InsightCloudSec Release Notes / Oct 22, 2024

Oct 22, 202424.10.22

Release Summary

InsightCloudSec is pleased to announce release version 24.10.22. This release includes new Insights and Query Filters and expanded source document and infrastructure-as-code support.

Details for self-hosted customers

Since version 24.10.15 was not available to self-hosted customers, all changes from that release, including Kubernetes cluster reclassification and an upgrade to Python 3.10, are available in this week's release. Review last week's release notes for details.

  • Release Availability - Self-hosted customers are able to download the new version of InsightCloudSec usually 2-3 days after SaaS customers are upgraded. The estimated date for this version's self-hosted availability is Thursday, October 24, 2024.
    • The latest Terraform template (static files and modules) can be downloaded here. Modules can be updated with the terraform get -update command.
  • Amazon Elastic Container Repository (ECR) Image Tags - You can obtain the ECR build images for this version of InsightCloudSec from the InsightCloudSec ECR Gallery.

New

  • Added the following Insights:
    • Cloud Account without a Conditional Access Policy for Multi-factor Authentication required for Risky Sign-ins (mapped to CIS Azure 2.1 Recommendation 1.2.5)
    • Cloud Account with Incomplete Diagnostic Settings for Activity Logs (mapped to CIS Azure 2.1 Recommendation 5.1.2)
    • Access List Flow Log Without Traffic Analytics Enabled (mapped to CIS Azure 2.1 Recommendation 5.1.5)
    • Cloud Accounts that do not have Essential Contacts configured (mapped to CIS GCP 2.0.0 Identity and Access Management Recommendation 1.16)
  • Added the following Query Filters:
    • Cloud Account Without Conditional Access Policy for Multi-factor Authentication Required for Risky Sign-ins
    • Cloud Account with Incomplete Diagnostic Settings for Required Log Categories
    • Access List Flow Log Without Traffic Analytics Enabled
    • Access List Status (GCP)
  • Added source document support for GCP DLP Jobs
  • Added support for GraphAPI and Open Search Service resources in CloudFormation Infrastructure-as-Code (IaC) scans.

Improved

  • Renaming the Cloud Account without Bastion Host Deployed to Cloud Account without Azure Bastion Host Deployed and improving its formatting for readability. We also mapped this Insight to the CIS Azure 2.0 and CIS Azure 2.1 Compliance Packs.
  • Removed the Use or option for the Web Application Firewall Default Action Query Filter so you can now select both AWS and GCP.
  • Added a new Is public and allows privilege escalation toxic combination to the Cloud Summary Risk Overview dashboard.
  • Added two new parameters to the Get Insight Findings Per Cloud endpoint: page_size and include_count. Respectively, these parameters control the number of items returned and whether the response should include the total count of findings.

Fixed

  • Fixed an issue where the AWS Service Limit Harvest would fail unexpectedly.
  • Fixed an issue that was preventing some Big Data instance types from being harvested with the AWS Instance Flavor Harvester.
  • Fixed an issue where an empty policy may cause the AWS Resource Share Resource Harvester to fail.
  • Fixed an issue where the instance count was incorrectly reported by GCP VPC networks.