Release Summary
InsightCloudSec is pleased to announce release version 25.4.8. This release includes expanded source documents support, new Query Filters and Insights, and improved performance on the Resources Inventory page.
Details for self-hosted customers
Upgrading from version 25.3.18 or earlier?
It is recommended to schedule downtime for InsightCloudSec with your user base and scale interface servers to 0 before taking this upgrade. After the upgrade is complete, you may revert the interface server scaling.
- Release Availability - Self-hosted customers are able to download the new version of InsightCloudSec usually six business days after SaaS customers are upgraded. The estimated date for this version's self-hosted availability is April 14, 2025.
- The latest Terraform template (static files and modules) can be downloaded from our public S3 bucket: https://s3.amazonaws.com/get.divvycloud.com/prodserv/divvycloud-prodserv-tf/example-usage/aws/release/divvycloud-tf-release.zip
- Modules can be updated with the
terraform get -updatecommand.
- Amazon Elastic Container Repository (ECR) Image Tags - You can obtain the ECR build images for this version of InsightCloudSec from the InsightCloudSec ECR Gallery: https://gallery.ecr.aws/rapid7-insightcloudsec?page=1
New
- Added the following Insights:
BigQuery Tables Not Encrypted To Use Customer-Managed Encryption KeyBigQuery Dataset Encrypted using Cloud Managed Key Instead of Customer Managed KeyDatabase Instance Flag 'max user connection' Enabled
- Added source documents support for the following resource types:
- AWS ElasticBeanstalk Environment
- AWS ElasticBeanstalk Application
- AWS ACM Private Certificate Authority
- Added the following Query Filters:
Email Service Domain Current DKIM Signing Key LengthEmail Service Domain Next DKIM Signing Key Length
Improved
- Turned on the new interface for Clouds > Organizations page by default.
- Improved the rendering speed for the resource type tooltip while navigating the Resources inventory.
- Updated the
Cloud Credential Not Rotated Within 90 DaysInsight andCloud Credentials Accessible To The PublicQuery Filter to use key create time instead of updated time. - Improved the recommendations for the
DNS Zone With Weak Key Signing Algorithm (GCP)andDNS Zone With Weak Zone Signing Algorithm (GCP)Query Filters to match the case of the GCP API response. - Updated the following columns in the Vulnerability Report for clarity:
last_assessedupdated toresource_last_assessedfirst_assessedupdated toresource_first_assessed
- Added a setting to include or exclude disabled access lists from the
Access List Exposes Port (Security Group)andAccess List Exposes Ports to the PublicQuery Filters. As a result, any access list-related Insights now automatically exclude disabled access lists, including:Access List Exposes High Risk Port to the PublicAccess List Exposes SSH or Windows RDP to the Public over IPv4 (Security Group)Access List Exposes SSH or Windows RDP to the Public Over IPv6 (Security Group)Access List Exposes SSH to the Public (SG)Access List Exposes CIFS Port to the Public
- Added the following resource types as supported for the
Resource Missing Tag KeyQuery Filter:- App Stream Fleet
- ETL Job
- ETL Crawler
Fixed
- Fixed an issue causing columns to overlap in the resource properties panel.
- Fixed an issue where changes to Query Filters were not updating the Resources inventory list view as expected.
- Replaced placeholder description for the
Google User With Unauthorized RoleInsight. - Fixed an issue where the
ElasticsearchPipelineHarvesterjob would fail when logging was not configured on an ingestion pipeline resource. - Fixed an issue causing false positives on the
Database Instance not EncryptedInsight for Alibaba Cloud Database Instances.