CloudSploit version 3.5.0 introduces the most latest version on 2024-05-28. The update includes new plugins for Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.

New Plugins

AWS

Bedrock

• AWS Bedrock In Use

Neptune

• Neptune Database IAM Authentication Enabled
• Neptune Database Deletion Protection Enabled
• Neptune Database Multiple AZ
• Neptune Database Instance Backup Retention

DocumentDB

• DocumentDB Has Tags
• DocumentDB Cluster Deletion Protection

SQS

• SQS Has Tags

WAFV2

• Web ACL Logging Enabled

Azure

Batch Account

• Batch Account CMK Encrypted

App Configuration

• App Configuration Access Key Authentication Disabled

Container App

• Container Apps Volume Mount Configured
• Container Apps Has Tags

Cosmos DB

• Cosmos DB Local Authentication Disabled

DataBricks

• Databricks Workspace Managed Disk CMK Encrypted
• Databricks Workspace Has Tags

Event Hub

• Event Hubs Namespace Has Tags
• Event Hubs Namespace Diagnostic Logs
• Event Hub Namespace Local Auth Disabled
• Event Hubs Namespace Managed Identity

Front Door

• Front Door Managed Identity Enabled

Machine Learning

• Machine Learning Workspace Has Tags
• Machine Learning Workspace Public Access Disabled
• Machine Learning Workspace Diagnostic Logs

Log Alerts

• PostgreSQL Flexible Server Logging Enabled

PostgreSQL Server

• PostgreSQL FLexible Server Log Duration Enabled

Hot fixes and enhancements

Aws

KMS Key Rotation Key rotation feature is only available on key type SYMMETRIC_DEFAULT , updated the plugin to produce passing results for the key type that does not have key rotation feature available.

2. ELBv2 TLS Version and Cipher Header Enabled Updated the plugin logic to check that TLS version and Cipher should be disabled in headers. Enabling these headers may leak sensitive information, so updating the plugin to check the TLS version and Cipher header should not be enabled. Updated the title, description and output message . The plugin title is renamed to ELBv2 TLS Version and Cipher Header Disabled.

3. EKS Kubernetes Version Modified the depreciation date for EKS versions. For list of updated EKS versions, refer https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html

4. EKS Latest Platform Version Modified the depreciation date and latest platform version for EKS versions. For list of updated latest platform, refer to https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html

5. Lambda Old Runtimes Modified the end of life dates for lambda runtimes versions. For list of updated end of life dates for lambda runtimes versions, refer , https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy

Azure

1. Load Balancer Public IP Revised title, description, more info, recommended actions, and output message of the plugin to ensure that Azure Load Balancers are public to meet your organization's security compliance and availability needs. The plugin title is renamed to Public Load Balancer.

2. PostgreSQL Flexible Server Version Earlier, the plugin was checking for the latest version, which was 13. Modified the latest version of the flexible server from 13 to 16.

3. Microsoft Support Operations Auditing Enabled Updated the plugin to produce unknown results if it’s unable to get audit policies, previously it was producing failed results if there were no audit policies in data.

4. Previously, the following plugins were responsible for checking the diagnostic logs of blob, queue, and table for both V1 and V2 storage account types. But as in V1 (premium) type the diagnostic logs can only be enabled for that specific storage account kind service, so updated the plugins to produce pass results if the storage account type is premium.

Storage Account Blob Service Logging Enabled Storage Account Queue Service Logging Enabled Storage Account Table Service Logging Enabled

Google

1. PostgreSQL Latest Version Earlier, the plugin checking for the latest version, which was 14. Modified the latest version of PostgreSQL server from 14 to 15.