Release Summary
InsightCloudSec is pleased to announce release version 25.1.21. This release includes new Insights and Query Filters, a new Tag Explorer interface, and a new Compliance Pack.
Query Filter Cloud Type Support Correction for version 24.12.3
As part of our ongoing compliance program, remediation and improvements are being made to older Query Filters and Insights to align with our new templates. Some of these improvements occurred in version v. 24.12.3, but the release notes incorrectly described the change. The correction is as follows:
Corrected cloud type support for the following Query Filters to indicate support only for Alibaba Cloud and AWS:
Instance scanned or assessed by InsightVMInstance not scanned or assessed by InsightVMInstance scanned or assessed by InsightVM Last Assessment ThresholdInstance With Crowdstrike Falcon Agent ConfiguredInstance Without Crowdstrike Falcon Agent ConfiguredInstance With SentinelOne Agent ConfiguredInstance Without SentinelOne Agent Configured
Corrected cloud type support for the following Query Filters to indicate support only for AWS, AWS China, AWS Gov:
Instance With Tenable.io Agent ConfiguredInstance With Tenable.io Agent Not ConfiguredInstance With Tenable.io Agent Last Checkin ThresholdInstance With Qualys Agent ConfiguredInstance Without Qualys Agent ConfiguredInstance with Resource Agent Operating System PlatformInstance Operating System Distribution (Regex)Instance Agent Type
Azure deprecating virtual network injection for Azure Data Explorer (ADX)/Kusto clusters
Beginning February 1, 2025, Azure will restrict an event hub's system-assigned identity from entering an ADX cluster's virtual network. This means if you are currently using the Azure Least-Privileged Access feature and deployed it using a virtual network, you will need to migrate to using managed virtual private endpoints instead. We recommend following Azure's detailed migration guide.
Details for self-hosted customers
- Release Availability - Self-hosted customers are able to download the new version of InsightCloudSec usually two or three business days after SaaS customers are upgraded. The estimated date for this version's self-hosted availability is Monday, January 27, 2025.
- The latest Terraform template (static files and modules) can be downloaded from our public S3 bucket: https://s3.amazonaws.com/get.divvycloud.com/prodserv/divvycloud-prodserv-tf/example-usage/aws/release/divvycloud-tf-release.zip
- Modules can be updated with the
terraform get -updatecommand.
- Amazon Elastic Container Repository (ECR) Image Tags - You can obtain the ECR build images for this version of InsightCloudSec from the InsightCloudSec ECR Gallery: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1
New
- Added the following Insights:
Cloud Account Linked to User-Managed API CredentialsCloud Account without Defender CSPM Sensitive Data Discovery Enabled
- Added the following Query Filters:
Cloud Account With User-managed API CredentialsCloud Account Sensitive Data Discovery Status
- Added a toggle to turn on the new interface for Tag Explorer, which includes improved usability and navigation.
- Added a new NIST CSF 2.0 Compliance Pack that includes support for AWS and Azure.
Improved
- Failed host assessments will not be retried until seven days have elapsed.
- Updated the AWS Container Vulnerability Assessments (CVA) policy to be minimally permissive and explicitly state the permissions needed.