Releases: tmobile/pacbot
Release 2.0: Azure Compliance
What is released as a part of 2.0
Starting with Release 2.0, PacBot supports Multi Cloud Compliance (AWS & Azure). This enables us to see AWS & Azure Compliance in single place.
PacBot still runs on AWS Infrastructure, but now has the capability to collect data from AWS & Azure.
Users can see security-center/policy-compliance and custom polices in PacBot.
PacBot collects data for 25+ Azure Services, including computing, storage, databases, networking and Security Center services.
PacBot supports the following dashboards for visualizing Azure data
- Azure Compliance Overview
- Asset Overview
- Asset Listing
- Asset 360 view
- Tagging
- Policy Knowledgebase
- Compliance Details
- Omni Search
Azure Policies
50+ Azure policies are now included with PacBot. Details of these policies can be found here.
Installation Steps
PacBot utilizes Service Principals to enable Azure data collection. A Service Principal must be provisioned in each tenant to have read access to the services in subscriptions to be monitored.
To enable Azure Compliance in PacBot, configure the client ID and secret ID of the service principal in each tenant as follows:
- Step1: Set ENABLE_AZURE = True in local.py
- Sep2: Add Azure tenants as shown below
AZURE_TENANTS = [
{
'tenantId': "t111",
'clientId': "c111",
'secretId': "s111"
},
{
'tenantId': "t222",
'clientId': "c222",
'secretId': "s222"
},
]
Additional Features
- Upgraded to latest Terraform version(0.12) for PacBot installer.
- Silent option to install PacBot without interactive input.
- User can now omit reading input from console by preconfiguring inputs in the local.py script.
- During install/destroy/redeploy, give optional parameter --silent to install silently.
Issues Closed:
Release 1.6.1
What is released as a part of 1.6.1
Vulnerability Management Job Configuration Fix
Default job frequency for vulnerability management is changed to once per day, this is to limit the compute required to process the data multiple times in a day, as the data change frequency is low.
Release 1.6
What is released as a part of 1.6
Vulnerability Management
Organizations around the world use the Internet as an important global resource. However, connecting with the Internet leaves your company network exposed to many threats. It's time to bring your business up-to-date on the definition of good vulnerability management.
PacBot pulls data from Qualys and generates dashboards for the following vulnerability reports:
• Vulnerabilities Compliance trend
• Vulnerabilities Summary by Severity (S3/S4/S5)
• Average Aging By Severity
• Trend of Total And Compliant Assets
Auto-fixes Added
Details of new policy Autofixes can be found here.
New Policies Added
Details of new policies can be found here.
Installer Changes
The Vulnerability Management feature has been introduced as optional service. Follow the steps below to enable it:
• Update local.py file with value 'True' for ENABLE_VULNERABILITY_FEATURE setting.
• Update QUALYS_API_URL and QUALYS_INFO with the appropriate values.
• Run 'sudo python3 redeploy' to enable this feature if PacBot is already installed, or 'sudo python3 install' for a new installation.
Issues Closed:
Release 1.5
What is released as a part of 1.5
Added provision to add custom resource tags to PacBot resources in AWS:
User can modify local.py settings file and can add required tags to the setting variable, CUSTOM_RESOURCE_TAGS.
Recommendations
The Recommendations screen displays data from AWS Trusted Advisor for AWS assets in the areas of Cost Optimization, Performance, Security and Fault Tolerance.
Health Notifications
The Health Notifications screen displays data from the AWS Personal Health Dashboard for AWS assets as well as Autofixes. These notifications can be specific to a single asset, for multiple assets or for the account overall. Autofix notification details show the timeline of the plan to address the discovered issue, from the first email sent when the issue is discovered to the application of the fix.
Copy feature
Ability to easily copy text such as asset IDs and policy IDs by clicking on the 'copy' icon wherever it appears.
Installation using instance role
In this release, we added the ability to install PacBot using instance roles. Users now have the option to install PacBot using the instance role from the location the installer runs, in addition to the previously existing access key and secret-based installations.
Autofixes
RDS database endpoints should not be publicly accessible.
- User can choose to automatically fix publicly accessible RDS DB.
Elasticsearch endpoint should not be open to internet.
- User can choose to automatically fix publicly accessible Elasticsearch.
Security groups should not be in unused state.
- User can choose to automatically fix the unused Security Groups which are only created by PacBot as part of other public access Autofix.
Details of the available auto remediations can be found here.
Details on how to write an auto remediation can be found here.
New policies added:
Details of new policies can be found here.
Installation details for these new features can be found here.
Issue Closed:
Release 1.4
What is released as a part of 1.4
Configuration Management
- All PacBot configuration can now be managed using an administrative screen. This provides a way to change PacBot configuration while maintaining a history of changes. More details are available here.
Customizable mandatory tags
- You can now define your own mandatory tags for tagging compliance. Mandatory tags can be defined in the system configuration, and will be used while evaluating the tagging compliance as well as while rendering the reports.
Autofixes (Automatic Remediations)
- Publicly exposed Application ELB auto fix
User can choose to automatically fix publicly accessible Application ELB. - Publicly exposed Classic ELB auto fix
User can choose to automatically fix publicly accessible Classic ELB. - Publicly exposed Redshift auto fix
User can choose to automatically fix publicly accessible Redshift.
Details of the available Autofixes can be found here.
Details of how to write Autofixes can be found here.
11 new policies added
Details of the new policies can be found here.
Bug fixes:
Thanks to @Braavos96 for #218
PacBot 1.3 Release
What is released as a part of 1.3
Auto Remediation
- Open S3 bucket auto fix
User can choose to automatically fix publicly accessible S3 buckets. - Publicly exposed EC2 instance auto fix
User can choose to automatically fix publicly accessible EC2 instances.
Details of the available auto remediations can be found here.
Option to enable SSL
ALB-terminated SSL option is now available and can be selected while installing PacBot.
Option to upgrade infrastructure
Infrastructure upgrade option is now available with upgrade command.
Stop all button added
One button to stop all PacBot inventory collection and rule scans.
New policies added
Details of new policies can be found here.
Bug fixes:
Thanks to @avinashKumar-11 and @sonawanesangram from T-Systems for b4bf2cb and 04388fb
PacBot 1.2 Release
What is released as a part of 1.2
New policies added
Details of newly released policies can be found here
Notification service enabled
Notification will allow users to send issue-details in a email. Details are available here
Redshift dependency removed
This will help reduce PacBot running cost.
Reduction in environment variables by moving the configuration to database
This will help managing the configuration using Admin console
Bug fixes:
PacBot 1.1 Release
What is released as a part of 1.1
50+ new rules added
Details of newly released policies can be found here
Revamped installer with
- Installation time reduce to 15 minutes from 45 minutes earlier.
- Provision to redeploy and destroy.
- Automatic terraform script generation.
- Installation summary with application details by end of installation
Admin Features
- Ability to create new rules(Federated/Managed Rules)
- CRUD operations on rules
- On-demand rule invocation
Tagging Dashboard
- Tagging Dashboard gives you overview of the tagging compliance
Statistics Report – provides PacBot statistics which includes
- Total Policies enforced
- Total Policy evaluations
- Total Assets scanned
- Violations distribution by severity
- Total policies
Download Assets/Policy violations from PacBot
Bug fixes
PacBot release 1.0
PacBot release 1.0
Modules
- Cloud Discovery
- Rule Engine
- Managed Rules
- Micro Services
- UI