InsightCloudSec Release Notes / Nov 12, 2024

Nov 12, 202424.11.12

Release Summary

InsightCloudSec is pleased to announce release version 24.11.12. This release includes a new compliance pack, a new AWS resource, and several new Query Filters and Insights.

Reverting recent Insight changes

In version 24.11.5, we marked the Instance with a Public IP Exposing RDP and Instance with a Public IP Exposing SSH Insights for deprecation. We are reverting this change as it caused unexpected issues with Exemptions.

New Permissions: AWS

These permissions support the AWS Q Business App resource.

  • "qbusiness:ListApplications"
  • "qbusiness:GetApplication"
  • "qbusiness:GetChatControlsConfiguration"

These permissions were missing and are required to support the AWS Textract resource.

  • "textract:ListAdapters"
Details for self-hosted customers
  • Release Availability - Self-hosted customers are able to download the new version of InsightCloudSec usually 2-3 days after SaaS customers are upgraded. The estimated date for this version's self-hosted availability is November 14, 2024
    • Download the latest Terraform template (static files and modules) from our public S3 bucket.
    • Modules can be updated with the terraform get -update command
  • Amazon Elastic Container Repository (ECR) Image Tags - You can obtain the ECR build images for this version of InsightCloudSec from the InsightCloudSec ECR Gallery: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1

New

  • Added a new CIS AWS 4.0 Compliance Pack.
  • Added the following Insights:
    • Access List Rule Exposes Non-Web Ports to the Public
    • Access List Exposes CIFS Port to the Public (mapped to CIS AWS 4.0 Recommendation 5.1.2)
    • Database Instance without Multi-AZ (mapped to CIS AWS 4.0 Recommendation 2.2.4)
    • Amazon Q Business App Without Chat Controls Configured
    • Amazon Q Business App using Cloud Managed Key Instead of Customer Managed Key
  • Added the following Query Filters:
    • Database Instances With Multi-AZ
    • Amazon Q Business App Status
    • Amazon Q Business App Control Mode
    • Amazon Q Business App Without Chat Controls Configured
  • Added support for the AWS Q Business App resource, including updating existing Query Filters.

Improved

  • Added a link to the documentation to the Vulnerability Settings page when the Host Vulnerability Assessment feature is not turned on.
  • Added an optional Use Denormalized Tags Table configuration for the Resource Contains Tag Key/Value Pair Query Filter, which should increase performance in larger environments.
  • Expanded support for adding a fully-qualified domain name (FQDN) for public-facing load balancers on a network path to the Public Accessibility Allow List.
  • The new Harvesting Strategies interface has been turned on by default. You can still access the old interface by using the Switch to Legacy UI toggle.
  • The AWS Publicly Exposed Compute Instance with access to Cloud Trail Data Attack Path has been renamed to Publicly Exposed Compute Instance with access to a Bucket Containing Cloud Trail Data to more accurately reflect the path.
  • Added download options for Host Vulnerability Assessment failures, pending assessments, and unsupported assessments.
  • Added support for a JSON pretty print parameter, json_format=true to the get_threat_finding_details() Jinja2 template.

Fixed

  • Fixed an issue preventing users from downloading the Resource Vulnerabilities report.
  • Fixed an issue preventing accurate analysis for the Publicly Exposed Compute Instance with High/Critical vulnerabilities Attack Path.
  • Fixed an issue preventing Elastic Kubernetes Service (EKS) node groups from being harvested.
  • Added missing AWS Textract resource permissions to the onboarding CloudFormation Templates (CFTs).
  • Fixed an issue that occurred when setting all Host Vulnerability Assessment region overrides to their default values.