Release Announcement: SOAR v2.4.0 & Installer v2.5.5
This release announces SOAR v2.4.0 and Installer v2.5.5, delivering a critical fix for AWS delegated administration workflows and enhanced network administration capabilities.
SOAR v2.4.0: Automatic Account Reassignment for Security Services
The Problem
AWS delegated administration creates a significant notification routing issue for certain security services. When services like IAM Access Analyzer, GuardDuty, Inspector, and Detective generate findings through delegated administration, these findings appear to originate from the Security-Adm account (to which delegation is configured) rather than the member account where the actual resources reside.
Result: Security teams responsible for member accounts never receive notifications about their own resources, creating critical blind spots in security operations.
The Solution
SOAR v2.4.0 introduces automatic reassignment of delegated findings to their originating accounts. When the system detects findings from delegated services that should belong to member accounts, it:
- Automatically recreates these findings in the correct member account
- Ensures the responsible security team receives proper notifications
- Maintains full audit trail and workflow integrity
- Operates seamlessly without disrupting existing SOAR operations
- Degrades gracefully - any errors result in the original behaviour, ensuring safe deployment
Impact
This release eliminates a major operational gap in AWS multi-account security management. Builder teams will now receive timely notifications for IAM Access Analyzer, GuardDuty, Inspector, and Detective findings that concern their resources, enabling faster response and resolution.
Installer v2.5.5: Enhanced Network Administration
The Installer has been updated to include the new vpce:AllowMultiRegion permission in the NetworkAdministratorAccess SSO permission set, enabling multi-region VPC endpoint management capabilities for network administrators.
Note: The inclusion is in apps.example/foundation/sso-config/sso_permission_sets/NetworkAdministratorAccess.yaml, line 47. Copy this to your own configuration under apps if you require it.
Getting Started: Update your SOAR deployment to v2.4.0 and Installer to v2.5.5 using the standard deployment procedures. The account reassignment feature activates automatically with no additional configuration required.
For detailed installation and upgrade instructions, consult the OpenSecOps documentation.