Policy/Rule Updates
- Added 19 new rules across the three clouds AWS, Azure and GCP
- Fixed the bugs with the existing policy metadata/documentation.
- We are improving the wiki for the existing rules. This is an ongoing effort.
UI Updates
- Added new violations table in the violations screen.
- Fixed bug in enabling/disabling rules.
- Added the version number of the app on the UI screen.
- Fixed other minor bugs across the application.
Infrastructure Updates
- Added ability to add more nodes for open search cluster via the installer. Now users can add more nodes to the cluster as per their workloads.
- Existing users must ensure to update their local.py configs from the new default.local.py file. This is needed for the redeploy to take the new configurations.
- Added ability to configure RDS master user name and password via the installer. We have changed the default username and password. So existing users would see the RDS instance being destroyed and recreated. As it stores only configurations required for the application, the same would be re-created with the upgrade process.
- Fixed an issue while adding HTTPS via the installer. This is raised in the community issues. Issue #479
What's Changed
- chore: sonarcloud update by @rnithinpaladin in #440
- Fix for rule enable-disable issue by @dheerajkholia-paladin in #439
- feat:VM instance should block project-wide SSH keys by @kushZemoso in #442
- fix: remove duplicate client id records by @arunpaladin in #445
- fix: cloud type in policy screen and other minor fixes by @sidharthjain-zemoso in #446
- feat: subnet mode should not be legacy by @AishwaryaKulkarni97 in #434
- feat: compute instances should be shielded by @AishwaryaKulkarni97 in #443
- feat:Added new aws policy to check public access rule configured in NACL by @amishavijayakumar08 in #447
- feat: enable os login at project level by @AnjaliMadhavi-Nakirikanti in #449
- changed workflow name by @rnithinpaladin in #456
- Feat/azure tls flexible server by @AishwaryaKulkarni97 in #454
- test: added missing tests for compliance dashboard by @ranadheer-b in #460
- Adding logs to debug the issue- broken screen violation by sev… by @dheerajkholia-paladin in #448
- feat:enable soft delete for blob storage account by @AnjaliMadhavi-Nakirikanti in #453
- feat: Disable User-Managed Service Account Key Creation by @AnjaliMadhavi-Nakirikanti in #462
- feat:Configure Minimum TLS Version in storage account by @kushZemoso in #421
- feat:Added new aws rule to check S3 buckets are encrypted by @amishavijayakumar08 in #464
- feat:Enforce rotation period of kms keys is within 90 days. by @kushZemoso in #465
- fix:Removed duplicate metadata from azure_rules.json by @kushZemoso in #469
- fix: fixed api calls in dashboard by @sidharthjain-zemoso in #470
- feat:Added aws rule checks S3 bucket policy to deny http by @amishavijayakumar08 in #466
- faet : Enforce Network Security Group Flow Log retention for more than 90 days by @AnjaliMadhavi-Nakirikanti in #463
- feat:Use BYOK for Activity Log Storage Container Encryption by @kushZemoso in #461
- fix: fixed data load issue in dashboard - follow up of api calls fix by @sidharthjain-zemoso in #474
- feat: Added new API to get the trend of daily assets count by @dheerajkholia-paladin in #467
- fix: Corrected number of account in statistic API by @dheerajkholia-paladin in #471
- feat:New AWS Policy to check RDS Auto Minor Version Upgrade by @amishavijayakumar08 in #473
- chore:rds_username and password can configured by user by @rnithinpaladin in #475
- feat: Added APIs to fetch data for severity and category filters by @ranadheer-b in #476
- Chore/rds configuration by @rnithinpaladin in #477
- feat:Enable TDE for sql database by @kushZemoso in #472
- chore:elasticsearch adding extra node and enabled master node by @rnithinpaladin in #483
- feat:Added a new policy for VMInstance. by @kushZemoso in #481
- chore/configured version number in rds by @rnithinpaladin in #485
- fix: Corrected asset count trend API to return all-time data by default by @dheerajkholia-paladin in #484
- Include mandatory categories in the diagnostics setting by @AishwaryaKulkarni97 in #486
- feat:backend api for average age by @AnjaliMadhavi-Nakirikanti in #482
- enabled Vulnerability for VulnerabilityALBHttpsListenerRule by @rnithinpaladin in #488
- feat: Added version controller that gives current released version va… by @kushZemoso in #489
- feat: replaced violations table with new table by @sidharthjain-zemoso in #490
- Fix/violations screen by @sidharthjain-zemoso in #502
- feat: added release version in UI by @ranadheer-b in #503
- fix: Correcting count of accounts in statistics API by @dheerajkholia-paladin in #512
- fix: fixed attribute value fix in create asset group page by @ranadheer-b in #518
- fix: list state by @sidharthjain-zemoso in #521
Full Changelog: 1.3.0...1.4.0