PaladinCloud/CE 1.3.0

on GitHub

Policy/Rule Updates

• Added new policies across the three clouds AWS, Azure and GCP
• Fixed the bugs with the existing policy metadata/documentation.
• We are improving the WiKI with the existing rules. This is an ongoing effort.
• Added an Autofix for AWS to support unused security groups. Please refer to this wiki for details of enabling the same.

Using Azure AD

• Azure AD can now be used as an authentication mechanism over the default db-based authentication.
• We have tested this feature and it is fully functional. Please read the docs here to start using it.

UI Updates

• Fixed minor bugs across the application.

Infrastructure Updates

• Upgraded the instance types for our RDS and Elasticsearch services. This has been updated in the installer/settings/default.local.py file.
• If you are upgrading from earlier versions, please copy your existing local.py changes to the new default.local.py and create a new local.py file. This way all the latest changes from default.local.py would be copied over to local.py. This is required as your current local.py file was created based on the previous version of default.local.py
• Please log an issue in case of any other clarification is needed.
• Please read the WiKi for upgrade here.

Other Updates

• We have changed the way of adding new AWS client accounts into Paladin Cloud.
• Earlier the addition of AWS accounts to scan is a manual process and would need to redo the process for every upgrade.
• Now we have added the support of adding the accounts through the installer/redeploy process.
• Users need to provide the account id and names during the installation/redeploy process as below:

AWS_ACCOUNT_DETAILS = [
   {
       'accountId': "176332",
       'accountName': "baseAccount"
   },
   {
       'accountId': "2345",
       'accountName': "clientAccount1"
   },
   {
       'accountId': "234565",
       'accountName': "clientAccount2"
   }
]

• As a one-time process, existing users need to add their base account information (where Paladin Cloud is installed) along with their other accounts which Paladin already monitoring, in the local.py file as mentioned above before their redeploy process.
• Docs for adding the new AWS account to monitor are here.

Known Issues

• Below 3 new policies are still under development and have not been fully functional yet. We will be fixing them in the upcoming release.
  • Enable hardware MFA for the root account (AWS)
  • Enable Client certificates on WebApp (Azure)
  • Enable minimum TLS version 1.2 on WebApp (Azure)

What's Changed

• fix: addressed database syntax error by @AnjaliMadhavi-Nakirikanti in #395
• fix: GCP discovery issue by @dheerajkholia-paladin in #394
• fix: running the three cloud rules in parallel, instead of sequentially by @santhosh-challa in #398
• fix: remote access database flag by @AishwaryaKulkarni97 in #389
• JOB_SCHEDULE_INTERVAL by @rnithinpaladin in #406
• feat:Added new aws rule to check AWSSupportAccess role created by @amishavijayakumar08 in #400
• Feature/gcp public ip by @kushZemoso in #401
• fix:Changed whitelist to allowlist by @kushZemoso in #409
• fix: fixed asset details table data load when resourceId in violation… by @sidharthjain-zemoso in #410
• Feature/fix allowlist by @kushZemoso in #412
• feat:Added new aws rule to check hardware mfa is configured by @amishavijayakumar08 in #407
• updated common.py file with default AUTHENTICATION_TYPE by @rnithinpaladin in #417
• fix: 3625(trace flag) database flag by @AishwaryaKulkarni97 in #403
• fix:Support for multiple aws account names by @dheerajkholia-paladin in #413
• feat:Added new aws rule to check user policies are assigned through group by @amishavijayakumar08 in #420
• fix:Aws wiki link bug fixes by @amishavijayakumar08 in #422
• Enable delete protection for azure keyvaults by @AnjaliMadhavi-Nakirikanti in #402
• feat: Default Network should Not Exist in a Project by @AnjaliMadhavi-Nakirikanti in #419
• changes in displaying output by @rnithinpaladin in #424
• fix: fixed tiles and table data inconsistency in policy by @sidharthjain-zemoso in #425
• fix:aws policy wiki link and display name updates by @amishavijayakumar08 in #426
• newer instance type for rds and es by @rnithinpaladin in #427
• fix:Fixed accountname and region for Azure and GCP by @dheerajkholia-paladin in #428
• feat: Enforce cloud Sql for SSL certificate by @AnjaliMadhavi-Nakirikanti in #408
• feat: Deny Network Access Rule for Storage Accounts by @AnjaliMadhavi-Nakirikanti in #423
• fix: Correcting sql syntax by @dheerajkholia-paladin in #429
• Bug/gcp azure buxfix by @AnjaliMadhavi-Nakirikanti in #432
• fix:aws policy display name changes by @amishavijayakumar08 in #433
• feat:Enable Uniform Bucket level acess for cloud storage buckets. by @kushZemoso in #430
• fix: Fixed Refresh Token Expiry and Display EC2 Resources Attributes by @ranadheer-b in #390
• docs: updated reademe by @santhosh-challa in #435
• Fix/aws unused securitygroup autofix by @arunpaladin in #418
• fix: fixed admin dropdowns and tagging table related bugs by @ranadheer-b in #437
• fix:aws policy display name bug fixes by @amishavijayakumar08 in #436
• chore: sonarcloud update by @rnithinpaladin in #438
• chore:update sonorcloud by @rnithinpaladin in #441
• fix: remove duplicate client id records by @arunpaladin in #444
• Added debug logs by @dheerajkholia-paladin in #452

Full Changelog: 1.2.0...1.3.0