134 posts tagged with "Added"

The results page for any given rule now supports searching of resources.

Enter a value into the search box then press enter to search the results. You can search by any field displayed in the table of results.

Stax has released a new Config Aggregator named stax-assurance-<stax_organization_id> in your security foundation account. It is an organizational aggregator with the intention of deprecating the current multi-account aggregator juma-assurance-<security_aws_account_id>, to simplify the configuration and management. You will find the aggregator in the AWS region according to your Stax Installation region.

For organizations where the security foundation account is not set up as the organization's delegated administrator account for AWS Config (with service principal config.amazonaws.com), this aggregator will not be created.

During the week beginning 29 November 2021, Stax will start the process of removing the aggregator juma-assurance-<security_aws_account_id> from your security foundation account.

Update: The juma-assurance-<security_aws_account_id> aggregator removal work has been completed for all Stax tenancies.

An update has been applied to Stax Workloads to improve performance and reliability:

• Added a new default tag stax:organisation_alias to Workloads CloudFormation stacks

• Fixed an issue where Stax Workloads could be deployed to Stax-managed AWS accounts that are not active. If the account is not active, the Workloads API will now return a 400 "Bad Request" response, along with an error payload detailing the error.

• Fixed an issue where the Workloads Catalog could display a failed Catalog Version as the latest Catalog Version available for deployment. The Workloads Catalog will now only show the latest active Catalog Version, or null, if no active Catalog Versions are available. If trying to deploy a Workload Catalog with no latest version, the API will now return a 400 "Bad Request" response, along with an error payload detailing the error.

These changes have been applied automatically by Stax. There is no impact to service expected as a result of this update. Should you experience any issues, please raise a support case.

Following the delegation of FMS administrator account, Stax has now configured an SNS topic in each supported region in the security foundation account. These topics will allow you to subscribe to receive notifications of possible DDoS attacks.

The topic ARNs are found by logging in to the foundation security account's AWS console, then browsing to the FMS settings page. To receive notifications, navigate to the AWS SNS console, locate the topic, then configure appropriate subscriptions.

For organizations where the AWS Firewall Manager administrator account is delegated to an account other than the security foundation account, this configuration will not be applied to your own delegate.

Stax has introduced new compliance Rules functionality that supports adding a reason to explain why a given Rule has been disabled.

This change helps provide your organization with greater oversight and visibility of disabled Rules.

To get started, see Disabling a Rule in Stax.

Stax now supports daily Compliance notifications, in addition to the existing daily Cost notifications. These notifications allow you to retrieve a proactive summary of your organization's compliance posture based on Rules configured in the Compliance module.

This new notification shows:

• Count of new high priority rules failing since the day before

• Count of new high priority resources failing since the day before

• A list of high priority resource changes since the day before

This notification can be received by all supported channels for Notifications. To get started, see Create a Notification.

Stax has introduced support for the Center for Internet Security's Amazon Web Services Foundations Benchmark version 1.4.0. This introduces the following changes over the previous iteration, version 1.3.0:

Three new rules were added to the Benchmark:

• 2.1.3: Ensure MFA Delete is enabled on S3 buckets

• 2.1.4: Ensure all data in Amazon S3 has been discovered, classified and secured when required (This rule cannot be automatically checked by Stax, see below for more details)

• 2.3.1: Ensure that encryption is enabled for RDS instances

One rule changed category:

• 2.1.5: Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' was moved from Identity and Access Management to Storage.

The Rule Bundle cannot validate all components of the Benchmark, so the following items must be evaluated manually:

• 1.1: Maintain current contact details

• 1.2: Ensure security contact information is registered

• 1.3: Ensure security questions are registered in the AWS account

• 1.18: Ensure IAM instance roles are used for AWS resource access from instances

• 1.21: Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments

• 2.1.4: Ensure all data in Amazon S3 has been discovered, classified and secured when required

• 5.4: Ensure routing tables for VPC peering are "least access"

To enable this new version of the Bundle, see Keep Bundles Up To Date. If you have automatic updates enabled, no action is required.

Stax has introduced new functionality on the Policies page which lets you attach Policies to Account Types or detach Policies. In addition, you can now see which Account Types have Policies attached. These changes make it easier to adjust Policy attachments and discern which Policies are in use.

Stax has introduced filtering and sorting to the Permission Sets and Permission Set Assignment views.

This makes it easier to find relevant Permission Sets or Assignments.

• By default Permission Sets are filtered to show only those with a status of Active, and are shown in descending order by Created Date

• Multiple Permission Set filters can be added or removed for the Created By and Status properties

• By default Permission Set Assignments are filtered to show only those with a status of Deployment Complete and are shown in descending order by Created Date

• Multiple Permission Set Assignment filters can be added or removed for the Account Type, Created By, Group, and Status properties

• Both Permission Sets and Permission Set Assignments can be sorted by clicking on the relevant column heading

To get started, see Permission Sets in the docs.

Stax has introduced changes to Stax Workloads API endpoints to improve support for pagination.

This makes it easier to deal with large volumes of Workloads and Workload Catalog Items when using the Stax API.

• Fixed pagination on the Fetch Workloads API endpoint. This endpoint now correctly returns all matching results based on filters and accurately reports the correct total number of results: stax-au1 stax-us1 stax-eu1

• Added pagination on the Fetch Catalog Items API endpoint. This endpoint now supports pagination in a consistent manner with the rest of the Workloads API endpoints: stax-au1 stax-us1 stax-eu1

These changes have been applied automatically by Stax. Should you experience any issues, please raise a support case.