December 08, 2022, Conformity—The following features and updates are now available
with Conformity's latest release on 08 December 2022.
Bug Fixes
- Fixed a bug to prevent Azure RTM events from being created intermittently by improving the logic of detecting duplicate events.
- Fixed a bug with the Security Group rules scanning by ignoring them if the Ingress or Egress rules cannot be extracted from the IaC template.
- Fixed a bug to return the error response of `200 with {data: []}` instead of `403` for service group API for an organisation without any account.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current
custom policy version is 1.38. Click here to access the current custom policy.
New Rule
Azure
ActivityLog-029: Create Alert for "Delete Public IP Address" Events: This rule ensures
that an Azure activity log alert is used to detect "Delete Public IP Address" events.
Rule Updates
Updated the following rules to fix an issue with their handling of AWS regions with
restricted permissions for Conformity:
- IAM-060: Attach Policy to IAM Roles Associated with APP-Tier EC2
- IAM-064: Attach Policy to IAM Roles Associated with Web-Tier EC2
- ASG-004: Same Availability Zones in ASG and ELB
- Inspector-001: Amazon Inspector Findings
- Inspector-002: Days since last Amazon Inspector run
- Inspector-003: Check for Amazon Inspector Exclusions
SQL-010: Check for Unrestricted SQL Database Access: Updated the rule to return a
SUCCESS check when the ‘Deny public network access’ toggle is checked. The rule continues
to ensure firewalls associated with your Microsoft Azure SQL servers are not configured
to allow unrestricted inbound access.
SQS-004 : Queue Server Side Encryption: Updated the rule to cover the latest SQS encryption
options in AWS and prevent false negative checks