InsightCloudSec Release Notes / Jun 11, 2024

Jun 11, 202424.6.11

Release Summary

InsightCloudSec is pleased to announce release version 24.6.11. This release includes 2 new resources, numerous Query Filter and Insight updates and additions, and an improved user experience for the Scheduled Events, Cloud Detail Overview, and Basic User Groups pages.

Details for self-hosted customers
  • Release Availability - Thursday, June 13, 2024
    • The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found here):
    • latest
    • 24.6.11
    • 24.6.11.a048540eb
  • ECR Build ID - a048540eb20f6cc3099e6b2c6ddaf81051cb1bdf

New Permissions: Alibaba Cloud

These permissions support the new Alibaba Cloud Simple Log Service resource.

For Alibaba Cloud Read-Only Users:

  • "log:GetLogStore"
  • "log:ListLogStores"
  • "log:ListProject"

These permissions have been added to the Alibaba Cloud Read Only Policy for InsightCloudSec.

New Permissions: AWS

These permissions support the new AWS Bedrock Model resource.

For AWS Commercial Read-Only Users:

  • "bedrock:ListFoundationModels"
  • "bedrock:ListCustomModels"
  • "bedrock:GetCustomModel"

These permissions have been added to the AWS Commercial Read Only Policy - Part 1 for InsightCloudSec.

New

  • Added a new IAM Principal with Unrestricted Access to AWSCloudShellFullAccess Managed Policy Query Filter and Insight to support Recommendation 1.22 in the CIS AWS 2.0 Compliance Pack.
  • Added a new subnet relationship to Machine Learning Model resources.
  • Added a new Machine Learning Instance Within Given VPC Query Filter.
  • Added 2 new resources:
    • Alibaba Cloud Simple Log Service
    • AWS Bedrock Model
  • Added new Bedrock Custom Model using Cloud Managed Key Instead of Customer Managed Key Insight to support the new AWS Bedrock Model resource.
  • Added new Query Filters for Bedrock Job's Base Model, Bedrock Model Type, and Bedrock Custom Model's Base Model to support the new AWS Bedrock Model resource.

Improved

  • Host assessments may now be manually started even when a periodic assessment is already scheduled.
  • Updated the Ignore Refused Recipients Bot action name to Keep Going After Refused Recipients. The behavior of this action has also changed to continue sending emails even after receiving SMTP refusals (typically due to invalid emails) and raising an error at the end of the action.
  • Added the following tags for all Insights mapped under controls for Requirement 5 of the PCI DSS v4.0 Compliance Pack:
    • PCI DSS v4.0
    • PCI DSS v4.0 - 5.2.1
    • PCI DSS v4.0 - 5.3.2
  • Updated the scope of the Resource Is In Subnet Query Filter to include Machine Learning Instance resources.
  • Modernized and improved the user experience of the following features: Scheduled Events, Cloud Detail Overview, and Basic User Groups.
  • Added source document and Event-Driven Harvesting support for Azure Kubernetes Service (Container Cluster) resources.

Fixed

  • Fixed an error that was preventing AWS Fargate attached volumes from being harvested.
  • Fixed an error causing a display issue for Insight and Exemptions count graphs on the Summary dashboard.
  • Fixed an issue that prevented some users and roles from triggering Bots without modification.