Cloud Security Posture Management (CSPM)
CloudSploit version 3.4.0 introduces the most latest version on 2024-04-25. The update includes new plugins for Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.
Bedrock
CloudFormation
Comprehend
DynamoDB
Guard duty
Lambda
Route 53
OpenSearch
WorkSpaces
Automation Account
Container Apps
Cosmos DB
DataBricks
Event Grid
Event Hub
PostgreSQL Server
RDS Public Subnets Fixed the bug for which the plugin was generating false negative results in case where the RDS instance was not connected to the public subnet.
Instance Limit Earlier the plugin was checking the max instance limit provided by AWS. As of now max_limit attribute is no longer supported by AWS so added the setting for Max Instance Count from which users can set the desired value for max number of utilised instances in a region.
SQL Databases Data Masking Enabled Updated the plugin logic to remove the unnecessary unknown form the results
Updated the plugin info link for following plugins
CloudSploit version 3.3.0 introduces the most latest version on 2024-03-25. The update includes severities added for all clouds plugins, new regions of AWS and Azure clouds and new category plugins for Azure Open AI Service and Vertex AI Service for GCP , category change of AWS Services to 'AI &ML' and title and description change of AWS and Azure plugins. Along with this there are new plugins for existing services of Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.
Added severities for all plugins of following clouds:
Severities were assigned based on careful analysis of services, taking into account compliance rules, thorough documentation review, addressing customer complaints, and incorporating their suggestions.This approach ensures accurate representation of the impact and importance of each plugin and service across AWS, Azure, GCP, Oracle, Alibaba, and GitHub platforms, aligning with compliance standards.
AWS Added support for the following regions:
Azure Added support for the following regions:
AWS Changed category of the following AWS services to AI and ML:
Changed the title, description, and output messages for the following plugins:
AWS
Azure
CodeStar
App Service
Application Gateway
App Configurations
Automation Account
Bastion
Blob Service
Container Registry
Defender
Event Hub
Front Door
Key Vaults
Kubernetes Services
Load Balancer
Monitor
Network Security Groups
Open AI
PostgreSQL Server
Redis Cache
Service Bus
SQL Databases
SQL Server
Virtual Machines
Virtual Machines Scale Sets
Virtual Networks
Vertex AI
As per AWS document, AWS now provides the SSE to all bucket objects by default. Previously, the following plugins were failing in case SSE was not enabled on s3. However, the logic of the following plugins are modified to produce pass result by default when checking for server side encryption:
Open RFC 1918 Updated the output message of plugin so it provides a more accurate description when RFC IP ranges are utilized.
EKS Kubernetes Version Modified the depreciation date for following eks versions. 1.23, 1.24, and 1.27.
Lambda Old Runtimes Modified the deprecation date for following runtime environments, Node.js 16, Go 1, Java 8.
SES Email Messages Encrypted Added logic to exclude regions that don't have SES enabled.
VM Security Type Previously, the plugin was checking for only trusted launch type configured, added the setting to the check desired security type for Azure virtual machines.
No Network Gateways In Use Previously, the plugin was checking for only network gateway in use. Added the Virtual Network Gateway Type setting with empty default value. The setting can be used to the check for desired type for network gateways in use.
Added setting Ignore Internal Load Balancers in plugins with default value set to false. When set to true the plugin ignores internal load balancers.
CloudSploit version 3.2.0 introduces the most latest version on 2023-12-08. The update includes new category plugins for Azure Media Services and Service Bus for Azure. And new category plugins for Bedrock for AWS. Along with this there are new plugins for existing services of Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.
Bedrock
Application Gateway
Front Door
Media Services
PostgreSQL Server
Redis Cache
Service Bus
SQL Databases
SQL Server
Virtual Machines
CloudSploit version 3.1.0 introduces the most latest version on 2023-09-06. The update brings new plugins for Azure, AWS, and GCP along with the hotfixes and enhancements in the existing plugins. The details are as follows.
Azure Log Profile Retention Policy
CloudSploit version 3.0.0 introduces the most latest version on 2023-08-10. Version 3.0.0 introduced a number of changes from the v.2.0.0, including the change in the number of plugins for each cloud, and introducing Alibaba Cloud
Version 3.0.0 introduces the scanning of Alibaba Cloud. To run it locally you would need to replace the config for Alibaba .
After replacing the credentials for alibaba, copy the credentials in config.js file cp config_example.js config.js
To run the alibaba plugins run the following ./index.js --config=./config.js
The following summarizes the changes in plugins The updates in plugin configurations for various cloud providers are as follows:
- AWS Plugins added: 379 Total plugins now: 550
- Azure Plugins added: 155 Total plugins now: 286
- GitHub No new plugins added. Total plugins remain: 10
- Oracle Plugins added: 34 Total plugins now: 99
- Google Plugins added: 162 Total plugins now: 250
CloudSploit version 2.0.0 introduced a number of changes from the original CloudSploit release, designed to make running CloudSploit easier in multiple environment types, including command line and CI/CD systems.
argparse
library to enhance CLI option supporttty-table
library for pretty-print CLI output of results. This is now the default output, but it can be changed to text-only via the --console=text
flag.config.js
file for storing cloud provider configuration options, making it easier to run CloudSploit against multiple accounts by passing the --config
flag.compliance
property.exports.js
file by passing the flag --plugin pluginName
.Please see the Upgrade Guide if you are moving from < 2.0.0 to 2.0.0.