Skip to main content

4.2.0

Highlights

Google Cloud Platform

  • Expanded Service Support: Added collections for Pub/Sub, Cloud Functions, Firestore, Filestore, and SCC services.
  • AI Service Support: Added support for Vertex AI resources.
  • Enhanced Insights: Improved metrics collection for major cloud services.

Amazon Web Services

  • Broader Security Coverage: Added collections for SSM Compliance, GuardDuty, and Inspector resources.
  • AI Service Support: Fix now supports SageMaker, Bedrock, and Q services.
  • Policy and Lifecycle Enhancements: Lifecycle policies for S3 and expanded CloudWatch policies.

Microsoft Azure

  • New Resource Support: Added collections for PostgreSQL, CosmosDB, SQL Server, and Flow Logs.
  • AI Service Support: Added support for Machine Learning resources.
  • Improved Monitoring and KeyVault Integration: Enhanced visibility and security for critical Azure resources.
  • New Security Benchmark: Azure CIS 2.1 has been added to the list of benchmarks.

Core and Library Enhancements

  • Resource Abstraction: More common properties added to base resources.
  • Categories: Unified resource categories for better organization.
  • Consistency: Improved consistency checks.

What's Changed

Features

  • 98efe454 gcp Add SCC service collection (#2291)
  • 54024e5c gcp Improve the way of collection for DiskTypes and MachineTypes (#2284)
  • 73efbf33 gcp Add Pub/Sub service collection (#2287)
  • c6267002 gcp Add metrics collection (#2283)
  • 5b8dc075 lib Extend base resources with additional common properties (#2278)
  • 2cccb449 aws Reimplement SSM Compliance resource collection (#2280)
  • a18bf1af gcp Add cloudfunctions service collection (#2276)
  • 6a681048 gcp Add filestore service collection (#2277)
  • 6d185bb3 gcp Add firestore service collection (#2275)
  • 897e9204 core Add Async Streams abstraction (#2273)
  • 309a6344 azure Update security assessments collection (#2266)
  • c22f979f aws Add searching instances also by region and make SEVERITY_MAPPING statically (#2272)
  • 65c98f76 aws Add collection of GuardDuty resource (#2255)
  • bc8eae4a aws Make a collection of Ec2 Instance types only for existing instances (#2264)
  • fc42db51 lib Allow marking resource classes as not exportable (#2259)
  • 23cd836a lib Define separate assessment section (#2257)
  • d77c65cc aws Ignore datetime for history by default (#2256)
  • a0083255 plugins/onprem Move onprem plugin to dedicated repository (#2251)
  • 8626219a aws Add collection of Inspector resource (#2242)
  • 6cacdf95 azure : Add more connections from monitor (#2239)
  • 47a41a01 plugins/vsphere Move vSphere plugin to dedicated repository (#2243)
  • b37bc55c azure Collect certificates from sub resources (#2225)
  • f3a94606 core Allows retrieving the model from plugins instead of db (#2232)
  • 8482aa6d azure : Improved AzureComputeDiskTypePricing deletion (#2231)
  • e27feda8 aws Add additional policies to the cloudwatch (#2216)
  • 1022d231 Cleanup (#2224)
  • 25d12134 aws Add lifecycle policy to the S3 resource (#2220)
  • a2853406 gcp Add Vertex AI collection (#2211)
  • 06ff0a3f azure Connect CosmosDB resources to the location instead of subscription (#2214)
  • 70e1eec9 core Add node command (#2212)
  • 4ba56c19 plugin Better docs and docs_url (#2210)
  • 14887b64 core Add kind description in multi tenant mode (#2204)
  • 550f6bf1 aws : Add more policies to collect (#2202)
  • 146cd102 core list: allow for listing props with default props (#2200)
  • 077a8086 core Add IAM edge collection (#2198)
  • 50ec1d35 aws Bedrock resources collection (#2190)
  • 6d11a8a9 lib Unify groups and categories (#2194)
  • 62a867e8 lib Improve model check (#2193)
  • 90139f5c hetzner Initial Hetzner Cloud support (#2168)
  • 66cbd9e3 plugins Proper name, icon and group for AWS, Azure and GCP (#2188)
  • 36ddfa5b core Allow filtering edge properties (#2186)
  • 85fbe2d2 azure Azure adjust names and connections (#2183)
  • f7d3dac7 core Allow edge properties (#2182)
  • 467a6638 core Use database locks to perform migration (#2184)
  • c3a1bddb aws Add amazon Q resource collection (#2175)
  • 6be0feb2 azure Add machine learning resources collection (#2174)
  • 70cee4c5 core allowlist events for posthog (#2177)
  • 0b83034f azure Add PostgreSQL collection for cosmos-db resources (#2170)
  • 4fffcfa9 azure Add cosmos-db resources collection (#2167)
  • 4b9b7184 azure Add WebApp (#2164)
  • 3c831f8c azure Improve KeyVault (#2163)
  • c06a775b core account security score details (#2162)
  • 89ffc7c4 gcp Save parsing with feedback (#2160)
  • 34d50ba3 azure Add flow log resource collection (#2159)
  • fdaeb537 azure Monitoring and KeyVault resources (#2156)
  • f692309a azure : Update configs collection for mysql and postgresql (#2157)
  • 3410e814 azure Add postgres service collection (#2155)
  • 4125af70 azure Improve SQL Server (#2151)
  • 3de8958f azure Add support for mysql resource collection (#2150)
  • 4f24d5ba core Add history timeline (#2152)
  • a7cdc097 azure : Add prefix 'server' to the SQL resources (#2148)
  • ea2c97fe azure Add policies (#2141)
  • 4f4d80eb azure Add support for sql resource collection (#2144)

Fixes

  • d61bb368 docker-compose no pull info (#2297)
  • 0d969e4f docker-compose -> docker compose (#2295)
  • 3fff8b57 aws : Update S3 bucket tests for updated implementation (#2281)
  • e0c1ae7d azure : Ignore errors from Azure side (#2263)
  • ebb67bec aws Collect and connect Inspector resources properly (#2253)
  • 2022f484 azure Metadata (#2261)
  • aceca6bc core Use id and name for descendant count (#2271)
  • e83ee7a7 Store access levels directly on the reported section (#2265)
  • 67091085 core Count failing resources correctly (#2269)
  • fee7b5a0 Enable access_edges via env variable (#2262)
  • d2acc740 aws Ignore wrong history events (#2260)
  • 3ba74a90 Add sts:AssumeRole action when checking roles (#2244)
  • 4d6ff4a7 Add an access section next to permissions in IAM edges (#2254)
  • 015bbfee Make resource_policy abstract method to trigger typecheck (#2252)
  • 53b45ef1 aws Turn off access edge collection (#2248)
  • 4381b4fb core Export property documentation for configs (#2245)
  • 20335dd2 Wrap scp collection into try catch (#2241)
  • d3c88331 Enable access edges collection (#2238)
  • 42c7c446 Collect SCPs for access edges (#2235)
  • d989475c aws Handle AWS server errors properly (#2236)
  • 19801757 azure Reimplement resource type collection of compute, psql, mysql and ml services (#2234)
  • 8adf359d core Add kinds to content hash (#2233)
  • 303e661e azure Define Phantom Resources (#2230)
  • 12878a16 aws Add missing resource docs (#2227)
  • 73218b40 azure Compute unused regions as last step (#2228)
  • c6e9b82a Access Edges (#2195)
  • bce4ffcb Better detect and remove unused regions (#2222)
  • 7f41f800 core move slotted data to previous slot, not next (#2226)
  • e0f8435b gcp : Deduplicate error messages in accumulator (#2223)
  • 46953708 core Merge edge and vertex and unfold in code (#2217)
  • 5aee8cbc core Compute descendant count based on ancestors section not g… (#2213)
  • a5267a37 azure : Fix connect_in_graph method of AzureAuthorizationRoleAssignment resource (#2215)
  • 47c62533 core Multipart name (#2203)
  • 5d39d027 azure Ignore props for history (#2201)
  • 61e97ea3 core Traverse the graph by walking all possible paths when an edge filter is present (#2197)
  • 21ddc09a core Persist parent update structure in an atomic way (#2196)
  • ac8c4a08 azure : Fix unnecessary abstract class kinds (#2191)
  • d7fcb849 plugins Add missing metadata (#2192)
  • e44bb355 core Fix model filter condition (#2189)
  • 2b99e41a Add IamPrincipal base resource (#2187)
  • f11d8717 core Surrogate system data (#2185)
  • 16df325e core arangosearch predicates with array access (#2179)
  • 9256dace core Do not use arangosearch for nested array context searches (#2178)
  • d4f3a035 core latest azure check (#2172)
  • e0008e56 Make report checks lookup safer (#2171)
  • 89cf8177 core History timeseries slotter (#2169)
  • 00b95816 gcp : Duplicate checksum error in sql service (#2166)
  • 59e53ccb core Move timeline to request time after (#2165)
  • dcd08d96 gcp Improve error message (#2161)
  • 2278030e core Use consistent reading when updating the account (#2158)
  • c8bb7918 gcp Disk size types (#2154)
  • 57a7d38c shell Do not warn when the model cannot be loaded (#2153)
  • 0c4ee17a azure Better names (#2149)
  • 73486084 core Security sync by always marking the resource vulnerable (#2147)
  • 4f0f9734 core History search with sort and fulltext terms (#2146)
  • c710cf6e core Fix nested with statements (#2145)

Documentation

Chores

feature

  • 76f1e08c lib Add the source of resource kind (#2218)

4.1.0

What's Changed

Features

  • 4093b0ab azure Add authorization (#2135)
  • 012138f0 azure Collect security resources (#2139)
  • f593e93c azure Case insensitive connect (#2140)
  • 869d5d60 azure Add new resources for collect to existing base resources (#2127)
  • 526b5492 core Merge deferred edges via API (#2136)
  • 09fc5ed1 core Use view to query the graph (#2101)
  • f3eacc69 azure Add Microsoft Graph collector (#2133)
  • ab1561b6 core TimeSeries: allow defining a factor for computing the average (#2126)
  • bfb80adb aws Add tag deletion/updating and resource deletion for backup service (#2119)
  • b884916f worker Fix description for cycle (#2117)
  • 48acc1c3 aws Integrate Backup Service collection (#2106)
  • a132841a aws Edge: s3 account settings --> s3 bucket (#2112)
  • 51305567 Check baseresource implementations in plugins (#2104)
  • 1ad2be65 shell Add more benchmark stats (#2102)
  • b65eacc6 core Add query stats as HTTP Header (#2100)
  • 5371e1d2 gcp : Add baseresoruces to the GCP (#2085)
  • cdd1c34c core Rewrite queries to make them more efficient (#2093)
  • 39d55003 shell Add --benchmark arg (#2095)
  • 98014724 lib Export categories (#2087)
  • e46e21ff aws Add dynamodb continuous backup (#2090)
  • 8253e123 aws Add region_in_use property for region (#2086)
  • 1076b182 core Improve update index efficiency (#2083)
  • 6255c40b azure : Add safety read/write access to the graph (#2082)
  • 21afa20e aws Provide VPC in use flag (#2081)
  • 043ad3a8 azure Align names of the azure resources (#2079)
  • d62b4eae azure Azure Storage collect_usage_metrics implementation (#2074)
  • e9026439 core Improve the display name of the property (#2073)
  • ff760a01 aws Revert "[feat][aws] Add more resources to done in parallel (#2066)" (#2070)
  • 718fa3e1 aws Add more resources to done in parallel (#2066)
  • 3355f872 core Allow filtering benchmarks (#2069)
  • 45961cd6 Add ability to specify max number of resources per account (#2062)
  • 9553b723 aws : Update collect method implementation (#2051)
  • 96e5a227 azure Add Azure Storage resource collection (#2044)
  • 8fceaf1d aws Bump Fix Inventory Data (#2061)
  • 537c659d aws Add io2 pricing (#2060)
  • dda621f9 aws Add S3 bucket location property (#2050)
  • d44667b1 core Allow update node with force (#2047)

Fixes

  • 5e7611ff core Turn off regexp rewriting (#2142)
  • 398ba01c azure : Reimplemented fleet and clusters connection (#2137)
  • 9e329d44 core Render empty sections (#2131)
  • a2cd15f5 aws Ignore rds_latest_restorable_time for history (#2130)
  • 8511ba56 core Simplify and fix owner lookup (#2128)
  • 91855cd9 [azure] Add missing relationships between base and cloud resources (#2125)
  • 9666a4d7 core Model: resolve hierarchy not bases (#2124)
  • 09c24b2a core Backup: correct endpoint when using https (#2123)
  • c5ce6bef core Maintain db config in tenant config (#2122)
  • d41709ea aws : Fix non acyclic graph connection (#2118)
  • 4df872b7 core Stable node ids for benchmark results (#2114)
  • c362e700 shell Define graph and section (#2113)
  • 7ed8a34a Collect the correct subscription id (#2109)
  • c22a26f0 Use a single lock for the Azure graph builder (#2108)
  • f10ad0bf core Fix and improve with statements (#2107)
  • 9f606bab Fix typo in basechecker workflow (#2105)
  • 3c944e89 lib Fix kind names (#2103)
  • b222517c aws : Change _keys method implementation for AwsCloudwatchMetricFilter and AwsApiGatewayResource (#2096)
  • e93cd56f core Only combine terms for properties in the reported section (#2099)
  • b825649c core model creation (#2097)
  • 4f5e6230 aws Add clear names and fix BucketSize collection of the S3 resource (#2094)
  • 76c72aaf core Wait lock timeout (#2092)
  • b74087e2 aws Update log level info -> debug for task def skipping (#2091)
  • 0a1116d4 aws Fix parallel collection (#2071)
  • 9245b9d8 core Treat optional config properties as such (#2088)
  • f8dc977b core Context query with array with or (#2084)
  • 8fb295a6 core Increase timeout for getting transaction barriers (#2077)
  • 71fe4be6 core Add whitespace to operation (#2068)
  • 3fa936a5 core Fix PlantUML settings (#2064)
  • b23c4cec core Plantuml settings (#2063)
  • b3ac2e7b aws Add test for s3 storage metrics (#2059)
  • d690de0f aws S3 metrics for all storage types (#2058)
  • 29017fb5 core sort with with clause (#2056)
  • d45dfa95 aws wait for all ecs task definitions (#2057)
  • 72b79c8f aws Only collect latest task definition (#2055)
  • 08926f0d aws Collection S3 cloudwatch metrics in the corresponding regions (#2052)
  • c663eafe aws Retry using retrying only (#2054)
  • 7436666a aws Fix S3 storage metrics retrieval (#2049)
  • 62e3f8aa aws : Fix query stat for cloudwatch metric requests (#2048)
  • dc7d2fac ci Limit concurrent publish workflow runs on main (#2043)

Chores

4.0.5

What's Changed

Features

  • 1eac7bb3 azure Added new handling implementation for azure errors (#2038)
  • fefdc6bd aws Add AWS parallel metrics collection (#2042)
  • aabe363c aws Add additional AWS metrics collection (#2021)

Fixes

  • 98e6f207 aws Add edge from IAM instance profile to EC2 instance (#2045)

Chores

4.0.3

What's Changed

Features

  • b2deb5e8 core Allow aggregation function for time series data (#2031)
  • 664992e3 core Maintain account score in metadata (#2030)
  • b7c126cb Add region data (#2028)

Fixes

  • 43d0a4c4 azure Finish in case of exception (#2035)
  • 0eae95cf azure Warn and ignore HttpResponseError (#2034)
  • 6010f393 fix ESXiHost edge (#2032)
  • e9ed5440 core Timeseries apply aggregation on slotted values (#2033)
  • 3a1c4d4c gcp Add fixinventorydata (#2029)

Chores