22.3.3 Release Notes

InsightCloudSec Software Release Notice - 22.3.3 Minor Release (05/18/2022)

📘

Our latest Minor Release 22.3.3 is available for hosted customers on Wednesday, May 18, 2022. Availability for self-hosted customers is Thursday, May 19, 2022. If you’re interested in learning more about becoming a hosted customer, reach out through our Customer Support Portal.

Release Highlights (22.3.3)

InsightCloudSec is pleased to announce Minor Release 22.3.3. This Minor release includes added support for Azure Virtual Network Gateways with a corresponding update to the Public IP Orphaned Query Filter, and updates to EDH support for AWS Athena Workgroup. We’ve improved loading times for Insight results with large quantities of Insight Exemptions, added a new Jinja getter for Public IP resources, and applied updates to two API endpoints (group entitlements and create API only user). In addition, 22.3.3 includes ten bug fixes.

Contact us through the new unified Customer Support Portal with any questions.

📘

Azure Customers - Microsoft Graph API

Customers using Azure AD will need to ensure they have Microsoft Graph API and the permission 'Directory.Read.All' configured to support all Azure AD-related behaviors. Documentation on setup is available on our main Configuring Microsoft Azure page and our Azure Organizations page [ENG-15556]

New Permissions Required (22.3.3)

🚧

New Permission(s) Required:AZURE

For Azure Standard “Reader” User Role:
"Microsoft.Network/virtualNetworkGateways/read"

Note: "Microsoft.Network/virtualNetworkGateways/read" supports added visibility for Azure Virtual Private Gateways. [ENG-16334]

Features & Enhancements (22.3.3)

GCP

  • GCP User-Managed access keys are now shown to differentiate from customer-created keys. [ENG-15586]

AZURE

  • Updated InsightCloudSec to use dynamic harvesting for Azure to address Azure architecture issues that were causing rate limiting. [ENG-16441]

MULTI-CLOUD/GENERAL

  • Improved load times when viewing Insight Results with an Insight that has hundreds/thousands of Insight Exemptions. [ENG-16309]

  • Added a new Jinja getter resource.get_attached_instance_name() that can be used on Public IP resources to pull the name of the attached compute (EC2) instance/NAT gateway. [ENG-16296]

  • Enhanced the set entitlements endpoint so it returns the complete group entitlements. [ENG-9510]

  • We have added support for processing the event AddTagsToResource and RemoveTagsToResource locally for Storage Gateways so that updates are reflected locally without the need for harvesting. [ENG-15945]

  • Updated /v2/public/user/create_api_only_user with an optional field called "expiration_date". The expiration date needs to be sent if the console setting for max API Key age is configured. [ENG-16286]

  • Updated InsightCloudSec to display a visual representation of the filters in the (Container) Vulnerability Assessment view. [ENG-15592]

Resources (22.3.3)

AWS

  • Added EDH support for AWS Athena Workgroup, including the following events: CreateWorkGroup, DeleteWorkGroup and UpdateWorkGroup. [ENG-16329]

AZURE

  • Added visibility and support for Azure Virtual Network Gateways. Updated Query Filter Public IP Orphaned to take attachments to the Azure Virtual Network Gateway into consideration. (Resource is found under Network category, Virtual Private Gateway resource type.)

    • New permissions required: “Microsoft.Network/virtualNetworkGateways/read”. [ENG-16334, ENG-16333]
  • Added tag functionality and delete functionality to Azure Traffic Manager. [ENG-16392]

Bug Fixes (22.3.3)

  • [ENG-16333] Fixed a bug with the filter Public IP Orphaned to take attachments to Azure Virtual Network Gateways into consideration.

  • [ENG-16304] Fixed a bug where the resource type Query Filter did not include Cloud Advisor Check as a resource type.

  • [ENG-16028] Fixed an issue that would prevent plugins from loading properly if the worker and scheduler restarted at the same time.

  • [ENG-16452] Fixed an edge case that prevented harvesting of Azure Network Firewalls which don't have the threat intelligence capability enabled.

  • [ENG-16451] Fixed a bug that prevented harvesting of GCP Autoscaling Groups.

  • [ENG-16430] Removed incorrectly duplicated global Insight packs.

  • [ENG-16411] Fixed a bug that prevented on-demand resizing of AWS compute instances.

  • [ENG-16393] Updated the Insight Resource Orphaned to include cloud filtering when it calls through to the appropriate filter. This update ensures that we aren't leaking results for unsupported cloud types.

  • [ENG-16374] Fixed an issue when building exemptions from the report card and using the "select all" button.

  • [ENG-15914] The IacReaperProcessor was identified as having potentially extremely long transaction locks on the database. This bugfix reduced the frequency of reaper runs and split the large UPDATE transaction into multiple, row-level ones.