Mar 04, 202525.3.4

Release Summary

InsightCloudSec is pleased to announce release version 25.3.4. This release includes user interface and performance improvements.

Azure deprecation announcements

Azure deprecating virtual network injection for Azure Data Explorer (ADX)/Kusto clusters

Beginning February 1, 2025, Azure will restrict an event hub's system-assigned identity from entering an ADX cluster's virtual network. This means if you are currently using the Azure Least-Privileged Access feature and have deployed it using a virtual network, you will need to migrate to using managed virtual private endpoints instead. We recommend following Azure's detailed migration guide.

Azure Database for MySQL Single Server deprecation announcement

Azure announced the deprecation of Database for MySQL Single Server and retired the service on September, 16, 2024. After March 10, 2025, Azure Database for MySQL Single Server instances will no longer receive security updates or fixes. Non-responsive MySQL Single Server instances that have not migrated to another service will be deleted. Azure recommends migrating to a MySQL Flexible Server instance and will attempt to automatically migrate any non-responsive MySQL Single Server instances. For more information, review the Azure documentation: https://learn.microsoft.com/en-us/azure/mysql/migrate/whats-happening-to-mysql-single-server

To assist with identifying affected resources, InsightCloudSec has added a new Insight available with this version that will flag any MySQL Single Server instances: Azure Database Instance Single Server Migration (MySQL)

After March 10, 2025, the following Insights will be removed:

  • Database Instance without Connection Log Auditing Events (MySQL Single Server)
  • Database Instance not Enforcing Transit Encryption (MySQL Single Server)
  • Database Instance without Log Auditing Enabled (MySQL Single Server)

After March 10, 2025, the following Query Filter will be removed:

  • Database Instance Server Type

Azure Database for PostgreSQL Single Server deprecation announcement

Azure announced the deprecation of Database for PostgreSQL Single Server and retired the service on September, 16, 2024. After March 28, 2025, Azure Database for PostgreSQL Single Server instances will no longer receive security updates or fixes. Non-responsive PostgreSQL Single Server instances that have not migrated to another service will be deleted. Azure recommends migrating to a PostgreSQL Flexible Server instance and will attempt to automatically migrate any non-responsive PostgreSQL Single Server instances. For more information, review the Azure documentation: https://learn.microsoft.com/en-us/azure/postgresql/migrate/whats-happening-to-postgresql-single-server

To assist with identifying affected resources, InsightCloudSec has added a new Insight available with this version that will flag any PostgreSQL Single Server instances: Azure Database Instance Single Server Migration (PostgreSQL)

After March 28, 2025, the following Insights will be removed:

  • Database Instance Allowing Access from Cloud Resources (PostgreSQL Single Server)
  • Database Instance without Infrastructure Encryption Enabled (PostgreSQL Single Server)
  • Database Instance Not Configured to Log Connections (PostgreSQL Single Server)
  • Database Instance Not Configured to Log Disconnections (PostgreSQL Single Server)
  • Database Instance Not Configured to Throttle Connections (PostgreSQL Single Server)
  • Database Instance Log Retention Below Threshold (PostgreSQL Single Server)
  • Database Instance not Enforcing Transit Encryption (PostgreSQL - Single Server)
  • Database Instance not configured to Log Checkpoints (PostgreSQL Single Server)

After March 28, 2025, the following Query Filter will be removed:

  • Database Instance Server Type
Details for self-hosted customers

New

  • Added a toggle to turn on the new interface for the following pages, which includes improved usability and navigation:
    • Settings > Plugins
    • Cloud > Cloud Accounts > Organizations
    • Settings > User Management > Users
  • Added the following Query Filter:
    • Identify Private Images Source

Improved

  • Turned on the new interface for the following pages by default:
    • Inventory > Tag Explorer
    • Settings > User Management > Basic User Roles You can still access the old interface by using the Switch to Legacy UI button.
  • Improved the AWS onboarding script to support pathless roles and complex role paths:
    • If there is an existing role with the provided value, InsightCloudSec will use the path associated with the role.
    • If there is no existing role, you can provide a role path but the default is / instead of /rapid7/.
  • Improved the performance of the Bot Name filter on the Scheduled Events page. The filter now lists Bots in alphabetical order.
  • Improved the performance of the Task Definition Resource Has No Log Configuration Query Filter and Insight.
  • Improved the performance of the Data Classification filter on the Layered Context page.
  • Corrected and clarified Data Types on the Data Classifications page.
  • Improved Private Image resource harvesting to include source image region and ID data.
  • For Storage Container resources, the Resource Age Exceeds Threshold filter now uses the cloud service provider's creation timestamp.