The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
📝 November 2023
Shisho Cloud Projects with Fine-Grained Permission Control (GA)
Enhancements will be introduced to facilitate distributed status monitoring, action confirmation, and triage within an organization. Specifically, we plan to make the following improvements:
- Binding Google Cloud projects and AWS accounts to "Shisho Cloud Projects" for dashboard integration.
- Granting individual users, who do not have global organization permissions, with read or read + triage permissions for specific "Shisho Cloud Projects."
The Shisho Cloud service and its provider, Flatt Security, will continue to support collaboration between security and product teams through the provision of such features.
Security Lake (Beta)
While we currently offer managed integration with external APIs (AWS / Google Cloud / GitHub) we have received numerous requests for the ability to feed non-API generated security events into Shisho Cloud for evaluation.
In response, we are developing a feature that temporarily stores externally sourced structured data to make it accessible from Rego policies. This feature, provisionally named Security Lake, will be gradually rolled out to customers.
We plan to gradually roll out comprehensive updates to search and sorting operations.
📝 December 2023
Scanning Rule Expansion on Google Cloud (GA)
We plan to launch managed inspection rules equivalent to the Security Health Analytics feature in the Google Cloud Security Command Center.
Scanning Rule Expansion on AWS (GA)
We plan to provide managed inspection rules equivalent to the Foundational Security Best Practices (FSBP) of the AWS Security Hub.
We plan to:
- Provide a feature to visualize resources surrounding a particular one (Resource Map feature)
- Offer an API for outputting evaluation result summaries
- Manage the activation and deactivation of workflows (units of rule execution) for each Shisho Cloud Project
📝 January ― March 2024
Even beyond January, we will continue to advance the provision of features aimed at helping PSIRT(/CSIRT) organizations identify risks and explain them to various stakeholders. In particular, we're considering the following functionality for the period from January to March:
- Mechanisms to grasp a wider range of risks: Identifying resources exposed to the internet + preliminary network/Web app scanning
- Mechanisms to assist triage and remediation stakeholders with where to start?: Response recommendations on the dashboard
- Mechanisms connecting security engineers with their supervisors: Visualize status and progress against various standards on the dashboard
In addition, while aiming for a balance with the status management and communication assistance mechanisms within Shisho Cloud, we will also gradually advance integration with external ticket management systems, such as Jira.
📝 Experimental Updates