Release Announcement: SOAR, Installer updates
OpenSecOps Installer v2.6.1 and SOAR v2.4.20 are now available, delivering automatic ticket closure, enhanced security controls, and critical reliability fixes.
SOAR v2.4.18-v2.4.20
Tickets again auto-close when findings are fixed
SOAR automatically closes tickets when AWS Security Hub findings are resolved. AWS changed their finding lifecycle behavior in July 2025—instead of archiving fixed findings, they now remain ACTIVE with NOTIFIED+PASSED status. SOAR now detects this state and automatically closes corresponding tickets, eliminating manual cleanup.
- Refactored ticket closure logic with comprehensive test coverage
- 11 new tests validate all closure scenarios
- Zero regressions across 571 total tests
Weekly AI report reliability improvements
Fixed Lambda import failures in weekly AI report generation caused by pandas 2.3.x compatibility issues. Dependencies now pinned to stable versions: pandas 2.2.2, numpy 1.26.4, humanize 4.12.0.
- Added test coverage validating pandas CSV conversion and Decimal handling
- Eliminates "No module named 'pandas'" runtime errors
CloudWatch alarm enrichment fix
SOAR-all-alarms-to-sec-hub v1.2.7 corrects alarm resource extraction for CloudWatch alarms, ensuring accurate Step Functions and Lambda ARNs reach the SOAR enricher.
Installer v2.6.1
SCP protection for permission boundary switching
Added Service Control Policy protection preventing users from switching their permission boundary to escalate privileges. Enforces boundary integrity across the organization.
Foundation v0.1.19
Security Hub configuration reliability
Foundation-security-services-setup v0.1.19 fixes Security Hub field name mismatch that caused false "not enabled in all regions" warnings when hubs were properly configured.
Documentation v1.2.0
Authentication and authorization chapter reworked
Chapter 7 comprehensively updated with current best practices for AWS authentication and authorization patterns.
Deployment: Update to the latest versions using standard deployment procedures. The SOAR ticket auto-closure feature activates automatically upon deployment—no configuration changes required.
