form not clearing after successful creation.
• Fixed an issue between Web Application Firewall resource (GCP Cloud Armor) and the Backend Services resource where they were not being linked correctly. This caused the insight Load Balancer Without Cloud Armor Policy (GCP) to not work.
• Fixed an issue with bots created from the Lambda Runtime Scheduled for Deprecation Insight.
• Fixed an issue with the OCI harvester ServiceEncryptionKeyVaultHarvester that occurred when the source for the replica was removed.
• Fixed the direct link for Azure Virtual Machine Scale Sets.
• When opened from a resource details blade, the vulnerability details blade now correctly filters packages to only those present on the specific resource.