v3.2.0
版本发布时间: 2023-12-08 18:05:39
aquasecurity/cloudsploit最新发布版本:v3.9.0(2024-09-24 17:03:17)
CloudSploit version 3.2.0 introduces the most latest version on 2023-12-08. The update includes new category plugins for Azure Media Services and Service Bus for Azure. And new category plugins for Bedrock for AWS. Along with this there are new plugins for existing services of Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.
New Plugins
AWS
Bedrock
- Custom Model Encryption Enabled
- Private Custom Model
- Custom Model In VPC
- Bedrock Model Invocation Logging Enabled
Azure
Application Gateway
- Application Gateway SSL Policy
- Application Gateway Security Logging
- Application Gateway Request Body Inspection
Front Door
- Front Door HTTPS only
- Front Door Security Logging
- Front Door Waf Enabled
- Front Door WAF Bot Protection
- Front Door Request Body Inspection
- Front Door WAF Detection Mode
- Front Door WAF Rate limit
- Front Door Domain Managed DNS
Media Services
- Media Services Public Access Disabled
- Media Services Diagnostic Logs Enabled
- Media Services Managed Identity Enabled
- Media Services Storage Account Managed Identity
- Media Services Classic API Disabled
PostgreSQL Server
- PostgreSQL Flexible Server SCRAM Enabled
- PostgreSQL Diagnostic Logging Enabled
- PostgreSQL Minimum TLS Version
- PostgreSQL Server Private Endpoints Configured
- PostgreSQL Encryption At Rest with BYOK
- PostgreSQL Flexible Server Services Access Disabled
- PostgreSQL Flexible Server Diagnostic Logging
Redis Cache
- Redis Cache Private Endpoint
Service Bus
- Namespace Encryption At Rest with CMK
- Namespace Minimum TLS Version
- Namespace Local Authentication Disabled
- Namespace Logging Enabled
SQL Databases
- Transparent Data Encryption Enabled
- Database Private Link Enabled
- Ledger Automatic Digest Storage
- Database Secure Enclaves Encryption Enabled
- Database Ledger Enabled
- SQL Databases Data Masking Enabled
SQL Server
- Microsoft Support Operations Auditing Enabled
- Server Outbound Networking Restricted
Virtual Machines
- VM vTPM Enabled
- VM Security Type
- VM Secure Boot Enabled
- VM Disks Deletion Config
Hot fixes and enhancements
Aws
- All Open Ports Plugins Added settings to check for associated ENIs with open ports security groups. Enabling this setting produces fail result. if ENI is exposed to public.
- S3 Bucket Has Tags Updated the plugin to produce the result on regional basis instead of global.
- SSM Managed Instances Updated the plugin to produce pass results if the instance is not in running state.
Azure
- Client Certificates Enabled When HTTP version 2.0 is enabled, client certificates are ignored by default from azure. Updated the plugin to only check for Client Certificates when HTTP2.0 is not enabled. In case of HTTP2.0 plugin produces pass result.