PaladinCloud/CE 1.5.1

on GitHub

Policy Updates

• Added 41 new policies across the three clouds AWS, Azure, and GCP
• Fixed the bugs with the existing policy metadata/documentation.
• We are improving the wiki for the existing rules. This is an ongoing effort.

UI Updates

• Fixed bugs across the application

Installer Changes:

• We have removed the AWS ReadOnlyAccess policy from the installer role. Instead, we have added individual service-level policies to the installer. Now, users do need to add the ReadOnlyAccess policy to the paladicloud_ro role. We will be updating the installer docs regarding the policies required to install the Paladin Cloud.
• We have fixed the issues in the Qualys connector. It is fully functional now. We will be adding the documentation on how to add the Qualys connector.
• Now users do not need to modify the existing security grp to make the app work. We have added the required inbound rules as part of the installer itself.
• We have corrected the minor variable names in the default.local.py file. Existing users will have to recreate the local.py in order to avoid redeploy issues.

What's Changed

• feat: Enable IP Forwarding for Compute Engine Instance by @AnjaliMadhavi-Nakirikanti in #529
• chore: updated version by @santhosh-challa in #570
• fix:Automated backups for cloudsql by @kushZemoso in #554
• fix: azure policies bug fixes by @AnjaliMadhavi-Nakirikanti in #541
• Fix/audit log issue by @AnjaliMadhavi-Nakirikanti in #568
• feat: Policy to Ensure CloudWatch log metric filter and alarm by @akashpaladin in #558
• feat: Enable 'cloudsql.enable_pgaudit' Flag for PostgreSQL Database I… by @kushZemoso in #547
• fix: added asset groups in query params for Exception and Audit API's by @ranadheer-b in #577
• refactor: description and policy name changes by @raviteja-mandala in #579
• fix: Asset group update failure by @dheerajkholia-paladin in #583
• fix:Rule params and changed equalsIgnoreCase instead of equals by @kushZemoso in #584
• feat: policy to check email is configured in ms defender email settings by @raviteja-mandala in #567
• Defender/email subscription admins by @AishwaryaKulkarni97 in #586
• fix: fixed ui inconsistencies by @sidharthjain-zemoso in #587
• removed google anaytics by @rnithinpaladin in #589
• Fix/target type with disable flag by @arunpaladin in #593
• added config_url to rule_engine rules by @rnithinpaladin in #595
• fix: fixed UI related bugs by @ranadheer-b in #592
• fix: removed quotes for user options by @AishwaryaKulkarni97 in #573
• fix:Os and Data disk are encypted using customer managed keys. by @kushZemoso in #597
• Fix/bug fix by @ranadheer-b in #599
• fix: syntax Issue in db file by @AnjaliMadhavi-Nakirikanti in #601
• fixed audit log bug by @ranadheer-b in #603
• chore: added violations column in compliance overview table in dashboard by @sidharthjain-zemoso in #604
• feat: Enable RBAC within Azure Kubernetes Services by @raviteja-mandala in #608
• fix:Root account hardware MFA check by @akashpaladin in #605
• Feat/gcp integrity monitoring by @AishwaryaKulkarni97 in #609
• fix: fixed admin policies by @sidharthjain-zemoso in #606
• fix: updated policy name and description by @raviteja-mandala in #614
• feat: Replaced asset details table by @sidharthjain-zemoso in #610
• feat: added event selector object to cloud trail data collector by @arunpaladin in #611
• fix: fixed violation details, asset list page bugs for arn resource Id by @ranadheer-b in #612
• feat : Enable Vulnerability Assessment Periodic Recurring Scans by @AnjaliMadhavi-Nakirikanti in #578
• Feature/enable node auto upgrade by @AnjaliMadhavi-Nakirikanti in #607
• fix: fixed breadcrumbs in admin screens and fixed few p0 items by @sidharthjain-zemoso in #616
• fix: addressed db file syntax error by @AnjaliMadhavi-Nakirikanti in #620
• fix:Policy to Ensure CloudWatch log metric filter and alarm by @akashpaladin in #619
• fix: fixed few bugs related to Exemptions and Asset Distribution by @ranadheer-b in #621
• feat: disable alpha clusters by @AishwaryaKulkarni97 in #622
• Feature/enable node auto repair by @kushZemoso in #613
• feat:Enable VPC Flow Logs and Intranode Visibility by @kushZemoso in #618
• fix: changed asset display names by @AnjaliMadhavi-Nakirikanti in #624
• feat: Ensure clusters are created with private nodes and private end … by @raviteja-mandala in #625
• fix: fix for azure keyvalut collector not collecting all keyvaults by @AnjaliMadhavi-Nakirikanti in #627
• fix: resolved syntax error in db.sql file by @AnjaliMadhavi-Nakirikanti in #632
• AzureAD mandatory properties name change in the DB by @arunpaladin in #628
• Feat/basic auth by @AishwaryaKulkarni97 in #629
• feat:Disable Legacy Authorization by @kushZemoso in #623
• feat: Enable_VPC_native_for_clusters by @AnjaliMadhavi-Nakirikanti in #615
• feat: Disable client certificate Authentication for GKE Cluster by @AnjaliMadhavi-Nakirikanti in #617
• chore: updated readme by @santhosh-challa in #636
• fix: fixed rules that were breaking policyViolationReason end point in compliance api by @sidharthjain-zemoso in #634
• feat: Policy to Ensure AWS Security hub is enabled by @akashpaladin in #635
• feat:Enable Auto-Provisioning of Log Analytics Agent by @kushZemoso in #631
• fix: changed styling of list view and other minor bug fixes by @sidharthjain-zemoso in #633
• feat: Policy to Ensure Object level logging is enabled for s3 buckets by @akashpaladin in #626
• fix: removing duplicate entries in UI by @AishwaryaKulkarni97 in #639
• fix: s3, s4, s5 qualys vulnerability rules fix by @raviteja-mandala in #646
• feat:Remove Custom Owner Roles by @kushZemoso in #638
• Feat/key rbac by @AishwaryaKulkarni97 in #640
• Bug fixes by @sidharthjain-zemoso in #647
• feat: Policies related to AWS K8 by @akashpaladin in #648
• fix: AWS Removed extra spaces by @akashpaladin in #651
• feat: Retention days should be greater than ninety by @AishwaryaKulkarni97 in #649
• Adding Images to new How to by @MonikaSharmaZemoso in #652
• Adding Images for new How to Document by @MonikaSharmaZemoso in #653
• Adding images for new document by @MonikaSharmaZemoso in #654
• fix: AWS Removed extra spaces by @akashpaladin in #656
• fix:AWS resolutionUrl bugfix by @akashpaladin in #650
• fix:ruleKey ,policyName,Description and wiki links for policies. by @kushZemoso in #658
• changed azure secert_id to secert value and http allowed only for int… by @rnithinpaladin in #655
• feat: Enable Cloud Logging and Monitoring by @AnjaliMadhavi-Nakirikanti in #637
• fix: Removed full read only access for AWS resources. by @arunpaladin in #657
• feat: Disable Kubernetes Web UI by @AnjaliMadhavi-Nakirikanti in #630
• "feat: added ResourceID link and Policy link to the email template" by @arunpaladin in #662
• fix: Modified Display Name of target type by @arunpaladin in #666
• chore ASG added inbound rule by @rnithinpaladin in #672
• fix: addressed azure and gcp bug fixes v1.5.1 by @AnjaliMadhavi-Nakirikanti in #676
• fix:Changed the minTlsVersion flag according to the collector by @kushZemoso in #678
• fix: emails was not getting populated by @AishwaryaKulkarni97 in #687
• fix:display qualys cve number and link in UI by @raviteja-mandala in #689
• fix: fixed navigation in asset distribution and modified violation de… by @sidharthjain-zemoso in #691
• fix: qualys data by @sidharthjain-zemoso in #695

Full Changelog: 1.5.0...1.5.1