2022-11-07 New CSPM Plugin Release
On November 7, 2022, Aqua will release and activate the following new plugins. They can be tested ahead of time using the "Live Run" tool and optionally suppressed if required. If you have selected the "Suppress All New Plugins" option from the "Account Settings" page, then no action is required, and they will be pre-suppressed in your account prior to release.
Hot Fixes/Enhancements:
AWS
DocumentDB Cluster Encrypted
Fixed Bug where it was showing false positive alerts reporting on RDS resources.
DocumentDB Cluster Backup Retention
Fixed Bug where it was showing false positive alerts reporting on RDS resources.
EKS Kubernetes Version
Modified plugin implementation to reflect deprecated versions.
EKS Latest Platform Version
Modified plugin implementation to reflect the latest EKS Kubernetes versions.
Lambda Old Runtimes
Modified plugin implementation to reflect deprecated versions.
IAM Master Manager Role
Added settings to allow whitelisting roles with defined tag and its value.
IAM Role Last Used
Added settings to allow whitelisting roles with defined tag and its value.
IAM Role Policies
Added settings to allow whitelisting roles with defined tag and its value.
Role Policy Unused Services
Added settings to allow whitelisting roles with defined tag and its value.
SSH Keys Rotated
Fixed Bug where it was showing false positive alerts reporting users that do not utilise SSH keys.
Azure
Key Vault In Use
Made a small modification in plugin logic to only produce UNKNOWN result when both 'getKeys' and 'getSecrets' API calls are failing.
Regions:
AWS
Added support for following new region
meCentral1
Google
Added support for following regions
us-east5, us-south1, europe-west8, europe-southwest1, europe-west9, me-west1
New Plugins:
AWS
Network ACL has Tags
Ensure that Amazon Network ACLs have tags associated.
ELBv2 Has Tags
Ensure that ELBv2 load balancers have tags associated.
ELB Has Tags
Ensure that ELBs have tags associated.
EBS Volume has Tags
Ensure that EBS Volumes have tags associated.
CloudTrail Has Tags
Ensure that AWS CloudTrail trails have tags associated.
Cognito User Pool WAF Enabled
Ensure that all Cognito User Pool has WAF enabled.
Cognito User Pool MFA Enabled
Ensure that all Cognito User Pool has MFA enabled.
EBS Snapshot Has Tags
Ensure that EBS snapshots have tags associated.
DynamoDB Table Has Tags
Ensure that DynamoDB tables have tags associated.
ACM Certificate Has Tags
Ensure that ACM Certificates have tags associated.
AMI Has Tags
Ensure that AMIs have tags associated.
BigTable Instance Labels Added
Ensure that all BigTable instances have labels added.
Hadoop Secure Mode Enabled
Ensure that all Dataproc clusters have hadoop secure mode enabled.
Dataproc Cluster Encryption
Ensure that all Dataproc clusters have encryption enabled using desired protection level.
Dataproc Cluster Labels Added
Ensure that all Dataproc clusters have labels added.
Did you find it helpful? Yes No
Send feedback