Release Summary
InsightCloudSec is pleased to announce release version 24.12.10. This release includes new Insights and Query filters, expanded source documents support, and the option to download Principals in Identity Analysis.
Container Vulnerability Assessment (CVA) database refresh
This release includes a CVA database refresh, so you may notice decreased performance and data inconsistencies during the operation. This is a one-time operation and should not take long to complete after your instance is upgraded.
Resolved onboarding issues for AWS GovCloud and China
The AWS onboarding script received an update in 24.12.3 that updated the default AWS Commercial template to use the AWS managed SecurityAudit policy as the base for read only harvesting permissions. This caused an issue with the onboarding CloudFormation Templates for GovCloud and China accounts where many of the explicit read only permissions were filtered out but the SecurityAudit policy was not attached. This has been fixed in this release (24.12.10). If you use the onboarding script for GovCloud and China, you can resolve this issue by using: python onboard.py --explicit-readonly-policy.
Details for self-hosted customers
- Release Availability - Self-hosted customers are able to download the new version of InsightCloudSec usually 2-3 days after SaaS customers are upgraded. The estimated date for this version's self-hosted availability is December 12, 2024.
- The latest Terraform template (static files and modules) can be downloaded from our public S3 bucket: https://s3.amazonaws.com/get.divvycloud.com/prodserv/divvycloud-prodserv-tf/example-usage/aws/release/divvycloud-tf-release.zip
- Modules can be updated with the
terraform get -updatecommand.
- Amazon Elastic Container Repository (ECR) Image Tags - You can obtain the ECR build images for this version of InsightCloudSec from the InsightCloudSec ECR Gallery: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1
New
- Added the following Insights:
Ensure that Microsoft Defender External Attack Surface Monitoring (EASM) is enabled (Manual)(mapped to CIS Azure 2.1 Recommendation 2.1.22)Cloud Account Without Application Insights Configured (Automated)(mapped to CIS Azure 2.1 Recommendation 5.3.1)
- Added the following Query Filters:
Cloud Account Without Application Insights ConfiguredKubernetes Cluster With a Failing Scan
- Added source document support for AWS OpenSearch instances.
- Added a Download button to the Principals tab in Identity Analysis.
Improved
- Improved report downloading performance for Host Vulnerability Assessments.
- The Cognitive Service Account harvester has been updated to accurately collect virtual network and firewall information.
- Updated the
Resource Web Application Firewall Rule Name Regular Expression Search (AWS)Query Filter to have the option to return resources with no associated Web Application Firewall. - Added the option to select multiple base Insight packs when creating a custom Insight pack.
Fixed
- Fixed an issue where container resources on the Vulnerabilities page would show no vulnerabilities.
- Fixed an issue where the
/v2/prototype/assessment_summaryAPI endpoint would fail when used with an API key. - Fixed an issue where Cluster Name and Cluster ID columns were empty for Kubernetes resources in Compliance Scorecard Microsoft Excel export.
- Fixed an issue that would prevent filtering Kubernetes clusters by cloud service provider.
- Fixed the AWS onboarding script for GovCloud and China accounts.