InsightCloudSec Release Notes / Aug 20, 2024

Aug 20, 202424.8.20

Release Summary

InsightCloudSec is pleased to announce release version 24.8.20. This release includes 2 new AWS resources, expanding CIS Azure 2.1 compliance support, and improved AWS Subnet harvesting.

Details for self-hosted customers
  • Release Availability - Thursday, August 22, 2024
    • The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) Image Tags - The Amazon Web Services (AWS) Elastic Container Repository (ECR) build images for this version of InsightCloudSec can be obtained using these tags:
  • ECR Build ID - 126dd7ae9672a13c97071ca9b40307183737e69e

New Permissions: Amazon Web Services (AWS)

These permissions support the new AWS Security Hub resource.

For AWS Read-Only Users:

  • "securityhub:DescribeHub"

These permissions have been added to the AWS Read Only Policy 2 for InsightCloudSec.

New

  • Added 2 new AWS resources: Security Hub and Web Application Firewall IP Set.
  • Added a new Insight Cloud User without Multi-Factor Authentication Enabled for all Non-Privileged Users for recommendation 1.1.3 of the CIS Azure 2.1 compliance pack.
  • Added 2 new Insights: Volume Encrypted using Cloud Managed Key (Attached) for recommendation 7.3 and Volume Encrypted using Cloud Managed Key (Detached) for recommendation 7.4 of the CIS Azure 2.1 compliance pack. Updated the mapping for both of the new Insights to CIS Azure 2.0 and 2.1.
  • Added a new query filter Volume Attach State to filter volumes based on the value of the attach_state property.

Improved

  • Updated existing Insight Cloud User with Privileged Access and without Multi-Factor Authentication to comply with CIS recommendations.
  • Updated the following Insights to meet CIS formatting requirements and to use a different Query Filter (Database Instance Server Type):
    • Database Instance Not Configured to Log Connections (PostgreSQL)
    • Database Instance Not Configured to Log Disconnections (PostgreSQL)
    • Database Instance Not Configured to Throttle Connections (PostgreSQL)
    • Database Instance Log Retention Below Threshold (PostgreSQL)
  • Implemented a timeout on the View Account Details > Harvest Info page to prevent accidental harvests.
  • Updated the AWS Subnet Harvester to store relationships between network firewalls and the subnets they protect and then display them in the Related Resources view. This is determined by the address range of traffic routed to the network firewall endpoints, which is specified in the internet gateway route table.
  • Implemented a new HostAssessmentReportHandler job to assist with processing host assessments. Previously, most host assessment processing occurred with the HostAssessmentLifecycleChecker job.
  • Renamed Query Filter Cloud Policy With Owner Access To Subscription (Azure) to Cloud Policy With Owner Access (Azure). Also, updated to add the option to filter by assignable scope (resource group, subscription, management group).
  • Updated Insight description for Cloud Policy With Owner Access To Subscription and usage to filter only for policies assignable to subscriptions or management groups.
  • Added the following tags for all Insights mapped under controls for Requirement 2 of the PCI DSS v4.0 Compliance pack:
    • PCI DSS v4.0 - 2.2.2
    • PCI DSS v4.0 - 2.2.4
    • PCI DSS v4.0 - 2.2.6
    • PCI DSS v4.0 - 2.2.7

Fixed

  • Resolved issues causing the Instance Interface Harvester improperly report relationships between Instances, Subnets, and Security Groups.
  • Resolved an issue with detecting network information attached to Scale Set Instances.
  • Resolved an issue that caused Scale Set Instances to duplicate on harvest.
  • Resolved a casing issue when associating Azure Subnets to Azure Virtual Machines.
  • Resolved a key error with the Azure Distributed Table Harvester.