18.2 Release Notes¶
Release 18.2 broadens Insight capabilities by enabling the association of badges when viewing DivvyCloud’s Cloud Compliance and Custom Packs. Badges can now be used when managing cloud environments and for report subscriptions. The release also broadens support for Microsoft Azure, VMware and AWS. Listed below are the highlights, actions and filters associated with our second release of 2018.
Azure Active Directory Support¶
External authentication options now include Azure Active Directory (AD). Azure AD has grown in popularity over the years and now customers can leverage their directory to manage and authenticate users within the DivvyCloud platform.
Additional Cloud Support¶
- Expanded support for vApp (stop, start, delete)
- Move virtual machines into/out of vApps
- Support for identifying VMware tool status
- Support for validating Hypervisor NTP settings
- Insight into virtual machine connection status/health
- Support for Azure PostgresSQL
- Support for Azure MySQL
- Filters/Insights to inspect authorized network rules across SQL services
Amazon Web Services
- Support for CloudFormation Templates
- RDS VPC support
- Support for RDS read replicas
- Support for identifying network load balancers with cross zone balancing
- Harvest the service encryption key associated with a Lambda function
- Elasticsearch support for GovCloud
Enhanced Badge Support¶
- Customize Insight/Insight Pack views leveraging badges
- Dynamically partition resource management
- Associate badges with Insight Pack subscriptions for customized reporting
Improved Resource Management¶
Resource Management at scale has never been easier. Scope can be easily adjusted to distill your views down by Cloud, Resource Group and/or Badge. This new capability improves visibility into distinct areas of a customers cloud footprint.
Insight Timeseries Persistence¶
Insight Timeseries data is now persisted within the MySQL database and will be maintained for a total of 60 days.
Insight Table View is Default¶
Based on customer feedback, we now default to Table View. This allows for more granular visibility on the issues in cloud accounts, as well as an aggregate total for your entire cloud footprint. We also wanted to call out the List View will be deprecated in favor of the Table View in 18.3.
Insight Notes Editor¶
Customers can now associate their own notes, context and remediation actions with their custom Insights. Simply click on the pencil in the top right of the Insight Overview. This data can aid in conveying the Insight purpose and configuration to users.
Added Bulk Options for Insights¶
Customers are now able to bulk add/remove Insights to their Custom Packs, and bulk favorite/delete Insights within the table view.
Existing compliance Insight Packs have a new addition in the form of FedRAMP. With over 40 Insights this pack can accelerate FedRAMP compliance within public cloud.
Addition of Resource Does Not Contain Any Supplied Tag Keys filter¶
This filter compliments our current Resource Does Not Contain Keys filter, but will match if a resource does not contain any of the supplied tags. Note that we also renamed the Resource Does Not Contain Keys filter to Resource Does Not Contain All Keys. This is so each filter is less ambiguous and more direct on exactly what we’re filtering for.
New Automation Actions¶
Set Database Instance Backup Retention¶
This new action can be used manually or in the context of a Bot. It will set the retention policy of automated database backups to the supplied value.
Enable CloudTrail Log File Validation¶
This new action can be used to enable log file validation on AWS CloudTrail resources.
Set Big Data Instance Backup Retention Policy¶
Set the retention policy for automated backups of Big Data instances. This action also allows automated backups to be disabled.
Enable/Disable Storage Container Website Hosting¶
Enable/disable static website hosting from a storage container.
Create Instance Snapshot (VMware)¶
Create an instance snapshot of a VMware virtual machine
Scheduled Deletion of Stack Template¶
Gracefully tear down Cloud Formation Stacks.
Storage Container Has/Doesn’t Have Bucket Policy¶
Identify storage containers, such as AWS S3, with or without a bucket policy associated.
Instance associated with reserved/static public IP¶
Identify compute instances that have a reserved/fixed public IP associated which enables communication over the Internet.
Instance associated with ephemeral/dynamic public IP¶
Identify compute instances that have an ephemeral/dynamic public IP associated which will be changed each time the system goes through a stop/start power cycle.
Private Images owned by account¶
Identify private images which were created and are owned by the account and not ones which are shared with other accounts and/or were acquired from the cloud native marketplace.
Stack Template Lifecycle State¶
Identify Stack Templates such as AWS CloudFormation based on the lifecycle state.
Cloud User API Key Active/Inactive¶
Identify cloud users with API keys in an active or inactive state.
Serverless Function With/Without Private Networking¶
Identify serverless functions such as AWS Lambda which are associated with a private network/VPC
Instance With/Without Identity Role¶
Identify compute instances which have/do not have a role associated which grants permissions to cloud resources.
Database Is/Is Not Read Replica¶
Identify whether or not a database instance is a read replica. This can be essential when looking to optimize based on database connections.
Access Rule Ports¶
This filter will allow customers to identify explicit port ranges. As an example, you can focus an Insight on all traffic that opens ports 0-65535.
Storage Container Is/Is Not Website¶
Find storage containers that have/have not been configured to serve as websites so they’re not being pulled as exposed to the world and help remove false positives.
Storage Container With/Without Lifecycle Policy¶
Filter to find storage containers that have lifecycle policies, e.g., archive objects older than X, in place. This helps with cost containment/control.
API Accounting Storage Container Whitelist¶
Find API Accounting Configuration resources such as AWS CloudTrail based on the bucket they do/do not feed into.
Resource Encrypted With Key¶
Identify resources which leverage encryption at rest based on the supplied key which is used to encrypt them.
Resource Encrypted With Default Key¶
Identify resources which leverage encryption at rest and are using the default provider encryption key(s)
Hypervisor NTP Client Enabled/Disabled (VMWare)¶
Identify VMWare Hypervisors that have enabled or disabled the Network Time Protocol client.
For Amazon Web Service customers, the role/user policy associated with each connected account will need to be adjusted to include the permissions below. For customers leveraging read-only policies, there is no need to include the “cloudformation:DeleteStack” permission."cloudformation:DescribeStacks", "cloudformation:DescribeStackResources", "cloudformation:DeleteStack"
We have also removed the ability to leverage Hipchat as an integration (Atlassian is retiring the service and replacing it with Stride).