github aquasecurity/cloudsploit v3.4.0
on GitHub

latest releases: v3.9.0, v3.5.0
6 months ago

CloudSploit version 3.4.0 introduces the most latest version on 2024-04-25. The update includes new plugins for Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.

New Plugins

AWS

Bedrock

  • Custom Model Has Tags

CloudFormation

  • CloudFormation Deletion Policy In Use

Comprehend

  • Amazon Comprehend Flywheel In VPC

DynamoDB

  • DynamoDB Deletion Protection Enabled

Guard duty

  • GuardDuty RDS Protection Enabled

Lambda

  • Lambda Dead Letter Queue
  • Lambda Enhanced Monitoring Enabled
  • Lambda Code Signing Enabled

Route 53

  • Route 53 In Use

OpenSearch

  • OpenSearch Audit Logs Enabled

WorkSpaces

  • WorkSpaces Healthy Instances

Azure

Automation Account

  • Automation Account Approved Certificates Only

Container Apps

  • Container Apps Authentication Enabled
  • Container Apps External Network Access
  • Container Apps Managed Identity
  • Container Apps Authentication Enabled

Cosmos DB

  • Cosmos DB Diagnostic Logs
  • Cosmos DB Managed Identity

DataBricks

  • Databricks Workspace DBFS Infrastructure Encryption
  • Databricks Workspace Managed Services CMK Encrypted
  • Databricks Workspace Diagnostic Logs
  • Databricks Workspace Secure Cluster

Event Grid

  • Event Grid Domain Diagnostic Logs
  • Event Grid Domain Minimum TLS Version
  • Event Grid Domain Local Authentication Disabled
  • Event Grid Domain Managed Identity

Event Hub

  • Event Hubs Namespace CMK Encrypted

PostgreSQL Server

  • PostgreSQL Flexible Server Connection Throttling Enabled
  • PostgreSQL Flexible Server Log Disconnections Enabled

Hot fixes and enhancements

Aws

  1. Earlier the following plugins were generating unknowns for the regions in which Bedrock Custom model service was not available. Updated the plugin logic to produce pass results for those regions.
  • Custom Model Encryption Enabled
  • Custom Model In VPC
  • Private Custom Model

  1. RDS Public Subnets
    Fixed the bug for which the plugin was generating false negative results in case where the RDS instance was not connected to the
    public subnet.

  2. Instance Limit
    Earlier the plugin was checking the max instance limit provided by AWS. As of now max_limit attribute is no longer supported by AWS so added the setting for Max Instance Count from which users can set the desired value for max number of utilised instances in a region.

Azure

  1. SQL Databases Data Masking Enabled
    Updated the plugin logic to remove the unnecessary unknown form the results

  2. Updated the plugin info link for following plugins

  • Storage Account Queue Service Logging Enable
  • Storage Account Blob Service Logging Enable

Google

  1. Service Account Key Rotation
    Update the plugin to generate pass results if there is no user managed service account key found, earlier the plugin results were getting skipped if there was no user managed key found.
Check out latest releases or
releases around aquasecurity/cloudsploit v3.4.0

Don't miss a new cloudsploit release

NewReleases is sending notifications on new releases.

Get notifications