Views:
November 29, 2022, Conformity—The following features and updates are now available with Conformity's latest release on 29 November 2022.
  • You can now add Chinese characters in the Account Tags via the UI and the public API.
  • GCP Conformity Bot now supports the following regions:
  • asia-south2
  • australia-southeast2
  • europe-southwest1
  • europe-west8
  • europe-west9
  • northamerica-northeast2
  • us-east5
  • us-south1
  • southamerica-west1
Bug Fixes
  • Fixed a bug where the Real Time Threat Monitoring notifications were not being sent when a check status changed from `Failure`, to `Success`, and then back to `Failure` in quick succession.
  • Fixed a bug where the Power Users and the Read Only users were able to view users' activity on the Main Dashboard. User activities can only be viewed by a Full Access user and a Custom Role user with appropriate permissions.
  • Fixed a bug where the Azure Real Time Monitoring install script failed to install monitoring resources correctly.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.38. Click here to access the current custom policy.
Rules
Azure
  • SecurityCenter-040: Enable Automatic Provisioning of Microsoft Defender for Containers Components [Not scored]: This rule recommends that automatic provisioning of security components is enabled for Azure containers.
  • StorageAccounts-022: Disable public access to storage accounts with blob containers: This rule ensures that public access to blob containers is disabled for your Azure storage accounts. The recommended setting overrides any alternative configurations allowing public blob access.
GCP
  • GKE-002: Enable Encryption for Application-Layer Secrets for GKE Clusters: This rule ensures that GKE Clusters have Application-Layer Secrets Encryption enabled.
Rule Updates
  • Updated the following AWS EC2 Non-Security-Group service level rules to fix an error-handling issue and generate accurate checks for all regions.
  • EC2-009: EC2-Classic Elastic IP Address Limit
  • EC2-010: EC2-VPC Elastic IP Address Limit
  • EC2-011: Account Instance Limit
  • EC2-024: Unassociated Elastic IP Addresses
  • EC2-026: Unused AMI
  • EC2-056: Unused AWS EC2 Key Pairs
  • EC2-072: EC2 Instance Not in Public Subnet
  • EC2-078: EC2 Instances Scanned by Amazon Inspector Classic