Cloud Insight Essentials Release Notes

Cloud Insight Essentials release notes

2018

Release date: August 1, 2018

Changes

This release includes a change in report names. Amazon GuardDuty reports is now called AWS Incident Analysis reports. These reports provide valuable insights and trending data for incidents discovered in your AWS environments by Alert Logic Network IDS. If you have Amazon GuardDuty enabled, the reports also provide information about incidents generated by GuardDuty security findings. The reports include:

AWS Incident Daily Digest: Displays the incidents received the previous day for the selected deployments. You can view the List of Incidents by threat level, classification type, or by GuardDuty findings.
AWS Incident Daily Digest Trends: Allows you to view a histogram chart that displays the incident daily digests for specified date range.
AWS Risk Summary: Displays the risk level for a selected group of assets,by incident count and average exposure score. The quadrant in which the selected asset group appears, and its color, indicates the risk level for the assets. You can filter the report by asset type, date range, deployment, threat level, and CVSS Score.
AWS Incident Distribution Explorer: Displays incidents by threat level and classification type for a specified time period. You can filter the report by date range, deployment, account ID and AWS asset.
AWS Targeted Deployment Explorer: Displays an incident distribution, by AWS asset or account ID, within your deployments. You can further filter the results by one or more asset types, and one or more categories.
AWS Targeted Deployment Trends: Displays an interactive graph depicting incident distribution, for a specified time period, by AWS account, region, and/or AWS asset.
AWS Incident Attacker Explorer: Displays the top 10 attackers, and their descriptions and distributions by type. You can customize the report to display incidents within a date range, deployment, AWS account ID, AWS region, VPC, subnet, security group, and tags.

Release date: July 2, 2018

Features

Alert Logic released new vulnerability scanner AMIs. In all existing Cloud Insight deployments, all AWS Auto Scaling groups and launch configurations are automatically updated to use the new AMIs.

Most customers do not need to take any action. Alert Logic will upgrade existing Cloud Insight Automatic Mode and Guided Mode deployments to use these new AMIs. Cloud Insight Essentials deployments are not affected.

Any third-party tools that monitor, whitelist, or validate the AMIs in your AWS account should be updated to reflect the new AMI list below. If you’ve manually installed Cloud Insight scanners, you can reinstall using the new scanner AMI or configure Cloud Insight to use Automatic Mode or Guided Mode. The old AMIs will be retired on July 31.

Region	Old AMI	New AMI
ap-northeast-1	ami-f07e3896	ami-e951a996
ap-northeast-2	ami-e768c589	ami-9fbe15f1
ap-south-1	ami-944916fb	ami-92b996fd
ap-southeast-1	ami-1c1e5560	ami-f986b985
ap-southeast-2	ami-3edd1b5c	ami-eb8f5d89
ca-central-1	ami-6d880f09	ami-40e46724
eu-central-1	ami-aa92ffc5	ami-a54b7e4e
eu-west-1	ami-c57336bc	ami-05764c7c
eu-west-2	ami-c66480a1	ami-9505e9f2
eu-west-3	ami-2d66d050	ami-555dec28
sa-east-1	ami-72115a1e	ami-e5e4ba89
us-east-1	ami-5934df24	ami-08076977
us-east-2	ami-e5fdca80	ami-96704ff3
us-west-1	ami-87e6ede7	ami-d08e95b0
us-west-2	ami-5b9e1623	ami-928ef5ea

Bug Fixes

Corrected an issue causing vulnerability scan failures in VPCs with no reachable local DNS servers.
Improved the reliability of the boot process.

Release April 30, 2018

Bug fixes

None

Features

None

Security

None

Changes

This release includes the addition of a new report for Center for Internet Security (CIS)Benchmarks. The CIS Benchmarks provide assessments of how an environment conforms to configuration guidelines developed by security experts.

This release includes the addition of a new report for CIS Benchmarks. In addition, Alert Logic added a remediation for assets that do not conform to CIS Benchmarks.

The CIS AWS Foundations Benchmark report displays the status of your environment compared to the CIS Foundations Benchmark Level 2. For more information about CIS Benchmarks, see the CIS Benchmarks FAQ.

Notice

None

Release April 7, 2018

Bug fixes

None

Features

This release introduces the following new features to enhance and improve the creation and management of Cloud Insight Essentials and Cloud Insight deployments.

With our AWS CloudFormation template, Alert Logic provides a single-click, convenient way to create an IAM policy and role required for deployment creation.
If you want to enable scanning for a Cloud Insight Essentials deployment, or disable scanning for a Cloud Insight deployment, Alert Logic allows you to quickly change the level of assessment for a selected deployment. For more information see Change the Assessment Level of a Cloud Insight Deployment .
This release introduces Automatic and Guided modes for deployment creation. Each deployment mode allows you different levels of control over the creation of scanning instances and the subnets in which you want them deployed, but could require you to manage and maintain aspects of your security infrastructure.
- Select Automatic Mode (recommended) if you want Alert Logic to deploy and maintain much of your security infrastructure. If you use Automatic Mode to create a deployment, Alert Logic creates a subnet in which to deploy a security appliance in each VPC within the deployment scope. In addition, Alert Logic:
  - Manages routing for the subnet.
  - Manages network ACLs for that subnet and other subnets in the VPC.
- Select Guided Mode if Automatic Mode is not possible, because:
  - You have VPCs with no available space to create a subnet in which to deploy scanning instances.
  - Your corporate or IT policies do not allow a third party to perform some of the actions permitted with Automatic Mode, such as subnet creation and routing management.
  - Your network layout requires that components of security infrastructure, such as a management subnet used by multiple tools, reside in an existing subnet.
  - Any situation in which Alert Logic cannot create and manage a dedicated security subnet in all your VPCs.

Security

None

Changes

This release improves the Deployments page by clearly displaying the subscription level on each deployment tile.

Notice

None

Release March 23, 2018

Bug fixes

None

Features

To help manage costs associated with scanning for Cloud Insight deployments, Alert Logic now shuts down scanning instances after completion of each scanning cycle. If you want to disable this feature and keep scanning instances running in your subnets, see this Alert Logic Knowledge Base article.
This release introduces available category filters on the Remediations page that separate remediations based on the following:
- AWS configurations checks—Remediations that require changes to configurations that do not align with AWS Security Best Practices.
- Vulnerability scanning—Remediations that require updates to your software to address known Common Vulnerabilities and Exposures (CVEs).
- Alert Logic configuration—Remediations that require configuration changes for Cloud Insight Essentials to identify how you use AWS.

Security

None

Changes

None

Notice

None

Release date: February 7, 2018

Bug fixes

None

Features

Alert Logic updated the layout and grouping of available reports on the Reports page. The new grouping maintains the sequence of reports, but categorizes them for better summary overview. In addition the Reports page includes a menu for faster navigation among the reports.

Security

None

Changes

This release introduces the Risk Summary report, which correlates Amazon GuardDuty findings to Cloud Insight vulnerability scans results. This report identifies assets that pose security risks, based on a combination of GuardDuty findings and known vulnerabilities. You can use the Risk Summary report to quickly identify assets that present a high security risk, with results organized by VPC, security group, region, or AWS account.

Notice

None

2017

Release date: November 28, 2017

Bug fixes

None

Features

Amazon GuardDuty integration

This release introduces integration with Amazon GuardDuty, a continuous security monitoring service that requires no customer-managed hardware or software. GuardDuty analyzes and processes VPC Flow Logs and AWS CloudTrail event logs. GuardDuty uses security logic and AWS usage statistics techniques to identify unexpected and potentially unauthorized and malicious activity, like escalations of privileges, uses of exposed credentials, or communication with malicious IPs, URLs, or domains.

If you enable GuardDuty in AWS, your Cloud Insight and Cloud Insight Essentials deployments can integrate GuardDuty security findings for display on the Incidents page, which allows you to analyze the findings, and get recommendations on how to respond.

To take advantage of Amazon GuardDuty integration, you must:

Enable GuardDuty. For information, see the AWS documentation.
Create a Cloud Insight or Cloud Insight Essentials deployment.
For existing deployments, use the following procedure to edit the IAM policy you used to create the role granting us access to your AWS assets.
1. Log into the AWS console and:
2. In the AWS Management Console, click IAM.
3. On the navigation pane, click Policies.
4. Click the policy you want to edit.
5. Click Edit Policy.
6. Click the JSON tab.
7. Copy this policy document, and then paste it into the JSON window to replace the IAM policy document you used to create the role granting us access to your AWS assets.
8. Click Review Policy.
9. Click Save Changes.

Deploy the Alert Logic CloudFormation template to the regions in the deployment scope. For detailed installation instructions, see the documentation in our public github repository.

The Incidents page

This release also introduces the Incidents page, which displays GuardDuty findings as incidents, and allows you to use that information to manage and close incidents, and to secure your environments.

Security

None

Changes

With this release, the Environments page becomes the Deployments page, and your environments are now called "deployments." This change in terminology does not affect the setup of your deployments, or the scope you set for them.

This release also introduces two levels of assessment for your deployments: Cloud Insight Essentials and Cloud Insight.

Cloud Insight Essentials:
- Access to the library of AWS configuration best practices checks that are continuously tested on your AWS environment to help you detect and remediate exposures.
- Integration with Amazon GuardDuty.
Cloud Insight provides:
- The capabilities of Cloud Insight Essentials.
- Vulnerability assessments in your deployment, which adds visibility to vulnerabilities on your EC2 instance workloads.

Notice

None

Release date: November 1, 2017

Bug fixes

This release fixes an issue in which Cloud Insight did not include the vulnerability details in the Remediations Description field. With this release, vulnerability details display, as expected, in the Description field.

Features

None

Security

None

Changes

This release allows customers to view the Topology page for a selected environment, even if the customer has not yet selected a scope for the selected environment.

Notice

None

Release date: March 28, 2017

Bug fixes

None

Features

This release adds support for five new AWS regions:

Region Name	Region
Asia Pacific (Seoul)	ap-northeast-2
Asia Pacific (Mumbai)	ap-south-1
US East (Ohio)	us-east-2
Canada (Central)	ca-central-1
EU (London)	eu-west-2

Security

None

Changes

None

Notice

None

Release date: February 23, 2017

Bug fixes

None

Features

None

Security

None

Changes

This release includes the addition of the scoped hosts icon to the Dashboard header. The new icon represents the number of hosts that are specified in the environment scope to be scanned. This change provides an improved representation of the environment scan status in the header.

2016

Release date: October 27, 2016

Bug fixes

None

Features

None

Security

None

Changes

This release includes new checks that alert you to configuration issues that allow malicious users to access internal services through the following protocols:

SSH
Telnet
VNC
Windows RPC
NetBios
CIFS
SMB
SMTP
DNS

Release date: September 22, 2016

Bug fixes

None

Features

This release includes the ability to configure cross-account CloudTrail access for each of your environments. AWS allows you to use a separate, dedicated account with CloudTrail enabled to centralize your CloudTrail collection. If you utilize a separate AWS account for CloudTrail collection, you can choose to enter a second ARN role and policy when you create an environment to allow us to access the AWS account that collects CloudTrail data.

If you provide cross-account access to the AWS account with CloudTrail enabled, you get near real-time updates about your assets. Without cross-account access to CloudTrail, we refresh information about your assets only every 12 hours.

Security

None

Changes

Each environment tile on the Environments page includes an option to apply and manage cross-account CloudTrail access for that environment.

Notice

None

Release date: August 3, 2016

Bug fixes

None

Features

This release includes a new scan scheduling feature, visible from the Dashboard page, that provides customers with more insight to the scan schedule. On the Dashboard page, customers can click the Scan button to view the Environment Scan Status, which displays the scan status of assets in the environment. Click a VPC to view the scanning order of assets, the assets Cloud Insight is currently scanning, the assets scheduled to be scanned, and the assets not scheduled to be scanned. In addition, the new feature allows customers to initiate a scan for a specified asset.

Security

None

Changes

The Cloud Insight Dashboard page includes two new buttons, Threat and Scan, which control whether the Dashboard page displays the Environment Threat Status or the Environment Scan Status.

Notice

None