InsightCloudSec Release Notes / Mar 18, 2025

Mar 18, 202525.3.18

Release Summary

InsightCloudSec is pleased to announce release version 25.3.18. This release includes a new look for InsightCloudSec and an automatic deployment for Azure LPA.

Azure deprecation announcements

Azure Database for PostgreSQL Single Server deprecation announcement

Azure announced the deprecation of Database for PostgreSQL Single Server and retired the service on September, 16, 2024. After March 28, 2025, Azure Database for PostgreSQL Single Server instances will no longer receive security updates or fixes. Non-responsive PostgreSQL Single Server instances that have not migrated to another service will be deleted. Azure recommends migrating to a PostgreSQL Flexible Server instance and will attempt to automatically migrate any non-responsive PostgreSQL Single Server instances. For more information, review the Azure documentation: https://learn.microsoft.com/en-us/azure/postgresql/migrate/whats-happening-to-postgresql-single-server

To assist with identifying affected resources, InsightCloudSec has added a new Insight available with this version that will flag any PostgreSQL Single Server instances: Azure Database Instance Single Server Migration (PostgreSQL)

After March 28, 2025, the following Insights will be removed:

  • Database Instance Allowing Access from Cloud Resources (PostgreSQL Single Server)
  • Database Instance without Infrastructure Encryption Enabled (PostgreSQL Single Server)
  • Database Instance Not Configured to Log Connections (PostgreSQL Single Server)
  • Database Instance Not Configured to Log Disconnections (PostgreSQL Single Server)
  • Database Instance Not Configured to Throttle Connections (PostgreSQL Single Server)
  • Database Instance Log Retention Below Threshold (PostgreSQL Single Server)
  • Database Instance not Enforcing Transit Encryption (PostgreSQL - Single Server)
  • Database Instance not configured to Log Checkpoints (PostgreSQL Single Server)

After March 28, 2025, the following Query Filter will be removed:

  • Database Instance Server Type
Details for self-hosted customers

New

  • Aligned the theme for InsightCloudSec with other Rapid7 experiences. This new look does not change any functionality.
  • Added the following Insights:
    • Virtual Machine Instance Without Block Project-wide SSH Keys Enabled
  • Added the following Query Filters:
    • Instance Without Block Project-wide SSH Keys Enabled
  • Added an Attack Paths with Resources containing Sensitive Data filter to the Attack Paths page.
  • Added an automatic deployment option for Azure Least Privileged Access (LPA). Explore the Azure LPA setup documentation for details.
  • Added a new Analysis Settings option to Infrastructure as Code (IaC) configurations that turns off harvester-driven analysis for Insights.

Improved

  • Updated the description formatting on the following Insights:
    • Network In Project Default Type
    • Network In Project Legacy Type
    • Cloud Zone Has DNS Security Extensions (DNSSEC) Disabled
    • Access List Exposes SSH to the Public (SG)
    • Access List Exposes Windows RDP to the Public (SG)
  • Improved accuracy of Critical Risk Factors and Toxic Combinations counts on the Cloud Summary page.

Fixed

  • Exemptions created by an Exemption Rule now properly include notes from the Exemption Rule description.
  • Fixed a harvesting issue for AWS QuickSight resources.
  • Fixed an issue preventing the InsightVM Agent sync process.
  • Fixed an issue where containers were not properly removed when a pod no longer exists.