PaladinCloud/CE 1.5.0

on GitHub

Policy/Rule Updates

• Added 21 new policies across the three clouds AWS, Azure, and GCP
• Fixed the bugs with the existing policy metadata/documentation.
• We are improving the wiki for the existing rules. This is an ongoing effort.

UI Updates

• Added new Asset Distribution Screen.
• Modified the dashboard violation tails to include more metadata.
• Fixed other bugs across the application

Other Changes:

• We have removed the Azure Policy Definitions and Policy Evaluations from assets. So existing users will be seeing Azure assets going down post-upgrade. We will be working on a feature to represent these in a better way in the coming releases.

Known Issues

• We are testing 2 AWS and 1 Azure policy which we have added in this release. They may not be fully functional yet. We will update then in the upcoming release if necessary.

What's Changed

• feat : Enable Cloud Asset Inventory by @AnjaliMadhavi-Nakirikanti in #495
• Deny admin Privileges to service accounts by @AishwaryaKulkarni97 in #493
• feat: added current version in Ui by @ranadheer-b in #498
• fix: fixed data fetch issue and other minor bugs by @sidharthjain-zemoso in #501
• feat: enable active directory on app services by @AishwaryaKulkarni97 in #497
• feat: Deny usage of service accounts with full cloud API access by @AishwaryaKulkarni97 in #504
• feat: added new aws rule to check root user account access key by @amishavijayakumar08 in #496
• fix:Collector and rule. by @kushZemoso in #507
• fix: Correcting count of accounts in statistics API by @dheerajkholia-paladin in #511
• feat:Deny usage of default service accounts for instances by @AnjaliMadhavi-Nakirikanti in #506
• feat:Policy to check enable mfa delete on s3 bucket by @amishavijayakumar08 in #508
• feat:Added a new policy for DiskEncryption. by @kushZemoso in #505
• Fix: Disabling qualys collector and rules when its disabled from installer by @dheerajkholia-paladin in #510
• feat: added exempted assets count Api by @ranadheer-b in #514
• fix: fixed dropdown bug in create asset group page by @ranadheer-b in #517
• feat: added api for distribution by severity by @sidharthjain-zemoso in #516
• fix:kms_key rule by @kushZemoso in #522
• fix: list state by @sidharthjain-zemoso in #519
• feat: generalised rule for cloud sql db flags by @AishwaryaKulkarni97 in #523
• feat:Policy to check log file validation enabled on CloudTrail by @akashpaladin in #526
• feat:This rule checks if skip_show_database flag for MYSQL db is enab… by @kushZemoso in #527
• feat: AWS DataCollector for CloudWatch log and CloudWatch alarm by @arunpaladin in #528
• updated default values for es by @rnithinpaladin in #525
• feat: enable log connection for postgres rule by @AishwaryaKulkarni97 in #530
• feat:Policy to check CloudTrail logs are encrypted using KMS by @akashpaladin in #535
• feat: Ensure log_hostname db flag is enabled for postgres clould sql by @raviteja-mandala in #534
• feat:enable log disconnection for postgres rule by @kushZemoso in #536
• Feat/key expiration date by @AishwaryaKulkarni97 in #538
• chore/external_alb_need_https by @rnithinpaladin in #539
• feat: Disable Log_min_duration_statement Database Flag for PostgreSQL Instance by @AnjaliMadhavi-Nakirikanti in #537
• feat : Enable Confidential Computing for Compute Instance by @AnjaliMadhavi-Nakirikanti in #515
• docs: Added files via upload by @MonikaSharmaZemoso in #544
• Feat/enforce sql server user connections db flag to non limiting by @AnjaliMadhavi-Nakirikanti in #531
• fix:modified date formats by @ranadheer-b in #545
• feat: Added ECS Cluster service to data collector by @arunpaladin in #546
• Add files via upload by @MonikaSharmaZemoso in #548
• Feat/secret expiration date by @AishwaryaKulkarni97 in #543
• feat:Configure log_min_error_statement Flag for PostgreSQL Database I… by @kushZemoso in #542
• feat: Policy to check whether 'All users with following rules' is set… by @raviteja-mandala in #549
• feat: added asset trend graph, modified tiles, replaced table with ne… by @sidharthjain-zemoso in #550
• fix : fix for audit log api by @AnjaliMadhavi-Nakirikanti in #553
• Revert "chore/external_alb_need_https" by @rnithinpaladin in #556
• feat: remove user options db flag for sql server by @AishwaryaKulkarni97 in #552
• feat: Added new asset summary screen by @sidharthjain-zemoso in #557
• fix: Modified existing SQL Query by @arunpaladin in #555
• fix: Completed p0 tasks and fixed style related bugs in dashboard and asset-summary by @sidharthjain-zemoso in #565
• feat: Added Asset Distribution Screen by @ranadheer-b in #566
• chore: updated version by @santhosh-challa in #571
• fix: removed quotes for user options for release branch by @AishwaryaKulkarni97 in #575
• fix: Asset API correction by @dheerajkholia-paladin in #576
• refactor: description and policy name changes by @raviteja-mandala in #580
• fix: added asset group for exception and audit by @ranadheer-b in #581
• Fix: Asset group update failure by @dheerajkholia-paladin in #582
• Fix/audit log issue v1.5.0 by @AnjaliMadhavi-Nakirikanti in #569
• Fix/log min error flag by @kushZemoso in #585
• fix: fixed ui inconsistencies by @sidharthjain-zemoso in #588
• removed google anaytics by @rnithinpaladin in #590
• Fix/bug fixes v1.5.0 by @ranadheer-b in #591
• updated sql query to disable unused target type by @arunpaladin in #594
• added config_url to rule_engine rules by @rnithinpaladin in #596
• fix:esurl by @kushZemoso in #598
• Fix/bug fixes by @ranadheer-b in #600
• fixed audit log bug by @ranadheer-b in #602

New Contributors

• @MonikaSharmaZemoso made their first contribution in #544

Full Changelog: 1.4.0...1.5.0