November 29, 2022, Conformity—The following features and updates are now available
with Conformity's latest release on 29 November 2022.
- Added a new Replay endpoint to the Checks API allowing you to send checks history into newly created Communication Channels. For details see: Re-run Historical Check Notifications.
- You can now add Chinese characters in the Account Tags via the UI and the public API.
- GCP Conformity Bot now supports the following regions:
- asia-south2
- australia-southeast2
- europe-southwest1
- europe-west8
- europe-west9
- northamerica-northeast2
- us-east5
- us-south1
- southamerica-west1
Bug Fixes
- Fixed a bug where the Real Time Threat Monitoring notifications were not being sent when a check status changed from `Failure`, to `Success`, and then back to `Failure` in quick succession.
- Fixed a bug where the Power Users and the Read Only users were able to view users' activity on the Main Dashboard. User activities can only be viewed by a Full Access user and a Custom Role user with appropriate permissions.
- Fixed a bug where the Azure Real Time Monitoring install script failed to install monitoring resources correctly.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current
custom policy version is 1.38. Click here to access the current custom policy.
Rules
Azure
- SecurityCenter-040: Enable Automatic Provisioning of Microsoft Defender for Containers Components [Not scored]: This rule recommends that automatic provisioning of security components is enabled for Azure containers.
- StorageAccounts-022: Disable public access to storage accounts with blob containers: This rule ensures that public access to blob containers is disabled for your Azure storage accounts. The recommended setting overrides any alternative configurations allowing public blob access.
GCP
- GKE-002: Enable Encryption for Application-Layer Secrets for GKE Clusters: This rule ensures that GKE Clusters have Application-Layer Secrets Encryption enabled.
Rule Updates
- Updated the following AWS EC2 Non-Security-Group service level rules to fix an error-handling issue and generate accurate checks for all regions.
- EC2-009: EC2-Classic Elastic IP Address Limit
- EC2-010: EC2-VPC Elastic IP Address Limit
- EC2-011: Account Instance Limit
- EC2-024: Unassociated Elastic IP Addresses
- EC2-026: Unused AMI
- EC2-056: Unused AWS EC2 Key Pairs
- EC2-072: EC2 Instance Not in Public Subnet
- EC2-078: EC2 Instances Scanned by Amazon Inspector Classic