Alert Query and Suppression Runners, as well as Processor have largely been moved to SQL + JS Stored Procedures. This paves the way for deprecating Python and Docker for alert processing in a later version.
./run all now runs data connectors before violations and violations before alerts
deprecated baseline runners and scripts are removed (cf3bc6d, 972c5cd)
a rule may now declare a single handler without wrapping it in an array (972c5cd)
Data Connectors
fix bug in AWSIC running on latest EKS in #425 (ty @edulop91)
AWSIC now records config describe-configuration-recorders results for all available regions (2844b94)
AWSIC now respects AWS rate limits for Get requests (2844b94)
AWSIC now handles ServerTimeout errors (no response in 60 seconds) gracefully (2cf48eb)
fix bug in Jira correlation logic
add custom Jira starting status via environment variable JIRA_STARTING_STATUS
JAMF and AzIC scheduling code are moved to generic system in table comments in 118b073, ...
fix Azure log to work for with additional log types in 947c394 (ty for #414 @Chaitali-Sonparote)
minor cleanup of AzIC in 5ccc0f4
minor fix from gsuite API change e8a58e5
Okta connector can now use a custom domain and includes a pack for initial data cleanup
Jamf now handles large inventory sizes better in 5e55b8e
Packs
Bug fix in snowflake_security_monitoring in a3ad191 (ty to Intact Financial Corporation for the report & fix)
Basic Okta structures around ingested data
ZenGRC ingestion via external functions
Handlers
fix bug in Jira correlation logic #424
rules can now send arbitrary payloads to ServiceNow handler in bbbb4c2
Jira handler works with single string source as well as list of multiple sources, and can now link alerts types to a triage repository (2d345aa)
SMTP handler can now pass host, user, port, and password as params (d452139)
WebUI
fix minor UX bugs and bump dependencies with security detections (425cdb6)
Deprecate Ingestion Scripts
ZenGRC is decommissioned and will be re-introduced as a pack in a future version (#436)
Agari have been decommissioned without plans for re-introduction (79c3702)
Alerts
Alert Query and Suppression Runners, as well as Processor have largely been moved to SQL + JS Stored Procedures. This paves the way for deprecating Python and Docker for alert processing in a later version.
./run allnow runs data connectors before violations and violations before alertsData Connectors
config describe-configuration-recordersresults for all available regions (2844b94)JIRA_STARTING_STATUSPacks
Handlers
WebUI
Deprecate Ingestion Scripts