Release Notes

Release Summary

InsightCloudSec is pleased to announce release version 24.11.5. This release includes Public Accessibility Insights and Query Filters and expanded Infrastructure as Code support.

New

• Added the following Insights:
  • Unencrypted Snapshots
  • Security Group with HTTP(S) Access from Internet (mapped to CIS Azure 2.0 Recommendation 6.4 and CIS Azure 2.1 Recommendation 6.4)
  • Security Group with RDP Access from Internet (mapped to CIS Azure 2.0 Recommendation 6.1 and CIS Azure 2.1 Recommendation 6.1)
  • Security Group with SSH Access from Internet (mapped to CIS Azure 2.0 Recommendation 6.2 and CIS Azure 2.1 Recommendation 6.2)
  • Security Group with UDP Access from Internet (mapped to CIS Azure 2.0 Recommendation 6.3 and CIS Azure 2.1 Recommendation 6.3)
  • Instance with Public IP Address and any Port Exposure to 0.0.0.0/0
• Added the following Query Filters:
  • Instance Not Open to the Public
• Added support for AWS Elastic Load Balancer Target Group and Listener Rule resources in CloudFormation Infrastructure-as-Code (IaC) scans.

Improved

• Added Google Cloud Platform (GCP) support to the Snapshot Available to the Public, Database Instance without Recent Snapshot, and Shared File System Without Encryption Insights.

• Added Google Cloud Platform (GCP) support to the Shared File System Unencrypted Query Filter.

• Removed the Data Lake Storage Invalid Diagnostic Logging Configuration Insight from the Azure Security Compliance Pack and replaced it with the Resource Without Azure Monitor Logging Configured Insight.

• Moved the Azure Container Service resource under the App Run Services resource type as it is similar to AWS App Runner and GCP Cloud Run. Azure data for the Container Instance resource has been marked for future removal.

• Key Vaults and Keys now appear on each others' related resources list.

• Optimized the Network Path processor to reduce memory usage and query timeouts.

• Insight ID is now included as a column in the Compliance Scorecard report.

• Added a filter_configs URL parameter to the /v3/iac/insights endpoint that adds filter-level configuration details to a response.

• Deprecated the following Insights:

  • Instance Exposing SSH to the Public
  • Instance Exposing RDP to the Public

• Created the following Insights with improved logic:

  • Compute Instance Security Group Allows Access to SSH From Public IP Space
  • Compute Instance Security Group Allows Access to RDP From Public IP Space

Fixed

• Fixed an issue that was causing the Host Vulnerability Assessment (HVA) report handler to run out of memory when processing large reports.
• Fixed an issue preventing the Vulnerability Settings page from properly displaying missing permissions.
• Fixed an issue that was causing AWS GuardDuty threat findings to trigger modification hookpoints even when no changes were observed.
• Fixed an issue preventing unreachable Key Vaults from disrupting harvester service.
• Fixed an issue that was causing Public IPs to be marked as orphaned when they were connected to an Azure Bastion Host.
• Fixed a 500 error that would occur in Layered Context when moving a cloud between organizations.
• Fixed a 404 error that would occur when navigating from Exemptions to Insights.
• Fixed the Load Balancer converter for AWS CloudFormation IaC scans.
• Fixed the Redis Cache converter for Azure Terraform IaC scans.
• Fixed an issue where some AWS DMS Replication Instances were incorrectly parsed and did not trigger Insights.
• Fixed a parsing issue for AWS Sagemaker Notebook Instances that caused false positives on ML Instance Insights.
• Fixed the Service Checks Harvester to quiet CloudTrail events triggered by calls to AWSTrustedAdvisorChecks that do not support refreshes.