PaladinCloud/CE 2.0.0

on GitHub

Introducing Cognito

• We have moved out from default DB-based authentication and authorization to AWS Cognito.
• Now both Authentication and Authorization in the App are done through Cognito.
• We are working on user management using Cognito and the same would be released in the next release. Till then, users need to manage the users directly using Cognito service.
• We will update the wiki on how user management and Azure AD setup can be done using Cognito.
• As we are adding Cognito for the first time, existing users need to re-create their Paladin Cloud users in Cognito.
• Installation readme will be updated accordingly.

Policy Updates

• We have changed the nomenclature in the Paladin Cloud on how we manage the rules/policies. Earlier there were Rules and Policies in the system, now we have completely moved out from rules. Now We just have Policies. Documentation pages will be updated accordingly.
• Added 8 new policies across AWS and GCP
• Also updated Policy metadata of the major policies by reviewing their documentation, category, and severity.
• We are improving the wiki for the existing policies. This is an ongoing effort.

UI Updates

• New Policy Admin screen replaced the old Rules and Policy screen.
• Fixed bugs across the application

Installer Updates

• Added the required configurations to default.local.py for Cognito.
• Updated elastic search default shard size from 3 to 1 to improve the read performance. There will be no change for current users.
• Reduced the permissions needed for installing the Paladin Cloud further. Documentation will be updated in the coming days accordingly.
• Introduced a new configuration parameter in local.py for mandatory tags. Now users can define the mandatory tags before redeploying or installing.
  The same will be used across the UI to filter the assets and run the tagging policies.
• As the new configurations are added to default.local.py in this release, current users need to merge the new default.local.py with their existing local.py before redeploying.

What's Changed

• fix : wiki link and description by @AishwaryaKulkarni97 in #739
• chore:batch size by @rnithinpaladin in #740
• fix: aws securityhub comma issue in failed message by @akashpaladin in #738
• fix : duplicate policies removed, severity changed, name changed by @AishwaryaKulkarni97 in #742
• fix: sql fixes for cf_Target, cf_AssetGroupTargetDetails, cf_RuleInst… by @akashpaladin in #749
• Rules to policies conversion by @arunpaladin in #750
• fix: Updated no of shards in ES to 1 by @santhosh-challa in #752
• fix : wiki link corrected for function apps by @AishwaryaKulkarni97 in #736
• fix : resolving bad request error by @AishwaryaKulkarni97 in #747
• fix: modified graph to use linear scale with custom values on y-axis by @sidharthjain-zemoso in #746
• fix: Incorrect gcp application count by @dheerajkholia-paladin in #744
• fix: Missing asset details by @dheerajkholia-paladin in #760
• fix : set tags, resourceGroup name and subscription for gcp by @AishwaryaKulkarni97 in #756
• Feature- Authentication through AWS Cognito by @dheerajkholia-paladin in #759
• fix: aws policy category and display name changes by @akashpaladin in #761
• fix: aws policy url bug fixes by @akashpaladin in #748
• fix : set tags, resourceGroup name and subscription for azure by @AishwaryaKulkarni97 in #753
• fix: fixed policy details api issue and added isAutofixEnabled by @ranadheer-b in #758
• feat:Gcp loadbalancer https target proxy configured with default ssl policy instead of custom ssl policy by @shefalibisht1992 in #768
• fix:Multiple users for same email by @dheerajkholia-paladin in #763
• Fix/managed policy by @arunpaladin in #767
• fix: Mandatory tags from installer by @dheerajkholia-paladin in #765
• fix:removed space by @dheerajkholia-paladin in #770
• chore: componentized asset dashboard, fixed server side sorting by @sidharthjain-zemoso in #771
• feat : Gcp load balance quic protocol by @shefalibisht1992 in #745
• feat: Gcp cloud function policies by @shefalibisht1992 in #757
• fix: changed update query position from DB.sql to DB_policy.sql by @akashpaladin in #773
• fix: rework after removal of cf_policy by @AishwaryaKulkarni97 in #764
• Feat/aws ami and ec2 rule by @akashpaladin in #755
• fix:corrected description and wiki link for gcp policy by @AishwaryaKulkarni97 in #775
• feat: aws policy for checking key rotation enabled by @akashpaladin in #762
• fix:corrected wiki links by @AishwaryaKulkarni97 in #774
• chore:cognito_implemenation by @rnithinpaladin in #766
• fix: fixed few ui bugs by @sidharthjain-zemoso in #776
• chore:sql_fix by @rnithinpaladin in #778
• chore:lambda_file_upload_fix by @rnithinpaladin in #779
• fix: updated azure ad email id claim by @santhosh-challa in #769
• feat: updating and removing unwanted permissions from existing list by @akashpaladin in #777
• fix: aws rules related to s3 object level logging by @akashpaladin in #751
• fix: changed getPolicyId API endpoint by @ranadheer-b in #783
• chore:Cognito_bug_fix by @rnithinpaladin in #788
• bug:Reduce policy name size for overly permissive ingresss setting v2 by @shefalibisht1992 in #789
• chore:Cognito_creation_after_ES_creation by @rnithinpaladin in #792
• Fix-filter tags on asset and violation by @dheerajkholia-paladin in #800
• Chore/default local.py update by @rnithinpaladin in #796
• bug:V2-extra space character removal from db_Policy.sql file by @shefalibisht1992 in #802
• fix: bug fixes by @sidharthjain-zemoso in #804
• fix: fix sorting issue for column containing numbers by @sidharthjain-zemoso in #805
• fixed sorting arrow in violations by @sidharthjain-zemoso in #806
• fix: fixed filters for tags in violations and asset list by @sidharthjain-zemoso in #808
• bug:V2 policy audit updated by @shefalibisht1992 in #811
• Violations sorting by @ranadheer-b in #813
• fix:Policy dispaly name for AWS,Azure and Gcp by @kushZemoso in #814
• chore/creating_cognito_user_after_es_creation by @rnithinpaladin in #816
• fix: truncating the policy table to reflect the new changes by @santhosh-challa in #820
• Fix/recently viewed api by @ranadheer-b in #822
• fix: fixed tagging across target type widget, breadcrumbs in tagging by @sidharthjain-zemoso in #824
• fix: Filters on violation by @dheerajkholia-paladin in #828
• fix: fixed Account id sorting in asset list by @sidharthjain-zemoso in #827
• bug:V2-policy audit changes(sev and category) by @shefalibisht1992 in #834
• feat: adding new fields to user params in policies by @akashpaladin in #835
• bug : Wiki links updates of gcp and aws by @shefalibisht1992 in #841
• chore/cognito_azure_ad_configuration by @rnithinpaladin in #832
• feat: added client side filters for policy-knowledgebase, admin/polic… by @sidharthjain-zemoso in #840
• Fix/db policy entries by @kushZemoso in #842
• bug:build db error resolution by @shefalibisht1992 in #843
• bug : V2 policy desc changes by @shefalibisht1992 in #847
• fix:Removed Duplicate Entries in DB_Policy.sql by @kushZemoso in #849
• chore/client_id_n_client_secert_update by @rnithinpaladin in #850
• fix: removed compliance% and violation filters from dashboard list view by @sidharthjain-zemoso in #851
• fixed create and update asset groups API by @ranadheer-b in #852
• bug:policy description and wiki link changes uodate by @shefalibisht1992 in #853
• fix: create edit asset group by @sidharthjain-zemoso in #854

Full Changelog: 1.5.2...2.0.0