21.7.8 Release Notes

InsightCloudSec Software Release Notice - 21.7.8 Minor Release (01/12/2022)

📘

Latest Release

Our latest Minor Release 21.7.8 is available for hosted customers on Wednesday, January 12, 2022. Availability for self-hosted customers is Thursday, January 13, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

Release Highlights (21.7.8)

InsightCloudSec is pleased to announce Minor Release 21.7.8. This minor release is our first release of 2022 and offers a variety of updates around existing features and the resolution of several bugs. This release includes new Jinja2 capabilities, expansion of our EDH support, and two helpful updates to our UI: displaying User Creation Date information and adding the Account ID to our Exemptions capability in both the UI and export. Release 21.7.8 also provides support for the new AWS region in Jakarta (ap-southeast-3), five new query filters, and three bug fixes.

In addition, for our Cloud IAM Governance module, we have details around enablement of the Access Explorer for AWS GovCloud, IAM Cache build support for analyzing more resource types, (including Security Groups), support for equivalency in regions in ARNs, as well as eight bug fixes.

Contact us through the new unified Customer Support Portal with any questions.

Features & Enhancements (21.7.8 )

MULTI-CLOUD/GENERAL

  • Added a new time-related Jinja2 capability. In addition to event.get_date() and event.get_timestamp(), we now have event.get_unix_epoch_timestamp(), which returns the number of seconds since January 1st, 1970 in UTC. This Jinja2 can be useful when making date-related comparisons. You can read more about this Jinja2 capability here. [ENG-12514]
  • Expanded the Sumo Logic integration to support feeding API activity information into the product. This ensures our SIEM capabilities are consistent across Splunk, InsightIDR, and Sumo Logic. [ENG-12380]
  • Updated the API endpoint for retrieving the exemptions that are associated with a particular Insight to require the Insight entitlement. [ENG-12068]
  • Added the Insight ID to the deletion modal. The Insight ID is unique, unlike Insight Names, which will help clarify the Insight being deleted. [ENG-11981]
  • Added a new Jinja2 getter to work with query filter Transfer Server User Credential Threshold, allowing the filter to also identify the specific users that have expired credentials (or credentials older than a given threshold). You can read more about this Jinja2 addition here. [ENG-12632]

User Interface Changes (21.7.8 )

  • We now expose the User Creation Date in the UI. Previously we added a "Date Created" field for all users, and we were silently filling in the value for newly-created users, leaving the existing users blank. This change will backfill the "Date Created" field for all users and admin users and display it in the UI and the downloadable CSV file. [ENG-8188, ENG-11738]
  • Added Account ID to the Exemptions UI and to the downloadable CSV file. Account ID provides a unique means to find accounts, which can be necessary when more readable Account names don't suffice. [ENG-12642]

Resources (21.7.8 )

AWS

  • Added the following two properties to our AWS Lambda harvest [ENG-12640]:
    • "code_sha256" - The SHA256 hash of the function's deployment package
    • "revision_id" - The latest updated revision of the function or alias
  • Expanded our EDH coverage to capture MSKv1, updated the data model to include the new publicly accessible property (with a new query filter, Stream Instance Configured With Public Access Enabled) and updated the query filter Stream Instance Logging Destination Not Enabled to support multiple logging configurations. Events: 'UpdateBrokerCount', 'UpdateBrokerStorage', 'UpdateBrokerType', 'UpdateClusterKafkaVersion', 'UpdateConnectivity', 'UpdateMonitoring', and 'UpdateSecurity'. [ENG-12497]
  • Added support for the new AWS region in Jakarta (ap-southeast-3). [ENG-12360]

MULTI-CLOUD/GENERAL

  • Added Container Image information to Container properties. Now you can see the digest for the Image associated with the Container. [ENG-12619]

Insights (21.7.8 )

AWS

  • Insight Name: Resource does not Support TLS 1.2 - New Insight identifies multiple resource types that are not using the most up-to-date version of TLS. This Insight supports the following Clouds: Azure ARM/China/Gov and AWS/China/GovCloud. This Insight applies to the following resources: DATABASE_INSTANCE, ELASTICSEARCH_INSTANCE, REST_API_DOMAIN, STORAGE_ACCOUNT, and WEB_APP. [ENG-12393]
  • We have updated the remediation information for our Insight Big Data Instance Does Not Require SSL to include explicit Bot remediation. Further, we support updating the Big Data Instance's parameter group to require either SSL or FIPS SSL, which is a federal standard required by some regulatory bodies. [ENG-11290]

Query Filters (21.7.8 )

AWS

  • Stream Instance Configured With Public Access Enabled - This new filter identifies stream instance resources with the publicly accessible capability enabled. Supports the expanded coverage for AWS MSKv1. [ENG-12497]

  • Stream Instance Logging Destination Not Enabled - This query filter was updated to support multiple logging configurations as part of our expanded EDH coverage to capture MSKv1. [ENG-12497]

  • Added several filters that will help surface potential exposures related to Transcription Jobs [ENG-11957]:

    • Transcription Job Uses Storage Container Trusting Unknown Account (AWS)
    • Transcription Job Uses Storage Container Without Encryption (AWS)
    • Transcription Job Uses Storage Container Using Default Encryption (AWS)
    • Transcription Job Uses Storage Container In Different Account (AWS)

Bot Actions (21.7.8 )

AWS

  • Added the remediation action (bot and direct) to update (Disable or Enable) property "Auto Accept Attachments", a property added in release 21.7.4, to Transit Gateways. [ENG-12165]

Bug Fixes (21.7.8 )

  • [ENG-12356] Fixed bug for IaC missing properties in CFT templates containing Amazon MQ resources that caused false failures.
  • [ENG-11246] Fixed an issue with the query filter Instance Without Defined Backup Policy.
  • [ENG-9916] Fixed problem with StorageContainer.get_encrypted_status() not accounting for values being a list rather than a single value.

Cloud IAM Governance (Access Explorer) - 21.7.8 Minor Release (01/12/2022)

👍

The following updates are related to enhancements and bug fixes for our Cloud IAM Governance (Access Explorer) capabilities.

Contact us at Customer Support Portal with any questions.

Cloud IAM Governance Features & Enhancements (21.7.8 )

  • Implemented IAM Cache build support for analyzing more resource types, including Security Groups. [ENG-12294]
  • Accelerated loading of the Principals tab within the Access Explorer. [ENG-12290]
  • Enabled the Access Explorer for AWS GovCloud. [ENG-12232]
  • Added support for equivalency in regions in ARNs. [ENG-12170]
  • Added feature to skip over policies with invalid ARNs. [ENG-12310]
  • Added support for resource policies with StringEquals: { aws:PrincipalAccount: } conditions. [ENG-4282]

Cloud IAM Governance Bug Fixes (21.7.8 )

  • [ENG-12094] Fixed invalid generated Swagger issue; Swagger documentation located at http://<your_install_url>/swagger should once again be returning a valid swagger spec.
  • [ENG-11961] Fixed bug for principals with multiple types of max boundary policies (combination of SCPs and PBs).
  • [ENG-11935] Fixed bug related to trust summary.
  • [ENG-11929] Resolved Grid content discrepancy where Access Explorer grids (Applications, Resources, Principals) showed incorrect data when drop-down options were selected.
  • [ENG-10896] Fixed bug in evaluating policy conditions with stars.
  • [ENG-10637] Fixed bug in ARN comparison logic.
  • [ENG-10636] Fixed bug in ARN parsing logic.
  • [ENG-11630] Fixed bug for principal in multiple groups.