github aquasecurity/cloudsploit v3.2.0
on GitHub

latest releases: v3.4.0, v3.3.0
5 months ago

CloudSploit version 3.2.0 introduces the most latest version on 2023-12-08. The update includes new category plugins for Azure Media Services and Service Bus for Azure. And new category plugins for Bedrock for AWS. Along with this there are new plugins for existing services of Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.

New Plugins

AWS

Bedrock

  • Custom Model Encryption Enabled
  • Private Custom Model
  • Custom Model In VPC
  • Bedrock Model Invocation Logging Enabled

Azure

Application Gateway

  • Application Gateway SSL Policy
  • Application Gateway Security Logging
  • Application Gateway Request Body Inspection

Front Door

  • Front Door HTTPS only
  • Front Door Security Logging
  • Front Door Waf Enabled
  • Front Door WAF Bot Protection
  • Front Door Request Body Inspection
  • Front Door WAF Detection Mode
  • Front Door WAF Rate limit
  • Front Door Domain Managed DNS

Media Services

  • Media Services Public Access Disabled
  • Media Services Diagnostic Logs Enabled
  • Media Services Managed Identity Enabled
  • Media Services Storage Account Managed Identity
  • Media Services Classic API Disabled

PostgreSQL Server

  • PostgreSQL Flexible Server SCRAM Enabled
  • PostgreSQL Diagnostic Logging Enabled
  • PostgreSQL Minimum TLS Version
  • PostgreSQL Server Private Endpoints Configured
  • PostgreSQL Encryption At Rest with BYOK
  • PostgreSQL Flexible Server Services Access Disabled
  • PostgreSQL Flexible Server Diagnostic Logging

Redis Cache

  • Redis Cache Private Endpoint

Service Bus

  • Namespace Encryption At Rest with CMK
  • Namespace Minimum TLS Version
  • Namespace Local Authentication Disabled
  • Namespace Logging Enabled

SQL Databases

  • Transparent Data Encryption Enabled
  • Database Private Link Enabled
  • Ledger Automatic Digest Storage
  • Database Secure Enclaves Encryption Enabled
  • Database Ledger Enabled
  • SQL Databases Data Masking Enabled

SQL Server

  • Microsoft Support Operations Auditing Enabled
  • Server Outbound Networking Restricted

Virtual Machines

  • VM vTPM Enabled
  • VM Security Type
  • VM Secure Boot Enabled
  • VM Disks Deletion Config

Hot fixes and enhancements

Aws

  • All Open Ports Plugins
    Added settings to check for associated ENIs with open ports security groups. Enabling this setting produces fail result. if ENI is exposed to public.
  • S3 Bucket Has Tags
    Updated the plugin to produce the result on regional basis instead of global.
  • SSM Managed Instances
    Updated the plugin to produce pass results if the instance is not in running state.

Azure

  • Client Certificates Enabled
    When HTTP version 2.0 is enabled, client certificates are ignored by default from azure. Updated the plugin to only check for Client Certificates when HTTP2.0 is not enabled. In case of HTTP2.0 plugin produces pass result.
Check out latest releases or
releases around aquasecurity/cloudsploit v3.2.0

Don't miss a new cloudsploit release

NewReleases is sending notifications on new releases.

Get notifications