April 27, 2025

OpenSecOps Newsletter #1

Welcome to the very first issue of the OpenSecOps newsletter, a low-volume newsletter intended to keep you informed of the latest developments for OpenSecOps.

This week we've released two repo updates:

SOAR v2.1.0 - RDS autoremediation improvements

Version 2.1.0 of the SOAR repository is available with improvements mainly in the RDS autoremediations area, especially those autoremediations that set up logging of Postgres DBs and also the replication of such logs to the Log Archive account:

• Added Lambda Layers for shared code (aws_utils and rds_remediation) to centralize cross-account functionality
• Reorganized all RDS autoremediations to leverage common code from the rds_remediation layer
• Fixed RDS.2 autoremediation to properly handle DB instances within Aurora clusters
• Fixed capitalization in RDS.9 and RDS.2 autoremediations to handle Security Hub ASFF format correctly
• Fixed access to parameter group fields using 'DbParameterGroups' instead of 'DBParameterGroups'
• Fixed access to cluster parameter group fields using 'DbClusterParameterGroups' instead of 'DBClusterParameterGroups'
• Enhanced RDS.9 autoremediation to handle DB cluster findings more reliably with API-based fallbacks
• Improved error handling in RDS.9 parameter group creation to prevent duplicate name conflicts
• Added unique suffix generation for RDS parameter group names to avoid name collisions
• Thoroughly tested RDS.9 autoremediation with PostgreSQL and Aurora PostgreSQL instances (standalone and in clusters)

Full details here, including code deltas: https://github.com/OpenSecOps-Org/SOAR/releases

Documentation v1.1.1

Version 1.1.1 of the Documentation repo has been released. It contains minor adjustments of wording and the removal of some obsolete information, such as references to the now discontinued AWS Copilot (you will be sorely missed!).

Release notes and deltas here: https://github.com/OpenSecOps-Org/Documentation/releases/tag/v1.1.1

Wiki

The wiki section of the Documentation repo has also been updated with documentation links to the PDF versions of the documentation in the repo.