Note for On-Prem customers: As part of this release, IriusRisk needs to be provided with a signing key for the front-end/back-end communication. You must configure the key in the docker compose file as indicated here: Prepare Elliptic Curve Digital Signing key for IriusRisk. If the key is not provided IriusRisk will not boot up and will provide an error in the logs.
Features
- [DRA-627] - Improve performance by updating the threat model
- [DRA-633][DRA-703] - Associate icons to the new GCP, General, and AWS component definitions
- [OPT-262] - Implement bidirectional dataflows for Visio diagrams
- [OPT-341] - Improve the descriptiveness of some errorMessages
- [SIN-108] - New Screen when a project is in an empty state
Bug Fixes
- [DRA-615] - Error importing template to a project
- [DRA-756] - Unexpected error after completing the questionnaire in a nested component previously synchronized
- [INR-321] - A user with ROLE_ADMIN does not see all project
- [MSR-666] - Library Combobox is not populated in some rules from IR Dataflow library
- [MSR-721] - Don't allow updating risk pattern name from IriusRisk libraries
- [MSR-752] - Error deleting risk pattern from component when the ref is duplicated
- [MSR-768] - Exception with a Test custom field after updating the model with a component linked to a library with two weaknesses with the same ref
- [OPT-444] - fix the Description tag field inside a Security Group Egress mapping
- [OPT-456] - Restore the max file size limit to upload to IriusRisk to 100MB
- [RT-676] - HibernateException when starting with DB from v3.14.17
- [SIN-450] - Fix minors UX bugs
Security Fixes
- [RT-674] - Fix vulnerability in library org.yaml:snakeyaml
New Knowledge-base Content
New content
-
CON-1329: New components SSH Client and SSH Server + New rule to identify an SSH communication through the use of the “ssh” tag in a dataflow
Security content refactors
-
CON-1315: Fixed typos in some AWS Lambda element descriptions and added missing descriptions to some component definitions
Cloud components
-
CON-1321, CON-1326, CON-1327: New components for Google Cloud Platform:
-
GCP Functions
-
GCP IAM (Identity and Access Management)
-
GCP Identity-Aware Proxy
-
GCP Interconnect
-
GCP Pub/Sub
-
GCP Router
-
GCP Terraform
-
GCP Vertex AI
-
GCP Vertex AI Workbench
-
Added new content to GCP Virtual Machines
-
Detailed changelog ([N]ew/[E]dited/[D]eleted)
-
Threats
-
[D] UNCONFIGURED-SECURITY
-
[E] sniff-api-responses ["name"]
-
-
Weaknesses
-
[E] GOOGLE-NET-02 ["desc"]
-
[E] GOOGLE-NET-03 ["desc"]
-
[E] GOOGLE-NET-05 ["desc"]
-
[E] GOOGLE-VM02 ["desc"]
-
-
Component Definitions
-
[N] CD-GOOGLE-CLOUD-FUNCTIONS
-
[N] CD-GOOGLE-CLOUD-IAM
-
[N] CD-GOOGLE-CLOUD-ID-AWARE-PROXY
-
[N] CD-GOOGLE-CLOUD-INTERCON
-
[N] CD-GOOGLE-CLOUD-PUB-SUB
-
[N] CD-GOOGLE-CLOUD-ROUTER
-
[N] CD-GOOGLE-CLOUD-TERRAFORM
-
[N] CD-GOOGLE-CLOUD-VERTEX-AI
-
[N] CD-GOOGLE-CLOUD-VERTEX-AI-WB
-
[N] CD-SSH-CLIENT
-
[N] CD-SSH-SERVER
-
[E] CD-BINARY-FILE ["desc"]
-
[E] active-directory ["desc"]
-
[E] apache-kafka ["desc"]
-
[E] cassandra-nosql ["desc"]
-
[E] empty-component ["desc"]
-
[E] informix ["desc"]
-
[E] internal-server ["desc"]
-
[E] ldap-directory ["desc"]
-
[E] microsoft-sql-server ["desc"]
-
[E] mongodb-nosql ["desc"]
-
[E] mysql ["desc"]
-
[E] oauth2-authorization-server ["desc"]
-
[E] oauth2-client-application ["desc"]
-
[E] oauth2-resource-server ["desc"]
-
[E] oidc-provider ["desc"]
-
[E] oidc-relying-party ["desc"]
-
[E] oracle-db ["desc"]
-
[E] other ["desc"]
-
[E] other-database ["desc"]
-
[E] out-of-scope ["desc"]
-
[E] postgresql ["desc"]
-
[E] redis-server ["desc"]
-
[E] riak-nosql ["desc"]
-
[E] saml-identity-provider ["desc"]
-
[E] saml-service-provider ["desc"]
-
[E] sqlite ["desc"]
-
-
Controls
-
[E] GOOGLE-BIGTABLE4 ["name"]
-
[E] GOOGLE-NET04 ["desc"]
-
[E] GOOGLE-VM11 ["name","desc","steps"]
-
[E] GOOGLE-VM10 ["desc","steps"]
-
[E] GOOGLE-VM15 ["name","desc","steps"]
-
[E] GOOGLE-VM14 ["name","desc","steps"]
-
[E] GOOGLE-VM13 ["name","desc","steps"]
-
[E] GOOGLE-VM12 ["name","desc","steps"]
-
[E] GOOGLE-VM17 ["desc","steps"]
-
[E] GOOGLE-VM16 ["name","desc","steps"]
-
[E] GOOGLE-VM03 ["name","desc","cost","steps"]
-
[E] GOOGLE-VM02 ["name","desc","cost","steps"]
-
[E] GOOGLE-VM01 ["name","desc","cost","steps"]
-
[E] GOOGLE-VM08 ["name","desc","steps"]
-
[E] GOOGLE-VM07 ["name","desc","cost","steps"]
-
[E] GOOGLE-VM06 ["name","desc","steps"]
-
[E] GOOGLE-VM05 ["name","desc","steps"]
-
[E] GOOGLE-VM09 ["name","desc","steps"]
-
[N] C-GOOGLE-CLOUD-ROUTER4
-
[N] C-GOOGLE-CLOUD-ROUTER3
-
[N] C-GOOGLE-CLOUD-ROUTER2
-
[N] C-GOOGLE-CLOUD-ROUTER1
-
[N] C-GOOGLE-CLOUD-PUB-SUB1
-
[N] C-GOOGLE-CLOUD-PUB-SUB2
-
[N] C-GOOGLE-CLOUD-ACCESS-TRANS
-
[N] C-GOOGLE-CLOUD-TERRAFORM2
-
[N] C-GOOGLE-CLOUD-TERRAFORM3
-
[N] C-GOOGLE-CLOUD-ID-AWARE-PROXY3
-
[N] C-GOOGLE-CLOUD-ID-AWARE-PROXY1
-
[N] C-GOOGLE-CLOUD-ID-AWARE-PROXY2
-
[N] C-GOOGLE-CLOUD-FUNCTIONS4
-
[N] C-GOOGLE-CLOUD-FUNCTIONS3
-
[N] C-GOOGLE-CLOUD-FUNCTIONS2
-
[N] C-GOOGLE-CLOUD-FUNCTIONS1
-
[N] C-GOOGLE-CLOUD-TERRAFORM1
-
[N] C-GOOGLE-CLOUD-VERTEX-AI-WB1
-
[N] C-GOOGLE-CLOUD-VERTEX-AI-WB2
-
[N] C-GOOGLE-CLOUD-VERTEX-AI-WB3
-
[N] C-GOOGLE-CLOUD-VERTEX-AI3
-
[N] C-GOOGLE-CLOUD-VERTEX-AI2
-
[N] C-GOOGLE-CLOUD-VERTEX-AI1
-
[N] C-GOOGLE-CLOUD-INTERCON1
-
[N] C-GOOGLE-CLOUD-INTERCON3
-
[N] C-GOOGLE-CLOUD-INTERCON2
-
[N] C-SSH-SERVER-OPTIONS
-
[N] C-SSH-2FA
-
[N] C-SSH-CLIENT-DISABLE-SERVER
-
[N] C-SSH-SERVER-KEY-MANAGEMENT
-
[E] AWS-LAMBDA-C8 ["name"]
-
[E] AWS-LAMBDA-C26 ["name"]
-
-
RiskPattern
-
[E] AZURE-AD ["desc"]
-
[E] AZURE-AD-REMOTE-WORKERS ["desc"]
-
[E] AZURE-APPLICATION-GW ["desc"]
-
[E] AZURE-EXPRESSROUTE ["desc"]
-
[E] AZURE-FIREWALL ["desc"]
-
[E] AZURE-IDENTITY-AND-ACCESS ["desc"]
-
[E] AZURE-KEY-VAULT ["desc"]
-
[E] AZURE-KUBERNETES-SERVICE ["desc"]
-
[E] AZURE-LOGIC-APPS ["desc"]
-
[E] AZURE-LOGS ["desc"]
-
[E] AZURE-MONITORING ["desc"]
-
[E] AZURE-NETWORKING-VNETS ["desc"]
-
[E] AZURE-SQL ["desc"]
-
[E] AZURE-SQL:POSTGRESQL ["desc"]
-
[E] AZURE-STORAGE ["desc"]
-
[E] AZURE-VIRTUAL-MACHINES ["desc"]
-
[E] azure-common ["desc"]
-
[E] azure-firewall-manager ["desc"]
-
[E] azure-load-balancer ["desc"]
-
[E] azure-portal ["desc"]
-
[E] azure-security-center ["desc"]
-
[E] azure-traffic-manager ["desc"]
-
[E] GOOGLE-CLOUD-IAM ["desc"]
-
[E] GOOGLE-CLOUD-KUB ["desc"]
-
[E] GOOGLE-CLOUD-SQL ["desc"]
-
[E] GOOGLE-CLOUD-STORAGE ["desc"]
-
[E] GOOGLE-CLOUD-VM ["desc"]
-
[E] GOOGLE-CLOUD-VNETS ["desc"]
-
[N] RP-GOOGLE-CLOUD-FUNCTIONS
-
[N] RP-GOOGLE-CLOUD-ID-AWARE-PROXY
-
[N] RP-GOOGLE-CLOUD-INTERCON
-
[N] RP-GOOGLE-CLOUD-PUB-SUB
-
[N] RP-GOOGLE-CLOUD-ROUTER
-
[N] RP-GOOGLE-CLOUD-TERRAFORM
-
[N] RP-GOOGLE-CLOUD-VERTEX-AI
-
[N] RP-GOOGLE-CLOUD-VERTEX-AI-WB
-
[N] RP-SSH-CLIENT
-
[N] RP-SSH-SERVER
-
[E] AWS-DATASYNC-EFS ["desc"]
-
[E] AWS-DATASYNC-S3 ["desc"]
-
[E] AWS-MARKETPLACE-BUYERS ["desc"]
-
[E] AWS-MARKETPLACE-SELLERS ["desc"]
-
[E] HYDRAS-AWS-CF ["desc"]
-
[E] HYDRAS-AWS-EC2 ["desc"]
-
[E] HYDRAS-AWS-ELB ["desc"]
-
[E] HYDRAS-AWS-IAM ["desc"]
-
[E] HYDRAS-AWS-KMS ["desc"]
-
[E] HYDRAS-AWS-LOG ["desc"]
-
[E] HYDRAS-AWS-MON ["desc"]
-
[E] HYDRAS-AWS-NET ["desc"]
-
[E] HYDRAS-AWS-RDS ["desc"]
-
[E] HYDRAS-AWS-S3 ["desc"]
-
[E] HYDRAS-AWS-SNS ["desc"]
-
[E] RP-AWS-EC2-XEN ["desc"]
-
[E] RP-AWS-INSUFFICIENT-IDENTIFICATION ["desc"]
-
[E] RP-AWS-MANAGED-BLOCKCHAIN-ETHEREUM ["desc"]
-
[E] RP-AWS-MANAGED-BLOCKCHAIN-HYPERLEDGER-FABRIC ["desc"]
-
[E] aws-common-security-considerations ["desc"]
-
-
Rules
-
[N] Expansion: SSH Communication
-
Comments
0 comments
Article is closed for comments.