Release Notes

The latest releases, features and bug fixes for our CPSM product.

Weekly Digest

New Feature Highlight: Weekly Digest

 

As of May 4, 2021, OpsCompass will now send out Dashboard-level information to users on a weekly basis through email.

This weekly report provides you with high-level visibility of your cloud infrastructure’s security posture without needing to login and without including sensitive information.

 

The Weekly Digest provides highlights on:

  • Your current Compliance Score
  • Open events
  • Frameworks
  • Resource metrics
  • Inventory changes

July 20th, 2021

New Features

  • OpsCompass is adding two-factor authentication (2FA) as a requirement to further protect all user accounts. For more information read ‘How to Enable 2FA Within OpsCompass’ 
  • Added CIS Controls Version 8 framework

Bug Fixes/Improvements

  • Fixed an issue where a resource’s details could fail to load if related resources did not return as expected
  • Fixed an issue where the compliance status of a check for a resource could continue to display “Not compliant” after the issue with the resource was resolved in a rare initial condition that affected about 0.2% of resources
  • Fixed a bug where Drift for some Azure Resource Types erroneously was showing resources being removed and re-added
  • Changing sort order will display the resource card of the first resource in the list
  • Changed session cookie timeout value to one (1) hour
  • Upgraded jQuery to latest version 3.6.0
  • Session cookies are now properly destroyed on logout

July 1st, 2021

New Features

  • Inventory now includes a card that displays resource details so that users can better understand the activity and detail of specific resources while remaining in the context of an inventory filter

Bug Fixes/Improvements

  • Removed ‘Cloud Provider’ tab from Inventory page since Scope is used for filtering by Cloud Provider the utility of this tab as a drilldown has been diminished
  • Removed ‘Region’ and ‘Created On’ from the Inventory Resource table since these are displayed on the new Resource card
  • OpsCompass now checks for the use/configuration of AWS Secrets Manager and checks for the use of secret rotation scheduling.
  • Removed cloud provider prefix from Resource Types as it is redundant information
  • Fixed a bug where sometimes GCP scans would run out of memory; this typically only happened with new GCP accounts
  • Changed the target of Dashboard’s ‘View all Inventory’ link to land on Resources tab
  • Fixed Export Report function on compliance status for all resources page
  • Fixed a bug where in certain cases users were not able to export Compliance reports
  • Fixed a bug where EC2 SecurityGroup relations were not being properly parsed even though they were present in the scan
  • Added sql#database resource type (GCP)
  • Expanded type dependency scanning to cover Azure
  • Expanded type dependency coverage of GCP scanning
  • Break up `sync-subscription-resources`
  • Corrected remediation steps for AWS CloudWatch KMS Key management
  • Updated style of buttons and icons used on Inventory page
  • Added check for AWS S3 Buckets to ensure CloudTrail buckets are not exposed to the internet.
  • Authored compliance check for AWS accounts to ensure there are more users than just root
  • Corrected the remediation steps for AWS CloudWatch compliance checks

June 17th, 2021

Bug Fixes/Improvements

  • OpsCompass now checks for the use/configuration of AWS Secrets Manager and checks for the use of secret rotation scheduling.

  • To remove confusion introduced by showing framework-specific severity levels for problems, OpsCompass has removed the framework-specific severity levels and now shows only the framework control references. Note that the Severity is still present at the control/requirement level.

  • Corrected the remediation steps for AWS CloudWatch compliance checks

  • Changed the target of Dashboard’s ‘View all Inventory’ link to land on Resources tab

  • Fixed a couple issues that caused compliance problems for deleted resources to be counted on the dashboard and inventory.

  • Fixed a bug where in certain cases users were not able to export Compliance reports

  • Changed header on Exception/Mitigation modal popup when no resources selected

  • Improved check coverage for NIST CSF v1.1

  • Display popup to show “Select resources using checkboxes” on clicking Add exception button on check page

  • Changed default tab in inventory to ‘Resources’

  • Added tags for severities to the controls display on disabled checks

  • Tabular display of related resource for resource no longer contains entry for itself

  • Fixed bug where duplicate Compliance Framework sub controls displayed on resource in inventory.

  • Added additional check information to Inventory Resource page

  • Improved loading message in inventory

  • Updated paging controls and entries per page styles used in DataTable

  • Authored compliance check to ensure Redis Cache is not publicly exposed

  • Assigned network checks to CIS AWS Benchmark 5.2 control

  • Assigned network checks to CIS AWS Benchmark 5.1 control

  • Improved sort widget indicators

  • Updated References: Update references to Compliance Status for Resource page

  • Updated References: Run migration script to migrate rule data to checks

  • Clean Up: Remove (now obsolete) Rule Pages

  • Updated References: Replace disabled checks card with disabled rules

  • Top Fix card now links to new Check Page

  • Refactored Manage Check Page to improve use and presentation

  • Created Manage Check Page

May 26th, 2021

New Features

  • OpsCompass now includes support for FedRAMP (technical controls of the Moderate Baseline template)

  • Compliance Problems and Top Fix links now link to a new Check page that improves the use and presentation of compliance information for resources

Bug Fixes/Improvements

  • Changed default tab in Inventory to ‘Resources’

  • Updated paging controls and entries per page styles used in DataTable

  • Improved sort widget indicators

  • Added tags for severities to the controls display on disabled checks

  • Tabular display of related resource for resource no longer contains entry for itself

  • Improved loading message in inventory

  • Changed text for Exception/Mitigation modal popup when no resources selected

  • Top Fix card now links to new Check Page

  • Fixed intermittent datatable initialization issue

  • Fixed bug where duplicate Compliance Framework sub controls displayed on resource in inventory.

  • Removed legacy artifacts from setupEventForwarding AWS Lambda

  • Added OpsCompass Master Control expansion to checks on controls on upload

  • Fixed compliance rules upload script bug where proper cloud rule was not being generated

  • Added mapToKey functionality in Auger processConfig function

  • Make getResourceRelationships return a better JSON object

  • Authored compliance check: AWS EKS Ensure clusters are created with private endpoint enabled and public access disabled

  • Authored compliance check: AWS EKS Restrict access to the control plane endpoint

  • Authored compliance check for: CIS AWS EKS 2.1 Enable audit logs check

  • Added additional check information to Inventory Resource page

  • Authored compliance check to ensure Redis Cache is not publicly exposed

  • Assigned network checks to CIS AWS Benchmark 5.2 control

  • Ignore disabled checks during compliance scan

  • Updated References: Update references to Compliance Status for Resource page

  • Updated References: Run migration script to migrate rule data to checks

  • Removed Compliance Status for Resource page

  • Updated References: Replace disabled checks card with disabled rules

  • Updated References: Update Inventory Resource Page to Link to Check Page

May 12th, 2021

New Features

  • OpsCompass now includes support for NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf). Technical controls are evaluated for adherence to the NIST defined requirements.
  • Resource Inventory now includes a ‘Related Resources’ tab that shows resources that have a direct relationship to the current resource. This helps users identify change impact and better understand workload resources. The tab contains resource name, related by information, resource type, region, problems, changes, and created date. All columns are sortable.

Bug Fixes/Improvements

  • Authored compliance check for AWS accounts to ensure there are more users than just root
  • Authored compliance check for signing certificates on AWS root account
  • Authored compliance check for MFA on AWS Root account
  • Authored compliance check for the presence of Access Keys for AWS root user
  • Standardized checkbox classes used in UI
  • Added AWS Account Summary Resource Type

May 4th, 2021

New Features

  • OpsCompass will now send out Dashboard-level information to users on a weekly basis. This weekly report provides you with high-level visibility of your cloud infrastructure’s security posture without needing to login and without including sensitive information.

Bug Fixes/Improvements

  • Fixed bug with CIS rule requiring MFA devices when users do not have console access
  • Fixed an issue where AWS S3 buckets showed the wrong region in OpsCompass
  • Re-enabled initial email for account validation
  • Fixed text box that allows searching inventory by resource name
  • Updated the framework “MLSS” to “Oracle Database Licensing”

April 28, 2021

New Features

  • New users will be able to sign up for accounts secured with a password again, rather than being forced to use Microsoft or Google to log into the app.

Bug Fixes/Improvements

  • Updated Terms of Service for April 2021. Note that you will need to review and approve.
  • Users who use a password to log in to OpsCompass can change their password through their “Settings” page.
  • Fixed bug that caused a deleted user to not be immediately logged out.
  • Fixed bug where a modal could not be dismissed after a company was downgraded to Free Tier.

April 14, 2021

Bug Fixes/Improvements

  • Improved No Results Messaging for (most) Pages that Use Page Filters
  • Addressed empty OLM deployment details table date rendering
  • Improved consistency with names used in navigation, breadcrumbs and page titles
  • Added friendly message to user when scope conflicts with a saved filter
  • Added more descriptive text indicating what is filtered on a page
  • We inform the user when they authorize OpsCompass in Azure AD but don’t have permissions to set up OpsCompass in any subscriptions.
  • Improved sizing on Dashboard for smaller screens so that Top Fixes show properly

March 25, 2021

New Features

  • Compliance and Drift pages have a new filtering interface! Filters are now presented as a modal window with collapsible sections to improve usability. Of course, Saved Filters are still supported; now accessed through a dropdown list right next to the Filter button.

Bug Fixes/Improvements

  • Updated labels in JSON differencing view in Drift to be bold, black text.
  • Fixed for issue with viewing drift change where if more than one concern was tied to a change the carets associated with the first concern pointed the wrong direction.
  • Confirm user delete action
  • Fixed a bug where whitespace provided with AWS role or external ID would cause an AWS account to fail to connect.
  • Prevented users from accessing Add Account if they do not have permission to add accounts
  • Clarified Azure/O365 onboarding instructions to highlight that CSCM only requires read-only access
  • Fixed a bug with Azure Key Vault Soft Delete Compliance Check checking for Purge Protection property
  • Resources that are removed from cloud should not display in inventory or dashboard

March 10, 2021

New Features

  • Users can now delete user accounts for their company or initiate a delete for their company. If deleting a user or company, the user is brought to a page thanking them for trying OpsCompass. The page has a link back to https://www.opscompass.com/. User deletions are prevented if the user is the only user with the role “company_sysadmin”. They are instructed that they need to transfer the role before the deletion can be completed. All deletion types tell the user the deletion can take up to 30 days to complete.

Bug Fixes/Improvements

  • Fixed not submitting the form for Bulk Mitigation/Policy Exception
  • Fixed extra ‘Last Known Configuration’ text on resource page
  • Fixed a bug where a ‘removed’ tag was displaying next to active accounts.
  • Fixed issue with inconsistencies between Drift Concerns counts on Dashboard and on Drift Page
  • Modified styles associated with editing Drift Concerns
  • Added support for assigning teams when creating/updating Drift Concern
  • Updated column name on Companies page in admin portal from “Age” to “Created On”

March 01, 2021

New Features

  • New Accounts Filter Experience on Drift: We have a new way to select the accounts you want to see on the Drift page. This feature will be expanded and grown over time. Try it out and let us know what you think!

Bug Fixes/Improvements

  • Accounts Filter Updates: Every page that has the option to filter by cloud accounts now sorts them by cloud then alphabetically. This is the same order the accounts appear on the dashboard.
  • Updated teams page to have label ‘Drift Concerns’ instead of ‘Alert Concerns’
  • New URLs for the “Upgrade” and “Free Trial” links: these now link to new pages in our dot-com experience. Upgrade links to our Pricing Page and the “free trial” links to our “Start for Free” page.
  • Fixed time zone issue with setting mitigations/policy exceptions on resources that leads to incorrect history information
  • Modified Welcome pages 14-day Free Trial link
  • Ignoring realtime event processing errors related to short-lived Azure resources (such as Databricks resources)

February 16, 2021

New Features

  • N/A

Bug Fixes/Improvements

  • Support AWS CloudFormation template: So that OpsCompass can successfully discover and monitor resources while using only read-access permissions within AWS, we have authored a forwarding rule. The forwarding rule monitors all AWS service events, both raw and CloudTrail sourced, that sends events to OpsCompass and stores them in an S3 bucket. To ensure that data sources are not readable to OpsCompass a deny policy is used to explicitly prevent access of data source contents.
  • Added additional information to ‘Add Account’ page including KB references and invite user button
  • Updated new AWS signup experience to Pharos Styles
  • Chrome browser issue – Fix mega-caret issue seen on compliance framework page
  • Updated time zone should not give you a confirmation prompt about legal settings
  • Updated AWS Lambdas to allow non-administrative signup
  • Updated ‘Add Account’ workflow to use new Pharos styles and colors
  • Corrected inconsistency between number of accounts displayed on dashboard and inventory
  • Updated styles and layout in Inventory pages
  • Updated Inventory Page to use Pharos Colors and Icons
  • Corrected bug associated with MLSS date checking that created unnecessary compliance drift
  • Capture CloudFormation stacks with similar names
  • Modified CIS check to remove ports 22 and 3389 validation from AWS default security groups
  • MS 365: Split scanning functions from HTTP-triggered functions
  • Added CIS rule for microsoft.graph.identitySecurityDefaultsEnforcementPolicy

OpsCompass is Free to Get Started

Secure your cloud today