InsightCloudSec Release Notes / Jun 25, 2024

Jun 25, 202424.6.25

Release Summary

InsightCloudSec is pleased to announce release version 24.6.25. This release includes several Query Filter and Insight updates, new Kubernetes Insights, and additional Jira Bot Action support.

Details for self-hosted customers
  • Release Availability - Thursday, June 27, 2024
    • The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found at: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1):
    • latest
    • 24.6.25
    • 24.6.25.b4bc3afd0
  • ECR Build ID - b4bc3afd09cfc294eb64cf1804742a3dc77ad34c

New

  • Added a new Insight and Query Filter, Security Group with Rule allowing ingress from exploitable Service Tags, that can be used to find Azure Resource Access Lists currently sing exploitable Service Tags.
  • Added a new Query Filter, Resource With/Without Action, to match AWS resources that have had an action within a defined time period.
  • Added support for custom container registries within the Container Vulnerability Assessment feature.

Improved

  • Added EDH support for AWS DynamoDB RestoreTableFromBackup and RestoreTableToPointInTime events.
  • Added 2 new input fields to the Create Individual Jira Issue Bot Action:
    • A date string field, which provides support for the Jira Due Date field.
    • A JSON object field that can handle simple keys and string or string list values, which provides limited support for Jira custom fields.
  • Removed the Policy Option (Deprecated) field from the Storage Container/Global Access Point Without Block Public Access Settings Query Filter.
  • Updated the Storage Container without Block Public Access Protection Insight formatting.
  • Added the following tags for all Insights mapped under controls for Requirement 4 of the PCI DSS v4.0 Compliance pack.
    • PCI DSS v4.0
    • PCI DSS v4.0 - 6.3.1
    • PCI DSS v4.0 - 6.3.6
    • PCI DSS v4.0 - 6.4.2
  • Created new Kubernetes Insights from existing Insights, but they have been renamed to include their impacted resource type (the change is listed in bold):
    • Avoid use of system:masters group on Roles
    • Ensure that Service Account Tokens are only mounted where necessary on ServiceAccounts
    • Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster on Roles
    • Minimize access to create persistent volumes on Roles
    • Minimize access to create pods on Roles
    • Minimize access to secrets on Roles
    • Minimize access to the approval sub-resource of certificatesigningrequests objects on Roles
    • Minimize access to the proxy sub-resource of nodes on Roles
    • Minimize access to the service account token creation on Roles
    • Minimize access to webhook configuration objects on Roles

Fixed

  • Fixed an issue with the Identity Resource Does Not Have Policy Query Filter when analyzing infrastructure-as-code (IaC) resources.

  • Updated the database_type property for Azure Databases resources using elasticpool to use elasticdatabase instead to more accurately reflect the harvested resource in InsightCloudSec.

  • Fixed a rare issue that was preventing moving a cloud account from one InsightCloudSec Organization to a different InsightCloudSec Organization.

  • Fixed an issue where an AWS account could be added to 2 different AWS Organizations in InsightCloudSec when using the AWS Organization's Account Discovery feature.

    • If both AWS Organizations have been configured in InsightCloudSec, the change in AWS Organization is detected automatically and the account is moved to the proper AWS Organization.

    Duplicate accounts?

    If you have encountered duplicate accounts and would like them to be removed, you can delete the duplicate account from the Cloud Settings page or contact support. If you choose to manually delete the duplicate account, you also need to remove the account ID from the Member Accounts to Skip field on the Organization Config form. Review the documentation for more information on modifying Organizations.

  • The following Insights are now correctly marked as deprecated in the Kubernetes CIS Compliance Pack:

    • Ensure that the --protect-kernel-defaults argument is set to true
    • Ensure that the admission control plugin PodSecurityPolicy is set
    • Ensure that the --insecure-bind-address argument is not set
    • Ensure that the --insecure-port argument is set to 0
    • Ensure that the --basic-auth-file argument is not set
    • Ensure that the --secure-port argument is not set to 0
    • Ensure that the --kubelet-https argument is set to true