InsightCloudSec Release Notes / Jul 02, 2024

Jul 02, 202424.7.2

Limited release for 24.7.9

As this week includes a U.S. federal holiday, we will not be providing a formal release with release notes on July 9th, 2024. SaaS or self-hosted customers may have minor bug fixes and we may provide a limited release, but our next full release for both SaaS and self-hosted customers will be on July 16th, 2024. Reach out to your CSM or InsightCloudSec support with questions or concerns.

Release Summary

InsightCloudSec is pleased to announce release version 24.7.2. This release includes new Insights for an Azure vulnerability, improved Host Assessment error reporting, and a Vulnerabilities entitlement simplification.

Details for self-hosted customers
  • Release Availability - Wednesday, July 3, 2024
    • The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using the following tags (all versions can be found at: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1):
    • latest
    • 24.7.2
    • 24.7.2.6945ede72
  • ECR Build ID - 6945ede72f116f7d616ee439684ace1ba27df113

New

  • Added a new namespace_id property for Big Data Workspace resources.
  • Added two new Insights to aid in finding a vulnerability in Azure that allows an attacker to bypass firewall rules based on Azure Service Tags by forging requests from trusted services:
    • Security Group with Rule allowing ingress from exploitable Service Tags
    • Resource associated with Security Group with Rule allowing ingress from exploitable Service Tags

Improved

  • Improved Host Assessment error reporting when an assessment fails because of AWS Key Management Service (KMS) grant permissions.
  • Updated the Instance Allows Use Of Vulnerable IMDSv1 Protocol Query Filter to check for a state to conform with CIS AWS 3.0 compliance.
  • Added the following tags for all Insights mapped under controls for Requirement 8 of the PCI DSS v4.0 Compliance pack:
    • PCI DSS v4.0
    • PCI DSS v4.0 - 8.2.4
    • PCI DSS v4.0 - 8.2.6
    • PCI DSS v4.0 - 8.2.7
    • PCI DSS v4.0 - 8.3.2
    • PCI DSS v4.0 - 8.3.3
    • PCI DSS v4.0 - 8.3.4
    • PCI DSS v4.0 - 8.3.6
    • PCI DSS v4.0 - 8.3.7
    • PCI DSS v4.0 - 8.3.9
    • PCI DSS v4.0 - 8.3.10.1
    • PCI DSS v4.0 - 8.4.1
    • PCI DSS v4.0 - 8.4.2
    • PCI DSS v4.0 - 8.4.3
    • PCI DSS v4.0 - 8.6.2
    • PCI DSS v4.0 - 8.6.3
  • Updated the definition of the Database Instance With Internet Routable IP Address Insight to match the formatting style of other similar Insights.
  • Improved the reliability of the Resource With Clear Text Secret Insight, reducing the chance for false positives.
  • Consolidated the container and host vulnerability assessment entitlements into a single entitlement called Vulnerabilities.

Fixed

  • Fixed an issue where the harvester for Storage Account resources failed when trying to gather Azure Government and China DefenderForStorage information.
  • Fixed an issue with the harvester for Google Instance Interface IPs. The harvester didn't recognize some of the attached service accounts as being default GCP service accounts.
  • Fixed an issue with the Access List Exposes Non Web Ports Query Filter. The Filter was returning security groups even when their ports were added to the ignore list.