Releases: PaladinCloud/CE
Releases · PaladinCloud/CE
1.5.1
Policy Updates
- Added 41 new policies across the three clouds AWS, Azure, and GCP
- Fixed the bugs with the existing policy metadata/documentation.
- We are improving the wiki for the existing rules. This is an ongoing effort.
UI Updates
- Fixed bugs across the application
Installer Changes:
- We have removed the AWS ReadOnlyAccess policy from the installer role. Instead, we have added individual service-level policies to the installer. Now, users do need to add the ReadOnlyAccess policy to the
paladicloud_ro
role. We will be updating the installer docs regarding the policies required to install the Paladin Cloud. - We have fixed the issues in the Qualys connector. It is fully functional now. We will be adding the documentation on how to add the Qualys connector.
- Now users do not need to modify the existing security grp to make the app work. We have added the required inbound rules as part of the installer itself.
- We have corrected the minor variable names in the
default.local.py
file. Existing users will have to recreate the local.py in order to avoid redeploy issues.
What's Changed
- feat: Enable IP Forwarding for Compute Engine Instance by @AnjaliMadhavi-Nakirikanti in #529
- chore: updated version by @santhosh-challa in #570
- fix:Automated backups for cloudsql by @kushZemoso in #554
- fix: azure policies bug fixes by @AnjaliMadhavi-Nakirikanti in #541
- Fix/audit log issue by @AnjaliMadhavi-Nakirikanti in #568
- feat: Policy to Ensure CloudWatch log metric filter and alarm by @akashpaladin in #558
- feat: Enable 'cloudsql.enable_pgaudit' Flag for PostgreSQL Database I… by @kushZemoso in #547
- fix: added asset groups in query params for Exception and Audit API's by @ranadheer-b in #577
- refactor: description and policy name changes by @raviteja-mandala in #579
- fix: Asset group update failure by @dheerajkholia-paladin in #583
- fix:Rule params and changed equalsIgnoreCase instead of equals by @kushZemoso in #584
- feat: policy to check email is configured in ms defender email settings by @raviteja-mandala in #567
- Defender/email subscription admins by @AishwaryaKulkarni97 in #586
- fix: fixed ui inconsistencies by @sidharthjain-zemoso in #587
- removed google anaytics by @rnithinpaladin in #589
- Fix/target type with disable flag by @arunpaladin in #593
- added config_url to rule_engine rules by @rnithinpaladin in #595
- fix: fixed UI related bugs by @ranadheer-b in #592
- fix: removed quotes for user options by @AishwaryaKulkarni97 in #573
- fix:Os and Data disk are encypted using customer managed keys. by @kushZemoso in #597
- Fix/bug fix by @ranadheer-b in #599
- fix: syntax Issue in db file by @AnjaliMadhavi-Nakirikanti in #601
- fixed audit log bug by @ranadheer-b in #603
- chore: added violations column in compliance overview table in dashboard by @sidharthjain-zemoso in #604
- feat: Enable RBAC within Azure Kubernetes Services by @raviteja-mandala in #608
- fix:Root account hardware MFA check by @akashpaladin in #605
- Feat/gcp integrity monitoring by @AishwaryaKulkarni97 in #609
- fix: fixed admin policies by @sidharthjain-zemoso in #606
- fix: updated policy name and description by @raviteja-mandala in #614
- feat: Replaced asset details table by @sidharthjain-zemoso in #610
- feat: added event selector object to cloud trail data collector by @arunpaladin in #611
- fix: fixed violation details, asset list page bugs for arn resource Id by @ranadheer-b in #612
- feat : Enable Vulnerability Assessment Periodic Recurring Scans by @AnjaliMadhavi-Nakirikanti in #578
- Feature/enable node auto upgrade by @AnjaliMadhavi-Nakirikanti in #607
- fix: fixed breadcrumbs in admin screens and fixed few p0 items by @sidharthjain-zemoso in #616
- fix: addressed db file syntax error by @AnjaliMadhavi-Nakirikanti in #620
- fix:Policy to Ensure CloudWatch log metric filter and alarm by @akashpaladin in #619
- fix: fixed few bugs related to Exemptions and Asset Distribution by @ranadheer-b in #621
- feat: disable alpha clusters by @AishwaryaKulkarni97 in #622
- Feature/enable node auto repair by @kushZemoso in #613
- feat:Enable VPC Flow Logs and Intranode Visibility by @kushZemoso in #618
- fix: changed asset display names by @AnjaliMadhavi-Nakirikanti in #624
- feat: Ensure clusters are created with private nodes and private end … by @raviteja-mandala in #625
- fix: fix for azure keyvalut collector not collecting all keyvaults by @AnjaliMadhavi-Nakirikanti in #627
- fix: resolved syntax error in db.sql file by @AnjaliMadhavi-Nakirikanti in #632
- AzureAD mandatory properties name change in the DB by @arunpaladin in #628
- Feat/basic auth by @AishwaryaKulkarni97 in #629
- feat:Disable Legacy Authorization by @kushZemoso in #623
- feat: Enable_VPC_native_for_clusters by @AnjaliMadhavi-Nakirikanti in #615
- feat: Disable client certificate Authentication for GKE Cluster by @AnjaliMadhavi-Nakirikanti in #617
- chore: updated readme by @santhosh-challa in #636
- fix: fixed rules that were breaking policyViolationReason end point in compliance api by @sidharthjain-zemoso in #634
- feat: Policy to Ensure AWS Security hub is enabled by @akashpaladin in #635
- feat:Enable Auto-Provisioning of Log Analytics Agent by @kushZemoso in #631
- fix: changed styling of list view and other minor bug fixes by @sidharthjain-zemoso in #633
- feat: Policy to Ensure Object level logging is enabled for s3 buckets by @akashpaladin in #626
- fix: removing duplicate entries in UI by @AishwaryaKulkarni97 in #639
- fix: s3, s4, s5 qualys vulnerability rules fix by @raviteja-mandala in #646
- feat:Remove Custom Owner Roles by @kushZemoso in #638
- Feat/key rbac by @AishwaryaKulkarni97 in #640
- Bug fixes by @sidharthjain-zemoso in #647
- feat: Policies related to AWS K8 by @akashpaladin in #648
- fix: AWS Removed extra spaces by @akashpaladin in #651
- feat: Retention days should be greater than ninety by @AishwaryaKulkarni97 in #649
- Adding Images to new How to by @MonikaSharmaZemoso in #652
- Adding Images for new How to Document by @MonikaSharmaZemoso in #653
- Adding images for new document by @MonikaSharmaZemoso in #654
- fix: AWS Removed extra spaces by @akashpaladin in #656
- fix:AWS resolutionUrl bugfix by @akashpaladin in #650
- fix:ruleKey ,policyName,Description and wiki links for policies. by @kushZemoso in #658
- changed azure secert_id to secert value and http allowed only for int… by @rnithinpaladin in #655
- feat: Enable Cloud Logging and Monitoring by @AnjaliMadhavi-Nakirikanti in #637
- fix: Removed full read only access for AWS resources. by @arunpaladin in #657
- feat: Disable Kubernetes Web UI by @AnjaliMadhavi-Nakirikanti in #630
- "feat: added ResourceID link and Policy link to the email template" by @arunpaladin in #662
- fix: Modified Display Name of target type by @arunpaladin in #666
- chore ASG added inbound rule by @rnithinpaladin in #672
- fix: ad...
1.5.0
Policy/Rule Updates
- Added 21 new policies across the three clouds AWS, Azure, and GCP
- Fixed the bugs with the existing policy metadata/documentation.
- We are improving the wiki for the existing rules. This is an ongoing effort.
UI Updates
- Added new Asset Distribution Screen.
- Modified the dashboard violation tails to include more metadata.
- Fixed other bugs across the application
Other Changes:
- We have removed the Azure Policy Definitions and Policy Evaluations from assets. So existing users will be seeing Azure assets going down post-upgrade. We will be working on a feature to represent these in a better way in the coming releases.
Known Issues
- We are testing 2 AWS and 1 Azure policy which we have added in this release. They may not be fully functional yet. We will update then in the upcoming release if necessary.
What's Changed
- feat : Enable Cloud Asset Inventory by @AnjaliMadhavi-Nakirikanti in #495
- Deny admin Privileges to service accounts by @AishwaryaKulkarni97 in #493
- feat: added current version in Ui by @ranadheer-b in #498
- fix: fixed data fetch issue and other minor bugs by @sidharthjain-zemoso in #501
- feat: enable active directory on app services by @AishwaryaKulkarni97 in #497
- feat: Deny usage of service accounts with full cloud API access by @AishwaryaKulkarni97 in #504
- feat: added new aws rule to check root user account access key by @amishavijayakumar08 in #496
- fix:Collector and rule. by @kushZemoso in #507
- fix: Correcting count of accounts in statistics API by @dheerajkholia-paladin in #511
- feat:Deny usage of default service accounts for instances by @AnjaliMadhavi-Nakirikanti in #506
- feat:Policy to check enable mfa delete on s3 bucket by @amishavijayakumar08 in #508
- feat:Added a new policy for DiskEncryption. by @kushZemoso in #505
- Fix: Disabling qualys collector and rules when its disabled from installer by @dheerajkholia-paladin in #510
- feat: added exempted assets count Api by @ranadheer-b in #514
- fix: fixed dropdown bug in create asset group page by @ranadheer-b in #517
- feat: added api for distribution by severity by @sidharthjain-zemoso in #516
- fix:kms_key rule by @kushZemoso in #522
- fix: list state by @sidharthjain-zemoso in #519
- feat: generalised rule for cloud sql db flags by @AishwaryaKulkarni97 in #523
- feat:Policy to check log file validation enabled on CloudTrail by @akashpaladin in #526
- feat:This rule checks if skip_show_database flag for MYSQL db is enab… by @kushZemoso in #527
- feat: AWS DataCollector for CloudWatch log and CloudWatch alarm by @arunpaladin in #528
- updated default values for es by @rnithinpaladin in #525
- feat: enable log connection for postgres rule by @AishwaryaKulkarni97 in #530
- feat:Policy to check CloudTrail logs are encrypted using KMS by @akashpaladin in #535
- feat: Ensure log_hostname db flag is enabled for postgres clould sql by @raviteja-mandala in #534
- feat:enable log disconnection for postgres rule by @kushZemoso in #536
- Feat/key expiration date by @AishwaryaKulkarni97 in #538
- chore/external_alb_need_https by @rnithinpaladin in #539
- feat: Disable Log_min_duration_statement Database Flag for PostgreSQL Instance by @AnjaliMadhavi-Nakirikanti in #537
- feat : Enable Confidential Computing for Compute Instance by @AnjaliMadhavi-Nakirikanti in #515
- docs: Added files via upload by @MonikaSharmaZemoso in #544
- Feat/enforce sql server user connections db flag to non limiting by @AnjaliMadhavi-Nakirikanti in #531
- fix:modified date formats by @ranadheer-b in #545
- feat: Added ECS Cluster service to data collector by @arunpaladin in #546
- Add files via upload by @MonikaSharmaZemoso in #548
- Feat/secret expiration date by @AishwaryaKulkarni97 in #543
- feat:Configure log_min_error_statement Flag for PostgreSQL Database I… by @kushZemoso in #542
- feat: Policy to check whether 'All users with following rules' is set… by @raviteja-mandala in #549
- feat: added asset trend graph, modified tiles, replaced table with ne… by @sidharthjain-zemoso in #550
- fix : fix for audit log api by @AnjaliMadhavi-Nakirikanti in #553
- Revert "chore/external_alb_need_https" by @rnithinpaladin in #556
- feat: remove user options db flag for sql server by @AishwaryaKulkarni97 in #552
- feat: Added new asset summary screen by @sidharthjain-zemoso in #557
- fix: Modified existing SQL Query by @arunpaladin in #555
- fix: Completed p0 tasks and fixed style related bugs in dashboard and asset-summary by @sidharthjain-zemoso in #565
- feat: Added Asset Distribution Screen by @ranadheer-b in #566
- chore: updated version by @santhosh-challa in #571
- fix: removed quotes for user options for release branch by @AishwaryaKulkarni97 in #575
- fix: Asset API correction by @dheerajkholia-paladin in #576
- refactor: description and policy name changes by @raviteja-mandala in #580
- fix: added asset group for exception and audit by @ranadheer-b in #581
- Fix: Asset group update failure by @dheerajkholia-paladin in #582
- Fix/audit log issue v1.5.0 by @AnjaliMadhavi-Nakirikanti in #569
- Fix/log min error flag by @kushZemoso in #585
- fix: fixed ui inconsistencies by @sidharthjain-zemoso in #588
- removed google anaytics by @rnithinpaladin in #590
- Fix/bug fixes v1.5.0 by @ranadheer-b in #591
- updated sql query to disable unused target type by @arunpaladin in #594
- added config_url to rule_engine rules by @rnithinpaladin in #596
- fix:esurl by @kushZemoso in #598
- Fix/bug fixes by @ranadheer-b in #600
- fixed audit log bug by @ranadheer-b in #602
New Contributors
- @MonikaSharmaZemoso made their first contribution in #544
Full Changelog: 1.4.0...1.5.0
1.4.0
Policy/Rule Updates
- Added 19 new rules across the three clouds AWS, Azure and GCP
- Fixed the bugs with the existing policy metadata/documentation.
- We are improving the wiki for the existing rules. This is an ongoing effort.
UI Updates
- Added new violations table in the violations screen.
- Fixed bug in enabling/disabling rules.
- Added the version number of the app on the UI screen.
- Fixed other minor bugs across the application.
Infrastructure Updates
- Added ability to add more nodes for open search cluster via the installer. Now users can add more nodes to the cluster as per their workloads.
- Existing users must ensure to update their local.py configs from the new default.local.py file. This is needed for the redeploy to take the new configurations.
- Added ability to configure RDS master user name and password via the installer. We have changed the default username and password. So existing users would see the RDS instance being destroyed and recreated. As it stores only configurations required for the application, the same would be re-created with the upgrade process.
- Fixed an issue while adding HTTPS via the installer. This is raised in the community issues. Issue #479
What's Changed
- chore: sonarcloud update by @rnithinpaladin in #440
- Fix for rule enable-disable issue by @dheerajkholia-paladin in #439
- feat:VM instance should block project-wide SSH keys by @kushZemoso in #442
- fix: remove duplicate client id records by @arunpaladin in #445
- fix: cloud type in policy screen and other minor fixes by @sidharthjain-zemoso in #446
- feat: subnet mode should not be legacy by @AishwaryaKulkarni97 in #434
- feat: compute instances should be shielded by @AishwaryaKulkarni97 in #443
- feat:Added new aws policy to check public access rule configured in NACL by @amishavijayakumar08 in #447
- feat: enable os login at project level by @AnjaliMadhavi-Nakirikanti in #449
- changed workflow name by @rnithinpaladin in #456
- Feat/azure tls flexible server by @AishwaryaKulkarni97 in #454
- test: added missing tests for compliance dashboard by @ranadheer-b in #460
- Adding logs to debug the issue- broken screen violation by sev… by @dheerajkholia-paladin in #448
- feat:enable soft delete for blob storage account by @AnjaliMadhavi-Nakirikanti in #453
- feat: Disable User-Managed Service Account Key Creation by @AnjaliMadhavi-Nakirikanti in #462
- feat:Configure Minimum TLS Version in storage account by @kushZemoso in #421
- feat:Added new aws rule to check S3 buckets are encrypted by @amishavijayakumar08 in #464
- feat:Enforce rotation period of kms keys is within 90 days. by @kushZemoso in #465
- fix:Removed duplicate metadata from azure_rules.json by @kushZemoso in #469
- fix: fixed api calls in dashboard by @sidharthjain-zemoso in #470
- feat:Added aws rule checks S3 bucket policy to deny http by @amishavijayakumar08 in #466
- faet : Enforce Network Security Group Flow Log retention for more than 90 days by @AnjaliMadhavi-Nakirikanti in #463
- feat:Use BYOK for Activity Log Storage Container Encryption by @kushZemoso in #461
- fix: fixed data load issue in dashboard - follow up of api calls fix by @sidharthjain-zemoso in #474
- feat: Added new API to get the trend of daily assets count by @dheerajkholia-paladin in #467
- fix: Corrected number of account in statistic API by @dheerajkholia-paladin in #471
- feat:New AWS Policy to check RDS Auto Minor Version Upgrade by @amishavijayakumar08 in #473
- chore:rds_username and password can configured by user by @rnithinpaladin in #475
- feat: Added APIs to fetch data for severity and category filters by @ranadheer-b in #476
- Chore/rds configuration by @rnithinpaladin in #477
- feat:Enable TDE for sql database by @kushZemoso in #472
- chore:elasticsearch adding extra node and enabled master node by @rnithinpaladin in #483
- feat:Added a new policy for VMInstance. by @kushZemoso in #481
- chore/configured version number in rds by @rnithinpaladin in #485
- fix: Corrected asset count trend API to return all-time data by default by @dheerajkholia-paladin in #484
- Include mandatory categories in the diagnostics setting by @AishwaryaKulkarni97 in #486
- feat:backend api for average age by @AnjaliMadhavi-Nakirikanti in #482
- enabled Vulnerability for VulnerabilityALBHttpsListenerRule by @rnithinpaladin in #488
- feat: Added version controller that gives current released version va… by @kushZemoso in #489
- feat: replaced violations table with new table by @sidharthjain-zemoso in #490
- Fix/violations screen by @sidharthjain-zemoso in #502
- feat: added release version in UI by @ranadheer-b in #503
- fix: Correcting count of accounts in statistics API by @dheerajkholia-paladin in #512
- fix: fixed attribute value fix in create asset group page by @ranadheer-b in #518
- fix: list state by @sidharthjain-zemoso in #521
Full Changelog: 1.3.0...1.4.0
1.3.0
Policy/Rule Updates
- Added new policies across the three clouds AWS, Azure and GCP
- Fixed the bugs with the existing policy metadata/documentation.
- We are improving the WiKI with the existing rules. This is an ongoing effort.
- Added an Autofix for AWS to support unused security groups. Please refer to this wiki for details of enabling the same.
Using Azure AD
- Azure AD can now be used as an authentication mechanism over the default db-based authentication.
- We have tested this feature and it is fully functional. Please read the docs here to start using it.
UI Updates
- Fixed minor bugs across the application.
Infrastructure Updates
- Upgraded the instance types for our RDS and Elasticsearch services. This has been updated in the
installer/settings/default.local.py
file. - If you are upgrading from earlier versions, please copy your existing local.py changes to the new default.local.py and create a new local.py file. This way all the latest changes from default.local.py would be copied over to local.py. This is required as your current local.py file was created based on the previous version of default.local.py
- Please log an issue in case of any other clarification is needed.
- Please read the WiKi for upgrade here.
Other Updates
- We have changed the way of adding new AWS client accounts into Paladin Cloud.
- Earlier the addition of AWS accounts to scan is a manual process and would need to redo the process for every upgrade.
- Now we have added the support of adding the accounts through the installer/redeploy process.
- Users need to provide the account id and names during the installation/redeploy process as below:
AWS_ACCOUNT_DETAILS = [
{
'accountId': "176332",
'accountName': "baseAccount"
},
{
'accountId': "2345",
'accountName': "clientAccount1"
},
{
'accountId': "234565",
'accountName': "clientAccount2"
}
]
- As a one-time process, existing users need to add their base account information (where Paladin Cloud is installed) along with their other accounts which Paladin already monitoring, in the local.py file as mentioned above before their redeploy process.
- Docs for adding the new AWS account to monitor are here.
Known Issues
- Below 3 new policies are still under development and have not been fully functional yet. We will be fixing them in the upcoming release.
- Enable hardware MFA for the root account (AWS)
- Enable Client certificates on WebApp (Azure)
- Enable minimum TLS version 1.2 on WebApp (Azure)
What's Changed
- fix: addressed database syntax error by @AnjaliMadhavi-Nakirikanti in #395
- fix: GCP discovery issue by @dheerajkholia-paladin in #394
- fix: running the three cloud rules in parallel, instead of sequentially by @santhosh-challa in #398
- fix: remote access database flag by @AishwaryaKulkarni97 in #389
- JOB_SCHEDULE_INTERVAL by @rnithinpaladin in #406
- feat:Added new aws rule to check AWSSupportAccess role created by @amishavijayakumar08 in #400
- Feature/gcp public ip by @kushZemoso in #401
- fix:Changed whitelist to allowlist by @kushZemoso in #409
- fix: fixed asset details table data load when resourceId in violation… by @sidharthjain-zemoso in #410
- Feature/fix allowlist by @kushZemoso in #412
- feat:Added new aws rule to check hardware mfa is configured by @amishavijayakumar08 in #407
- updated common.py file with default AUTHENTICATION_TYPE by @rnithinpaladin in #417
- fix: 3625(trace flag) database flag by @AishwaryaKulkarni97 in #403
- fix:Support for multiple aws account names by @dheerajkholia-paladin in #413
- feat:Added new aws rule to check user policies are assigned through group by @amishavijayakumar08 in #420
- fix:Aws wiki link bug fixes by @amishavijayakumar08 in #422
- Enable delete protection for azure keyvaults by @AnjaliMadhavi-Nakirikanti in #402
- feat: Default Network should Not Exist in a Project by @AnjaliMadhavi-Nakirikanti in #419
- changes in displaying output by @rnithinpaladin in #424
- fix: fixed tiles and table data inconsistency in policy by @sidharthjain-zemoso in #425
- fix:aws policy wiki link and display name updates by @amishavijayakumar08 in #426
- newer instance type for rds and es by @rnithinpaladin in #427
- fix:Fixed accountname and region for Azure and GCP by @dheerajkholia-paladin in #428
- feat: Enforce cloud Sql for SSL certificate by @AnjaliMadhavi-Nakirikanti in #408
- feat: Deny Network Access Rule for Storage Accounts by @AnjaliMadhavi-Nakirikanti in #423
- fix: Correcting sql syntax by @dheerajkholia-paladin in #429
- Bug/gcp azure buxfix by @AnjaliMadhavi-Nakirikanti in #432
- fix:aws policy display name changes by @amishavijayakumar08 in #433
- feat:Enable Uniform Bucket level acess for cloud storage buckets. by @kushZemoso in #430
- fix: Fixed Refresh Token Expiry and Display EC2 Resources Attributes by @ranadheer-b in #390
- docs: updated reademe by @santhosh-challa in #435
- Fix/aws unused securitygroup autofix by @arunpaladin in #418
- fix: fixed admin dropdowns and tagging table related bugs by @ranadheer-b in #437
- fix:aws policy display name bug fixes by @amishavijayakumar08 in #436
- chore: sonarcloud update by @rnithinpaladin in #438
- chore:update sonorcloud by @rnithinpaladin in #441
- fix: remove duplicate client id records by @arunpaladin in #444
- Added debug logs by @dheerajkholia-paladin in #452
Full Changelog: 1.2.0...1.3.0
1.2.0
Summary of Changes
EventBridge Limit:
- Last release we crossed the default AWS account soft limit for the number of rules that can be created for an event bus (300). So we have requested users to upgrade their limit before redeploy or installation process.
- The good news is that we have overcome that limitation in the current release using a new micro-service called job-scheduler. Now Paladin Cloud uses separate custom event buses for each cloud provider.
Policy/Rules Update:
- We have added new collectors and rules across the three cloud providers, AWS, Azure and GCP
- We have added our first auto-fixes for a couple of policies in Azure and GCP. We will be updating the steps required to enable the same in the wiki.
- We have made some changes to Rule metadata.
- We are updating the Wiki with the current rules we support. This is an ongoing effort.
UI updates:
- We have redesigned the Policy Knowledge base screen.
- We have added a new feature, a collapsible navigation bar
- We have fixed an issue with the table to store the previous state
- We have fixed minor fixes across the other components
Azure AD:
- We have added a feature to enable Azure AD authentication in the Paladin Cloud.
- Azure AD can now be used as an authentication mechanism over the default db-based authentication.
- We are in the process of testing the Azure AD feature. Please watch this space for an update on the Azure AD
Infrastructure Updates:
- As stated above, we are now using custom EventBridge buses.
- We have created a new micro-service job-scheduler in our existing ECS cluster.
- This microservice would emit the events periodically to trigger the jobs/rules.
- We have upgraded the Terraform to the latest version, 1.2.x
- If you are upgrading from previous versions, please follow this link to start upgrading to this release.
What's Changed
- chore:modified domains in config file by @ranadheer-b in #332
- chore: updated lambda run time to 3.8 by @rnithinpaladin in #335
- Fix/asset type display name change by @arunpaladin in #331
- feat: vm instances should be migrated on maintenance event by @AishwaryaKulkarni97 in #337
- feat: added a new policy for the nsg. This policy checks the public … by @kushZemoso in #338
- fix:Combined aws listener policies for classic elb and elbv2 by @amishavijayakumar08 in #340
- chore:Upgraded aws-java-sdk version in commons by @amishavijayakumar08 in #341
- Fix/asset type display name change by @arunpaladin in #343
- Implemented autofix for azure and gcp policies by @dheerajkholia-paladin in #342
- feat: GCP policy to restict access to GKE cluster by @AnjaliMadhavi-Nakirikanti in #344
- PaladinCloud Login using AzureAD by @arunpaladin in #348
- feat: added a new policy for the gke Cluster.This rule checks if the … by @kushZemoso in #347
- feat: Added a new policy for the gke Cluster by @kushZemoso in #350
- Collapsed navbar by @ranadheer-b in #346
- feat : Ensure DB owner chaning flag is disable for Google SQL server by @AnjaliMadhavi-Nakirikanti in #354
- fix: updated the Azure activitylog policies display names as per wiki by @AnjaliMadhavi-Nakirikanti in #356
- feat:Policy to check delete access policy for aws backup vault by @amishavijayakumar08 in #351
- feat: Ensure Enable trusted microsoft services to access Storage Account by @AnjaliMadhavi-Nakirikanti in #349
- feat:Autofix for azure policy unrestricted database access by @dheerajkholia-paladin in #353
- Feature/gcpsql by @AishwaryaKulkarni97 in #355
- feat:redirect azure app service webapp from http to https by @AnjaliMadhavi-Nakirikanti in #357
- Feat/aws iam user multiple access key policy by @amishavijayakumar08 in #358
- feat: added error state by @sidharthjain-zemoso in #363
- feat:Added a new Policy for cloudStorage. by @kushZemoso in #362
- fix: removed extra spaces in gcp and azure policy rule name by @AnjaliMadhavi-Nakirikanti in #364
- fix:remove the spacial charaters from the rule Ensure _web_app_using_late… by @AnjaliMadhavi-Nakirikanti in #365
- Policy knowledgebase by @sidharthjain-zemoso in #366
- feat:Added a new policy for webApp by @kushZemoso in #367
- feat: App service authentication should be enabled by @AishwaryaKulkarni97 in #360
- feat: gcp sql instances should not be public by @AishwaryaKulkarni97 in #368
- fix:removed mismatched quote in db.sql file by @AnjaliMadhavi-Nakirikanti in #372
- Fix/sso login azure ad by @arunpaladin in #370
- Fix/bug fix by @sidharthjain-zemoso in #369
- feat:Rule to check expired aws iam certificates by @amishavijayakumar08 in #371
- feat: Enable DNSSEC for Google Cloud DNS Zones by @AnjaliMadhavi-Nakirikanti in #359
- Update README.md by @Steve-Hull in #377
- Feature/tls encryption by @kushZemoso in #375
- Feat/aws customer manged full admin access policy by @amishavijayakumar08 in #376
- feat: Ensure Client certificate on for Web App. by @AnjaliMadhavi-Nakirikanti in #374
- feature :Autofix for azure and gcp policy by @dheerajkholia-paladin in #379
- feat:Added new aws policy to check IAM role with full admin access by @amishavijayakumar08 in #380
- feat:Added new aws rule for users with full admin access by @amishavijayakumar08 in #381
- fix: list-state by @sidharthjain-zemoso in #384
- feat: Disable Contained Database Authentication Flag for SQL Server Database Instances by @AnjaliMadhavi-Nakirikanti in #378
- Feat/function app cert by @AishwaryaKulkarni97 in #382
- feat: Disable external scripts enabled Flag for SQL Server Database Instances by @kushZemoso in #383
- fix:fixing the target type table display name update by @amishavijayakumar08 in #386
- added cmd to update policyId column size and truncate the cf_policy and cf_ruleInstance Tables by @AnjaliMadhavi-Nakirikanti in #387
- updated terrafrom version to v1.2.8 and custom event bus for diff cloud provider by @rnithinpaladin in #388
- feat: job scheduler service by @santhosh-challa in #391
- fix:fixed cloud watch rule json syntax error by @AnjaliMadhavi-Nakirikanti in #393
- fix: GCP discovery issue by @dheerajkholia-paladin in #397
- fix: fixed syntax error in db.sql and rule_cloudwatch.json by @AnjaliMadhavi-Nakirikanti in #396
- fix: running the three cloud rules in parallel, instead of sequentially by @santhosh-challa in #399
- job_schedule_interval by @rnithinpaladin in #405
- common.py update by @rnithinpaladin in #411
New Contributors
- @Steve-Hull made their first contribution in #377
Full Changelog: 1.1.0...1.2.0
1.1.0
Summary
- Added two policies for GCP
- UI Angular Upgrade and bug fixes
- Existing policy updates
- Infra updates
Details
AWS Event Bus Limit:
- By default, AWS has a soft limit on the number of rules that can be created against the default bus. Currently, this limit is set to 300.
- We have crossed the limit in this release. If any of the users try to redeploy or install Paladin Cloud from this release, the installation will be failed due to the limit.
- So we are requesting you to raise a support ticket with AWS to increase the Rule limit on the EventBridge bus from 300 to a bigger limit. (400/500 depending on your use cases)
- We are working on avoiding this by using the custom event busses. This is under development and we are actively working on it to include in the next release.
- New installations or redeployment of the existing applications need to follow the above process before the start of the process.
Policy Updates
- We have added a new collector for AWS.
- We have added two policies for GCP.
- We also changed the cf_Policy table metadata along with the existing policy description updates.
- As per the current process, redeploy will not update the existing data in the DB tables.
- New data will be inserted during the redeploy process.
- To get the existing updates, users who are using the Paladin Cloud optionally can follow the below process:
- Connect to the MYSQL instance, which was installed as part of the installation
- Truncate the two tables cf_Policy and cf_RuleInstance. The fresh data would be inserted into these tables during the redeploy process.
- We are working on improving the data migration process.
UI Updates
- We have upgraded the Angular library version from v4 to v13.x.
- Please follow the below steps if you are planning the redeploy process:
- Please remove the node_modules, dist folders and package-lock.json file.
- This should not cause any loss to the user experience. Please raise an issue in case you are facing any issues.
- We also added some bug fixes in this release.
Infra Updates
- Upgraded the Lambda runtime from python3.6 to python3.8
- Added the tags for the missing resources created via the installation process.
Known Issues
- We have added two policies for the AWS autoscaling group in this release. They are not fully functional yet. We will be fixing the same in the upcoming release.
What's Changed
- fix: text in homescreen, loader, all-cloud img by @sreeja1031 in #281
- changed the sql thread alert policy name and added the resolution url by @AnjaliMadhavi-Nakirikanti in #283
- fix:changed name and description for policies by @AishwaryaKulkarni97 in #284
- Corrected ES host and port for targets by @dheerajkholia-paladin in #285
- fix: changed the length of the policyId of cf_policy table similar to cf_ruleInstance table by @AnjaliMadhavi-Nakirikanti in #287
- fix: ruleparams and db.sql by @kushZemoso in #289
- fix:Corrected the targetType for the activity log alert based rules by @dheerajkholia-paladin in #290
- fix: splash screen and home page changes by @sidharthjain-zemoso in #291
- feat: Added empty state component for no available data by @sidharthjain-zemoso in #292
- fix: Fixed build fail by adding geojson version by @ranadheer-b in #299
- fix: changed policy name for the policy Encrypt Unattached Disk Volumes as per wiki by @AnjaliMadhavi-Nakirikanti in #293
- fix: changed activity log policies display name as per wiki by @AnjaliMadhavi-Nakirikanti in #295
- fix: changed vnet policie display name as per wiki by @AnjaliMadhavi-Nakirikanti in #297
- feat: Added new policy for aws autoscaling group launch configuration by @amishavijayakumar08 in #298
- Codeql setup by @rnithinpaladin in #296
- style: ui fixes in css by @sreeja1031 in #301
- Modified existing AWS ASG to collect AWS ASG LaunchConfiguration data. by @arunpaladin in #303
- feat:Implemented policy for public access for gcp cloud kmskeys by @dheerajkholia-paladin in #305
- fix: Yearly frequency ng-select list is missing January by @sreeja1031 in #302
- feat: Added new aws policy for missing ami reference in launch config by @amishavijayakumar08 in #306
- fix:Added resolution url by @kushZemoso in #311
- Feat/aws dc backup by @arunpaladin in #313
- Fix/policy names by @AishwaryaKulkarni97 in #314
- V1.0.0 changes to master by @santhosh-challa in #312
- chore(deps): bump aws-java-sdk-s3 from 1.11.490 to 1.12.261 in /jobs/pacman-data-shipper by @dependabot in #309
- chore(deps): bump aws-java-sdk-s3 from 1.11.264 to 1.12.261 in /api/pacman-api-admin by @dependabot in #310
- chore(deps): bump aws-java-sdk-s3 from 1.11.490 to 1.12.261 in /jobs/recommendation-enricher by @dependabot in #308
- chore: Update readme by @santhosh-challa in #315
- docs: updated CONTRIBUTING.md by @santhosh-challa in #318
- fix: Updating tags for installation resources by @rnithinpaladin in #320
- Feature/dataproc cmk by @AishwaryaKulkarni97 in #316
- fix:updating opensearch policy to check the version for encryption by @amishavijayakumar08 in #321
- docs: updated the installation readme files by @santhosh-challa in #322
- Added Amazon linux on the top of commands list by @praveeny1986 in #323
- Angular upgrade by @ranadheer-b in #324
- fix: changed severity and description by @AishwaryaKulkarni97 in #325
- fix: fixed bugs related to graph, loader, empty-state by @sidharthjain-zemoso in #326
- fix(): Fixed session-timeout issue and docker build fail issue by @ranadheer-b in #327
- chore: removed tags for unsupported resources by @rnithinpaladin in #329
- fix: Dropdown rendering fix and UI session time out issue by @ranadheer-b in #330
- chore:modified domains in config file by @sidharthjain-zemoso in #333
- Lambdaruntime by @rnithinpaladin in #336
New Contributors
- @praveeny1986 made their first contribution in #323
Full Changelog: 1.0.1...1.1.0
1.0.2
What's Changed
We have updated the Lamda runtime from python3.6 to python3.8. As python3.6 runtime is deprecated.
Full Changelog: 1.0.1...1.0.2
1.0.1
1.0.0
Hello Community,
The Paladin Cloud team is pleased to announce that Paladin Cloud 1.0.0 has just been released.
Paladin Cloud is an extensible, Security-as-Code platform to help developers and security teams significantly reduce risks in their cloud environments. The platform functions as a policy management plane across multi-cloud and enterprise systems to protect your applications and data.
For more information check the wiki.