InsightCloudSec Release Notes / Sep 24, 2024

Sep 24, 202424.9.24

Release Summary

InsightCloudSec is pleased to announce release version 24.9.24. This release includes a new AWS resource and region, Machine Learning Instance query filter improvements, and more accurate reporting for the first detection of a vulnerability.

New Permissions: Amazon Web Services (AWS)

These permissions support the Amazon Security Lake resource. All permissions have been added to the appropriate onboarding user roles.

For AWS Read-Only Users:

  • "securitylake:GetDataLakeSources"

Future base image upgrade

With the next release (v.24.10.1), InsightCloudSec will be upgrading the base image for the instances hosting the application from Ubuntu 20.04 to Amazon Linux 2023 for all SaaS customers. The base image change will go into effect for all customers starting with the v. 24.10.8 release.

Details for self-hosted customers

Redis 7.1 required

Beginning with release 24.9.3, InsightCloudSec requires Redis 7.1. Ensure Redis has been upgraded prior to upgrading InsightCloudSec to version 24.9.3 or later. Visit Upgrading InsightCloudSec - AWS Terraform for details.

  • Release Availability - Thursday, September 26, 2024

    • The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the terraform get -update command.

  • Amazon Elastic Container Repository (ECR) Image Tags - You can obtain the ECR build images for this version of InsightCloudSec by using these tags:

    • latest
    • 24.9.24
    • 24.9.24.2343233d6

    You can find all available versions in the InsightCloudSec ECR Gallery.

  • ECR Build ID - 2343233d69e534d299e02fc3aeed09410d0f7c21

New

  • The ap-southeast-5 AWS region is now supported. This region is opt-in, which means you must configure AWS to use it before InsightCloudSec can harvest resources being used in that region.
  • Added support for the Amazon Security Lake resource.
  • Added a new Machine Learning Instance Associated With Any Subnet Query Filter.

Improved

  • Updating the Database Instance Flag 'cloudsql.enable_pgaudit' Disabled to align with CIS GCP 3.0 controls.
  • Improved the accuracy for the First Detected property of vulnerabilities.
  • Added wildcard regular expression (*) support to the Machine Learning Instance Within Given VPC Query Filter.
  • Added Machine Learning Instance resource support to the Resource Associated with Public Subnet Query Filter.

Fixed

  • The HostAssessmentDailyMetrics job now runs every 6 hours.
  • Fixed minor spelling and image issues with various Compliance Packs.
  • Fixed an issue that was preventing users from applying multiple filters on the Bot Factory page.
  • Resolved package security vulnerabilities in accordance with our vulnerability resolution policy.
  • Fixed an issue that was preventing the Compliance Rule column from being populated for custom Insights.
  • Fixed an issue that was preventing a Bedrock Training Job's associated role from appearing on the Related Resources tab of the Resource Properties panel.
  • Fixed an issue that was causing the Resource Name Regular Expression Query Filter to make incorrect matches on Vertex Jobs, Web Application Firewall Rules, Web Application Firewall Rule Groups, and Web Application Firewall IP Sets.