17.08 Release Notes¶
The 17.08 introduces the concept of Insight Packs, which are collections of related Insights, e.g., Insights focused on the CIS Benchmark. Customers will be able to quickly and thoroughly confirm their organization’s compliance with industry requirements, see gaps, one-click Bots to take corrective action, and subscribe to status reports to communicate and monitor compliance over time.
In addition, you can build your own Insights and Packs, browse and use the DivvyCloud collections, or customize the collections to suit your requirements.
As in prior releases, this release continues the expansion of DivvyCloud’s AWS support. Specifically, we now support AWS Lambda, AWS Config, and AWS Elasticsearch instances as Resource types and with that support comes relevant capabilities with Insights, filters, and Bots. We also extended AWS IAM support to include groups, roles and inline policies. Finally, we added the new Paris region.
- Released featured Insight Packs include:
- PCI DSS: 30 Insights focused on Payment Card Industry Data Security Standards
- GDPR: 38 Insights focused on General Data Protection Regulations
- SOC 2: 61 Insights focused on Service Organization Control 2 principles
- CIS: 26 Insights focused on Center for Internet Security benchmarks
- HIPAA: 22 Insights focused on Health Insurance Portability and Accountability Act provisions
- NIST CSF: 25 Insights focused on NIST CyberSecurity Framework practices
- NIST 800-53: 25 Insights focused on NIST 800-53 security controls
- ISO 27001: 24 Insights focused on the International Organization for Standardization standards
Additional AWS Support¶
- Added AWS Lambda support with capabilities for Insights, filters, and Bots
- Added AWS Config support with capabilities for Insights, filters, and Bots
- Added AWS Elasticsearch instance support with capabilities for Insights, filters, and Bots
- Extended AWS IAM to include groups, roles and inline policies
- Added the ability to manipulate AWS S3 permissions via the UI and BotFactory
- Added the ability to append bucket policies to AWS S3 via the UI and BotFactory
- Added snapshot action for AWS Redshift
- Added AWS Paris region
New Insights, Filters, & Bots¶
- Added featured Insight Packs covering industry best practices
- Added new filters to identify compute instances with/without a recent backup
- Added the ability to filter volumes that are attached to an instance as the root device
- Added “Cloud Provider” and “Cloud Account” filters
- Added ability to create private images of instances as an automated BotFactory action
- Cloud non-compliance information is surfaced to more easily identify the Bots reporting non-compliance
- Added the ability to assign badges to Orgnizations
- Updated pricing data for GCP, Azure, and AWS
- IPv6 support added
IMPORTANT: In order to take advantage of new AWS capabilities, you must update your AWS DivvyCloud IAM policy. The current AWS IAM Read Only and Power User policies are here. The snippet below includes the required changes:
"elasticfilesystem:Describe*", "elasticfilesystem:List*", "lambda:ListFunctions", "lambda:ListTags", "es:ListDomainNames", "es:DescribeElasticsearchDomains", "es:ListTags", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeDeliveryChannels", "sts:GetCallerIdentity", "organizations:ListAccounts"
Breaking API changes: API endpoints for listing insights and insight history have been modified to support multiple sources. Insight json responses will now contain two keys
insight_id is a unique id per source and
source is either
custom. Insights from
backoffice are DivvyCloud hosted and
custom are stored locally in your database.
# Old Insight list: pagination and list all v2/public/insights/<offset>/<limit>/list v2/public/insights/list-all # New Insight list v2/public/insights/list # Old Insight history v2/public/insights/<int:insight_id>/insight-data-7-days # New Insight history v2/public/insights/<int:insight_id>/<source>/insight-data-7-days