InsightCloudSec Release Notes / Sep 10, 2024

Sep 10, 202424.9.10

Release Summary

InsightCloudSec is pleased to announce release version 24.9.10. This release includes an improved interface for API keys, enhanced Azure Web Apps support, and expanded Infrastructure as Code and Source Documents support.

Insights interface updates

In the next release (24.9.17), the new interface for the Insights page will be turned on by default and the Switch to Legacy UI button will be removed.

Future base image upgrade

In late September, InsightCloudSec will be upgrading the base image for the instances hosting the application from Ubuntu 20.04 to Amazon Linux 2023. At a later date, we will provide a more concrete timeline.

Details for self-hosted customers

Redis 7.1 required

Beginning with release 24.9.3, InsightCloudSec requires Redis 7.1. Ensure Redis has been upgraded prior to upgrading InsightCloudSec to version 24.9.3 or later. Visit Upgrading InsightCloudSec - AWS Terraform for details.

  • Release Availability - Thursday, September 12, 2024

    • The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the terraform get -update command.

  • Amazon Elastic Container Repository (ECR) image tags - You can obtain the AWS ECR build images for this version of InsightCloudSec by using these tags:

    • latest
    • 24.9.10
    • 24.9.10.b557c4975

    You can find all available versions in the InsightCloudSec ECR Gallery.

  • ECR Build ID - b557c49758552622ff46345863274c68a78f61ab

New

  • Added the following query filters:
    • Pod With Given Status
    • Web App With/Without SCM Basic Authorization Enabled
    • Snapshot Created Before Date
  • Harvested a new property for Azure Web Apps: SCM Basic Authorization Enabled
  • Added a new Insight, Web App without Authentication and SCM Basic Authorization Enabled, that is included in the Azure CIS 2.1 Compliance Pack to manage control 9.1.

Improved

  • Updated the Layered Context Risk Score to take into account custom severities for Insights when computing the score.
  • Added a banner to the Clouds tab on the Insights > Scopes panel that informs you when a Compliance Pack is selected and badges have been applied.
  • Added sys- to the list of automatically excluded prefixes for GCP Organizations, so by default, InsightCloudSec will not harvest Projects that begin with sys-.
  • Updated the User Management > API Keys interface for improved navigation and look-and-feel. By default, the new interface is off but you can turn it on using the Switch to Modern UI button.
  • Added Infrastructure as Code (IaC) support for the following resources:
    • AWS Simple Email Service (SES)
    • AWS Elastic Container Registry (ECR) Public Repositories
  • Added Source Documents support for the following resources:
    • Azure Container Registry
    • Azure Log Analytics Workspace

Fixed

  • Fixed the broken link to Harvesting Strategies from the Cloud Details > Settings page.
  • Resolved an issue with scoping Insights.
  • Resolved issues with the ML Workspace harvester not treating attached compute instances separately.
  • Resolved the missing public network access field in the API response for Azure China ML instances.
  • Resolved an issue with false positives occurring for the Cloud User Account without MFA Insight.
  • Resolved package security vulnerabilities in accordance with our vulnerability resolution policy.