On August 10, 2023, Aqua will release and activate the following new plugins. They can be tested using the Live Run tool and optionally suppressed if required. If you have selected the Suppress All New Plugins option from the Account Settings page, no action is required -- they will be pre-suppressed in your account before release.
ACK Log Service Enabled
Ensure that Kubernetes Engine Clusters are configured to enable log service.
Kubernetes Web Dashboard Disabled
Ensure that Kubernetes cluster web UI/Dashboard is not enabled.
Vulnerability Scan Enabled
Ensure that scheduled vulnerability scan is enabled on all servers.
ACK ENI Multiple IP Mode
Ensure ENI multiple IP mode support for Kubernetes Cluster.
ACK Private Cluster Enabled
Ensure that Kubernetes clusters are created with private cluster enabled.
Cloud Monitor Enabled
Ensure Cloud Monitor is enabled on Kubernetes Engine clusters.
Security Hub Enabled
Ensure that AWS Security Hub is enabled.
S3 Object Read Logging
Ensure that object-level logging for read events is enabled for S3 bucket.
S3 Object Write Logging
Ensure that object-level logging for write events is enabled for S3 bucket.
ELBv2 TLS Version and Cipher Header Enabled
Ensures that AWS ELBv2 load balancers have TLS version and cipher headers enabled.
OpenSearch Zone Awareness Enabled
Ensure that OpenSearch domains have zone awareness enabled.
Event Hubs Minimum TLS Version
Ensures Microsoft Azure Event Hubs namespaces do not allow outdated TLS certificate versions.
ACR Anonymous Pull Access Enabled
Ensure that anonymous pull access is not enabled for Azure container registries.
ACR Log Analytics Enabled
Ensure that Azure container registry logs are sent to the Log Analytics workspace.
Front Door Minimum TLS Version
Ensures that Azure Front Door Standard and Premium profile custom domains have minimum TLS version of 1.2.
Front Door Access Logs Enabled
Ensures that Azure Front Door Access Log is enabled.
Storage Account Queue Service Logging Enabled
Ensures that Microsoft Azure Storage Queue service logging is enabled for "Read", "Write", and "Delete" requests.
Storage Account Blob Service Logging Enabled
Ensures that Microsoft Azure Storage Blob service logging is enabled for "Read", "Write", and "Delete" requests.
Storage Account Table Service Logging Enabled
Ensures that Microsoft Azure Storage Table service logging is enabled for "Read", "Write", and "Delete" requests.
Hot fixes and enhancements
Aqua will release the following on August 10, 2023.
Added a setting which will allow to ignore security groups associated with clusters in private subnets.