Release Summary
InsightCloudSec is pleased to announce release version 24.6.25. This release includes several Query Filter and Insight updates, new Kubernetes Insights, and additional Jira Bot Action support.
Details for self-hosted customers
- Release Availability - Thursday, June 27, 2024
- The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the
terraform get -update
command.
- The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the
- Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found at: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1):
latest
24.6.25
24.6.25.b4bc3afd0
- ECR Build ID -
b4bc3afd09cfc294eb64cf1804742a3dc77ad34c
New
- Added a new Insight and Query Filter,
Security Group with Rule allowing ingress from exploitable Service Tags
, that can be used to find Azure Resource Access Lists currently sing exploitable Service Tags. - Added a new Query Filter,
Resource With/Without Action
, to match AWS resources that have had an action within a defined time period. - Added support for custom container registries within the Container Vulnerability Assessment feature.
Improved
- Added EDH support for AWS DynamoDB
RestoreTableFromBackup
andRestoreTableToPointInTime
events. - Added 2 new input fields to the
Create Individual Jira Issue
Bot Action:- A date string field, which provides support for the Jira Due Date field.
- A JSON object field that can handle simple keys and string or string list values, which provides limited support for Jira custom fields.
- Removed the
Policy Option (Deprecated)
field from theStorage Container/Global Access Point Without Block Public Access Settings
Query Filter. - Updated the
Storage Container without Block Public Access Protection
Insight formatting. - Added the following tags for all Insights mapped under controls for Requirement 4 of the PCI DSS v4.0 Compliance pack.
- PCI DSS v4.0
- PCI DSS v4.0 - 6.3.1
- PCI DSS v4.0 - 6.3.6
- PCI DSS v4.0 - 6.4.2
- Created new Kubernetes Insights from existing Insights, but they have been renamed to include their impacted resource type (the change is listed in bold):
Avoid use of system:masters group
on Roles
Ensure that Service Account Tokens are only mounted where necessary
on ServiceAccounts
Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster
on Roles
Minimize access to create persistent volumes
on Roles
Minimize access to create pods
on Roles
Minimize access to secrets
on Roles
Minimize access to the approval sub-resource of certificatesigningrequests objects
on Roles
Minimize access to the proxy sub-resource of nodes
on Roles
Minimize access to the service account token creation
on Roles
Minimize access to webhook configuration objects
on Roles
Fixed
Fixed an issue with the
Identity Resource Does Not Have Policy
Query Filter when analyzing infrastructure-as-code (IaC) resources.Updated the
database_type
property for Azure Databases resources usingelasticpool
to useelasticdatabase
instead to more accurately reflect the harvested resource in InsightCloudSec.Fixed a rare issue that was preventing moving a cloud account from one InsightCloudSec Organization to a different InsightCloudSec Organization.
Fixed an issue where an AWS account could be added to 2 different AWS Organizations in InsightCloudSec when using the AWS Organization's Account Discovery feature.
- If both AWS Organizations have been configured in InsightCloudSec, the change in AWS Organization is detected automatically and the account is moved to the proper AWS Organization.
Duplicate accounts?
If you have encountered duplicate accounts and would like them to be removed, you can delete the duplicate account from the Cloud Settings page or contact support. If you choose to manually delete the duplicate account, you also need to remove the account ID from the Member Accounts to Skip field on the Organization Config form. Review the documentation for more information on modifying Organizations.
The following Insights are now correctly marked as deprecated in the Kubernetes CIS Compliance Pack:
Ensure that the --protect-kernel-defaults argument is set to true
Ensure that the admission control plugin PodSecurityPolicy is set
Ensure that the --insecure-bind-address argument is not set
Ensure that the --insecure-port argument is set to 0
Ensure that the --basic-auth-file argument is not set
Ensure that the --secure-port argument is not set to 0
Ensure that the --kubelet-https argument is set to true