Conformity Enhancements: Improved Communication Channels, Cloud One Integration, and Bug Fixes

Views:

July 28, 2021, Conformity—The following updates were released to Conformity on 28th July 2021.

Communication Channels Update

Webhook: Updated the Webhook Communication Channel to send checks that have been deleted due to a user removing/deleting a resource. These checks delivered will have an additional field "isDeleted: true" to differentiate them from the current checks being sent via webhook.

Jira: Updated the Jira Communication Channel 'Create' and ‘Update' screens to no longer support swapping to an alternative connection type (OAuth or API token) to reduce the risk of breaking a successfully configured channel.

Cloud One Users

With SSOv2 can now access Conformity via Cloud One UI. See our help page on SSoV2 Public API.
Will receive account update emails if they have a valid email address in Conformity

Scan a Profile with Template Scanner

Users without Admin privileges can now select and scan a Profile in Template Scanner via Conformity UI or API by calling the `/profiles` API.

Bug Fixes

Fixed a bug to reduce the number of failed Schedule Reports generation.
Fixed a bug to return the correct API response when a user typed a value while filtering regions.
Fixed a bug to add an account name and account environment to the body of the system-disabled Conformity bot notification email.
Fixed a bug with Template Scanner API Response body to include the actual accountId in the `account` field only when the `accountId` field is passed in the request body.
Fixed a bug to successfully process intrinsic functions as arguments of '!Join' in the Template Scanner.
Fixed a bug where Reports generated with individual checks did not display the Total counts on the PDF report correctly.

Custom Policy Updates

There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.32. Click here to access the latest custom policy.

Conformity Bot Updates

Boosted error handling to prevent outdated or inconsistent checks.
Improvements to prevent Conformity Bot from running longer than expected for European accounts.

Rule Updates

EC2-072 - EC2 Instance Not In Public Subnet: This rule has been updated to allow exceptions based on EC2 Instances by name matched with a regex expression pattern.
IAM-066 - AWS IAM Groups with Admin Privileges: This rule has been updated to allow exceptions based on tags and resource id.

Rule Bug Fixes

IAM-046: Support Role: Fixed a bug where the rule generated false positives due to the throttling of the attached entities.
EKS-002: Kubernetes Cluster Version: Fixed a bug to update the rule to the latest Amazon EKS Kubernetes version 1.20.
Fixed a bug where the following rules failed to generate any checks because of inability to pull data from the ECS Service:
ECS-003: Check for Amazon ECS Service Placement Strategy
ECS-004: Check for Fargate Platform Version
Fixed a bug that prevents checks from being generated when there are a large number of exclusions for the following rules:
Inspector-002: Days since last Amazon Inspector run
Inspector-003: Check for Amazon Inspector Exclusions Updated