May 30 Release Notes
All the first phase functionality is now in place.
This release adds of cloud-side configuration audit. Coupled with the SenseDeep agent for intrusion detection, this provides security from outside-in and inside-out of your cloud.
We've also integrated live chat for support and some other cool features.
- Live chat for support
- Added account name update and account email editing
- Unified response filtering
- Alert aggregation over time and incident
The cloud scanning was enhanced to be invoked in response to an account change via Cloud Watch Events. Any change to an EC2 instance, security group or IAM setup will trigger an event and be immediately processed. This means that you now have real-time security management of the core AWS services.
Previously, the Alert channels were used for billing notification. This release defines a separate account email that is used separately for billing notifications. The Account Preferences page now has fields to modify the account name and account email address.
Alert automated responses would previously have a pull down for hosts. This would select the host for which the response would apply. This has been removed and now, you should use the Filter Expression to restrict the response. The filter expression can describe the desired hosts, regions, tags etc. for which to apply the response.
The context sensitive help has been updated to be specific for each response and for added defenses.
Repeat alerts of the same incident type are now aggregated so that you do not get swamped with alert reports. You will see only see the most recent incident of a given alert in the alert list. The full history of alerts is always available in the Alert History. A side benefit of alert aggregation is that your alert list becomes a compact list of the open security issues for you to address.
- Fix dashboard timeline of attacks and threats displaying zero data points
- Again, many small fixes