18.2 Release Notes

Release 18.2 broadens Insight capabilities by enabling the association of badges when viewing DivvyCloud’s Cloud Compliance and Custom Packs. Badges can now be used when managing cloud environments and for report subscriptions. The release also broadens support for Microsoft Azure, VMware and AWS. Listed below are the highlights, actions and filters associated with our second release of 2018.

Release Highlights

Azure Active Directory Support

External authentication options now include Azure Active Directory (AD). Azure AD has grown in popularity over the years and now customers can leverage their directory to manage and authenticate users within the DivvyCloud platform.

Additional Cloud Support

VMware

  • Expanded support for vApp (stop, start, delete)
  • Move virtual machines into/out of vApps
  • Support for identifying VMware tool status
  • Support for validating Hypervisor NTP settings
  • Insight into virtual machine connection status/health

Microsoft Azure

  • Support for Azure PostgresSQL
  • Support for Azure MySQL
  • Filters/Insights to inspect authorized network rules across SQL services

Amazon Web Services

  • Support for CloudFormation Templates
  • RDS VPC support
  • Support for RDS read replicas
  • Support for identifying network load balancers with cross zone balancing
  • Harvest the service encryption key associated with a Lambda function
  • Elasticsearch support for GovCloud

Enhanced Badge Support

  • Customize Insight/Insight Pack views leveraging badges
  • Dynamically partition resource management
  • Associate badges with Insight Pack subscriptions for customized reporting

Improved Resource Management

Resource Management at scale has never been easier. Scope can be easily adjusted to distill your views down by Cloud, Resource Group and/or Badge. This new capability improves visibility into distinct areas of a customers cloud footprint.

Insight Timeseries Persistence

Insight Timeseries data is now persisted within the MySQL database and will be maintained for a total of 60 days.

Insight Table View is Default

Based on customer feedback, we now default to Table View. This allows for more granular visibility on the issues in cloud accounts, as well as an aggregate total for your entire cloud footprint. We also wanted to call out the List View will be deprecated in favor of the Table View in 18.3.

Insight Notes Editor

Customers can now associate their own notes, context and remediation actions with their custom Insights. Simply click on the pencil in the top right of the Insight Overview. This data can aid in conveying the Insight purpose and configuration to users.

Added Bulk Options for Insights

Customers are now able to bulk add/remove Insights to their Custom Packs, and bulk favorite/delete Insights within the table view.

FedRAMP Support

Existing compliance Insight Packs have a new addition in the form of FedRAMP. With over 40 Insights this pack can accelerate FedRAMP compliance within public cloud.

Addition of Resource Does Not Contain Any Supplied Tag Keys filter

This filter compliments our current Resource Does Not Contain Keys filter, but will match if a resource does not contain any of the supplied tags. Note that we also renamed the Resource Does Not Contain Keys filter to Resource Does Not Contain All Keys. This is so each filter is less ambiguous and more direct on exactly what we’re filtering for.

New Automation Actions

Set Database Instance Backup Retention

This new action can be used manually or in the context of a Bot. It will set the retention policy of automated database backups to the supplied value.

Enable CloudTrail Log File Validation

This new action can be used to enable log file validation on AWS CloudTrail resources.

Set Big Data Instance Backup Retention Policy

Set the retention policy for automated backups of Big Data instances. This action also allows automated backups to be disabled.

Enable/Disable Storage Container Website Hosting

Enable/disable static website hosting from a storage container.

Create Instance Snapshot (VMware)

Create an instance snapshot of a VMware virtual machine

Scheduled Deletion of Stack Template

Gracefully tear down Cloud Formation Stacks.

New Filters

Storage Container Has/Doesn’t Have Bucket Policy

Identify storage containers, such as AWS S3, with or without a bucket policy associated.

Instance associated with reserved/static public IP

Identify compute instances that have a reserved/fixed public IP associated which enables communication over the Internet.

Instance associated with ephemeral/dynamic public IP

Identify compute instances that have an ephemeral/dynamic public IP associated which will be changed each time the system goes through a stop/start power cycle.

Private Images owned by account

Identify private images which were created and are owned by the account and not ones which are shared with other accounts and/or were acquired from the cloud native marketplace.

Stack Template Lifecycle State

Identify Stack Templates such as AWS CloudFormation based on the lifecycle state.

Cloud User API Key Active/Inactive

Identify cloud users with API keys in an active or inactive state.

Resource Without Tags

Identify resources which do not have a single tag associated, including newly supported Stack Templates.

Serverless Function With/Without Private Networking

Identify serverless functions such as AWS Lambda which are associated with a private network/VPC

Instance With/Without Identity Role

Identify compute instances which have/do not have a role associated which grants permissions to cloud resources.

Database Is/Is Not Read Replica

Identify whether or not a database instance is a read replica. This can be essential when looking to optimize based on database connections.

Access Rule Ports

This filter will allow customers to identify explicit port ranges. As an example, you can focus an Insight on all traffic that opens ports 0-65535.

Storage Container Is/Is Not Website

Find storage containers that have/have not been configured to serve as websites so they’re not being pulled as exposed to the world and help remove false positives.

Storage Container With/Without Lifecycle Policy

Filter to find storage containers that have lifecycle policies, e.g., archive objects older than X, in place. This helps with cost containment/control.

API Accounting Storage Container Whitelist

Find API Accounting Configuration resources such as AWS CloudTrail based on the bucket they do/do not feed into.

Resource Encrypted With Key

Identify resources which leverage encryption at rest based on the supplied key which is used to encrypt them.

Resource Encrypted With Default Key

Identify resources which leverage encryption at rest and are using the default provider encryption key(s)

Hypervisor NTP Client Enabled/Disabled (VMWare)

Identify VMWare Hypervisors that have enabled or disabled the Network Time Protocol client.

Developer/Administrator Notes

Important

For Amazon Web Service customers, the role/user policy associated with each connected account will need to be adjusted to include the permissions below. For customers leveraging read-only policies, there is no need to include the “cloudformation:DeleteStack” permission.

"cloudformation:DescribeStacks",
"cloudformation:DescribeStackResources",
"cloudformation:DeleteStack"

We have also removed the ability to leverage Hipchat as an integration (Atlassian is retiring the service and replacing it with Stride).