What is released as a part of 2.0

Starting with Release 2.0, PacBot supports Multi Cloud Compliance (AWS & Azure). This enables us to see AWS & Azure Compliance in single place.

PacBot still runs on AWS Infrastructure, but now has the capability to collect data from AWS & Azure. Users can see security-center/policy-compliance and custom polices in PacBot.

PacBot collects data for 25+ Azure Services, including computing, storage, databases, networking and Security Center services.

PacBot supports the following dashboards for visualizing Azure data

• Azure Compliance Overview
• Asset Overview
• Asset Listing
• Asset 360 view
• Tagging
• Policy Knowledgebase
• Compliance Details
• Omni Search

Azure Policies

50+ Azure policies are now included with PacBot. Details of these policies can be found here.

Installation Steps

PacBot utilizes Service Principals to enable Azure data collection. A Service Principal must be provisioned in each tenant to have read access to the services in subscriptions to be monitored.

To enable Azure Compliance in PacBot, configure the client ID and secret ID of the service principal in each tenant as follows:

• Step1: Set ENABLE_AZURE = True in local.py
• Sep2: Add Azure tenants as shown below AZURE_TENANTS = [ { 'tenantId': "t111", 'clientId': "c111", 'secretId': "s111" }, { 'tenantId': "t222", 'clientId': "c222", 'secretId': "s222" }, ]

Additional Features

• Upgraded to latest Terraform version(0.12) for PacBot installer.
• Silent option to install PacBot without interactive input.
  1. User can now omit reading input from console by preconfiguring inputs in the local.py script.
  2. During install/destroy/redeploy, give optional parameter --silent to install silently.

Issues Closed:

https://github.com/tmobile/pacbot/issues/255 https://github.com/tmobile/pacbot/issues/252

What is released as a part of 1.6.1

Vulnerability Management Job Configuration Fix

Default job frequency for vulnerability management is changed to once per day, this is to limit the compute required to process the data multiple times in a day, as the data change frequency is low.

What is released as a part of 1.6

Vulnerability Management

Organizations around the world use the Internet as an important global resource. However, connecting with the Internet leaves your company network exposed to many threats. It's time to bring your business up-to-date on the definition of good vulnerability management.

PacBot pulls data from Qualys and generates dashboards for the following vulnerability reports: • Vulnerabilities Compliance trend • Vulnerabilities Summary by Severity (S3/S4/S5) • Average Aging By Severity • Trend of Total And Compliant Assets

Auto-fixes Added

Details of new policy Autofixes can be found here.

New Policies Added

Details of new policies can be found here.

Installer Changes

The Vulnerability Management feature has been introduced as optional service. Follow the steps below to enable it: • Update local.py file with value 'True' for ENABLE_VULNERABILITY_FEATURE setting. • Update QUALYS_API_URL and QUALYS_INFO with the appropriate values. • Run 'sudo python3 redeploy' to enable this feature if PacBot is already installed, or 'sudo python3 install' for a new installation.

Issues Closed:

https://github.com/tmobile/pacbot/issues/274 https://github.com/tmobile/pacbot/issues/276
https://github.com/tmobile/pacbot/issues/270

What is released as a part of 1.5

Added provision to add custom resource tags to PacBot resources in AWS:

User can modify local.py settings file and can add required tags to the setting variable, CUSTOM_RESOURCE_TAGS.

Recommendations

The Recommendations screen displays data from AWS Trusted Advisor for AWS assets in the areas of Cost Optimization, Performance, Security and Fault Tolerance.

Health Notifications

The Health Notifications screen displays data from the AWS Personal Health Dashboard for AWS assets as well as Autofixes. These notifications can be specific to a single asset, for multiple assets or for the account overall. Autofix notification details show the timeline of the plan to address the discovered issue, from the first email sent when the issue is discovered to the application of the fix.

Copy feature

Ability to easily copy text such as asset IDs and policy IDs by clicking on the 'copy' icon wherever it appears.

Installation using instance role

In this release, we added the ability to install PacBot using instance roles. Users now have the option to install PacBot using the instance role from the location the installer runs, in addition to the previously existing access key and secret-based installations.

Autofixes

RDS database endpoints should not be publicly accessible.

• User can choose to automatically fix publicly accessible RDS DB.

Elasticsearch endpoint should not be open to internet.

• User can choose to automatically fix publicly accessible Elasticsearch.

Security groups should not be in unused state.

• User can choose to automatically fix the unused Security Groups which are only created by PacBot as part of other public access Autofix.

Details of the available auto remediations can be found here.

Details on how to write an auto remediation can be found here.

New policies added:

Details of new policies can be found here.

Installation details for these new features can be found here.

Issue Closed:

https://github.com/tmobile/pacbot/issues/255 https://github.com/tmobile/pacbot/issues/252

What is released as a part of 1.4

Configuration Management

• All PacBot configuration can now be managed using an administrative screen. This provides a way to change PacBot configuration while maintaining a history of changes. More details are available here.

Customizable mandatory tags

• You can now define your own mandatory tags for tagging compliance. Mandatory tags can be defined in the system configuration, and will be used while evaluating the tagging compliance as well as while rendering the reports.

Autofixes (Automatic Remediations)

• Publicly exposed Application ELB auto fix User can choose to automatically fix publicly accessible Application ELB.
• Publicly exposed Classic ELB auto fix User can choose to automatically fix publicly accessible Classic ELB.
• Publicly exposed Redshift auto fix User can choose to automatically fix publicly accessible Redshift.

Details of the available Autofixes can be found here.

Details of how to write Autofixes can be found here.

11 new policies added

Details of the new policies can be found here.

Bug fixes:

https://github.com/tmobile/pacbot/issues/165

Thanks to @Braavos96 for https://github.com/tmobile/pacbot/pull/218

What is released as a part of 1.3

Auto Remediation

• Open S3 bucket auto fix User can choose to automatically fix publicly accessible S3 buckets.
• Publicly exposed EC2 instance auto fix User can choose to automatically fix publicly accessible EC2 instances. Details of the available auto remediations can be found here.

Option to enable SSL

ALB-terminated SSL option is now available and can be selected while installing PacBot.

Option to upgrade infrastructure

Infrastructure upgrade option is now available with upgrade command.

Stop all button added

One button to stop all PacBot inventory collection and rule scans.

New policies added

Details of new policies can be found here.

Bug fixes:

https://github.com/tmobile/pacbot/issues/179 https://github.com/tmobile/pacbot/issues/177 https://github.com/tmobile/pacbot/issues/171 https://github.com/tmobile/pacbot/issues/142

Thanks to @avinashKumar-11 and @sonawanesangram from T-Systems for b4bf2cb and 04388fb

What is released as a part of 1.2

New policies added

Details of newly released policies can be found here

Notification service enabled

Notification will allow users to send issue-details in a email. Details are available here

Redshift dependency removed

This will help reduce PacBot running cost.

Reduction in environment variables by moving the configuration to database

This will help managing the configuration using Admin console

Bug fixes:

https://github.com/tmobile/pacbot/issues/138 https://github.com/tmobile/pacbot/issues/122 https://github.com/tmobile/pacbot/issues/117 https://github.com/tmobile/pacbot/issues/53 https://github.com/tmobile/pacbot/issues/17 https://github.com/tmobile/pacbot/issues/16

What is released as a part of 1.1

50+ new rules added Details of newly released policies can be found here

Revamped installer with

• Installation time reduce to 15 minutes from 45 minutes earlier.
• Provision to redeploy and destroy.
• Automatic terraform script generation.
• Installation summary with application details by end of installation

Admin Features

• Ability to create new rules(Federated/Managed Rules)
• CRUD operations on rules
• On-demand rule invocation

Tagging Dashboard

• Tagging Dashboard gives you overview of the tagging compliance

Statistics Report – provides PacBot statistics which includes

• Total Policies enforced
• Total Policy evaluations
• Total Assets scanned
• Violations distribution by severity
• Total policies

Download Assets/Policy violations from PacBot

Bug fixes

https://github.com/tmobile/pacbot/issues/75 https://github.com/tmobile/pacbot/issues/70 https://github.com/tmobile/pacbot/issues/55 https://github.com/tmobile/pacbot/issues/54 https://github.com/tmobile/pacbot/issues/37 https://github.com/tmobile/pacbot/issues/34 https://github.com/tmobile/pacbot/issues/31

PacBot release 1.0

Modules - Cloud Discovery - Rule Engine - Managed Rules - Micro Services - UI