A long over due update for this year so far. However, we’ve been busy working on three new feature sets. The first of which, we’re releasing today. Identity and access management (IAM) control.
Identity and access management (IAM)
Up until this point its only been possible to give users full access to the platform. With the exception of a few key areas for user specific callbacks e.g. Slack integrations etc.
It is now possible to provide granular access — including additional filters for fine grain control over API requests.
The policy management works be defining a JSON policy object which contains a series of policies. These can be applied over one another to create cascading policy enforcement across different assets, teams and users.
From the screenshot above. We’ve defined a single policy and enabled our two users access to the assets, teams and users API resources. However, for the users API — we’ve only allowed them the ability to List, Get, Create and Update user details. We could also restrict this further by using a filter to apply the user permissions to certain accounts. This is what our policy looks like represented as JSON.
{
"id": 0,
"effect": "allow",
"actions": [
"assets:*",
"teams:*",
"users:CreateUser",
"users:GetUser",
"users:ListUsers",
"users:UpdateUser"
],
"resource": "zrn:zercurity:api"
}Once the policy is created it is immediately in effect and can be further applied to teams and assets as well.
Kubernetes
Whilst Zercurity has had support for Kubernetes for sometime. We’ve only recently made this publicly available and supported deployment option through our GitHub repository. Full details on how to get started can be found here.
Thanks for reading and lastly here is our summarised changelog for our latest release (v14022021):
- Added Identity and access management (IAM) to Zercurity.
- Added additional configuration parameters for on-prem deployments to manage SMTP mailer settings
- Added community support for Kubernetes.
- Added support for Osquery up to 4.6.0.
- Improved the Windows installer update system. There were a few cases when downgrading to prior versions the installer wouldn’t handle database migrations and configuration changes correctly.
- Frontend package dependencies have been updated to their latest versions.
