This document goes over how to configure Azure RBAC providing fine-grained access to Azure Resources and visibility in Prisma Cloud.   With Azure RBAC, you can create a role definition that outlines the permissions to be applied to Prisma Cloud app registrations. This article specifically addresses the application of Azure RBAC predefined roles to manage access to Azure resources.    Azure Resources offers two authorization systems such as Azure Role Based Access Control and an access policy model.    Azure RBAC has several built-in roles you can assign to service principals and managed identities.    Azure Resources authorized by access policy model  Azure Resources authorized by Azure RBAC (Recommended Authorization)   The Prisma Cloud role created for Azure ingestion with Terraform currently utilizes the access policy module, requiring the addition of permissions one at a time. Azure recommends leveraging role-based Azure RBAC, which enables configuring permissions for Prisma Cloud using pre-defined Azure roles containing a set of permissions. With Azure RBAC, any updates to the role's permissions automatically apply without the need for manual adjustments.

“Auto Create Account Groups” is a useful feature for managing a large number of GCP projects and folders.    If there are various teams creating folders and projects in your organization, it makes sense to have separate account groups for each team, and create separate alert rules based on the account groups. This will help maintain alert isolation for each team and make it manageable for taking proactive actions to mitigate those alerts.    In this article, we would like to illustrate an example using a GCP account with nested folders and projects in a GCP Organization. The name of the GCP Organization is “example.world” 

Prisma Cloud allows you to create policies to ensure that your Cloud Security Posture Management is in compliance with best practices and the needs of your organization.  These policies create alerts which need to be evaluated and also indicate which cloud objects need to be updated for compliance.    Managing these alerts is a task that many organizations find difficult as the number of alerts increases. Prisma Cloud allows you to define an auto-remediation to correct certain alerts.  However, oftentimes an organization requires much more customization and integration with other tools that they are using.   This article continues on from the previous article “Enhanced Alert Remediation” using XSOAR via CSPM, building on the concepts introduced in that article.     This article will dive into post-integration of Prisma Cloud alerts to Cortex XSOAR incidents (where we discussed how to integrate Prisma Cloud to Cortex XSOAR), and how playbooks can be used to not only help remediate, but create an organized flow on how these violations should be delegated.

Prisma Cloud allows you to create policies to ensure that your Cloud Security Posture Management is in compliance with best practices and the needs of your organization.  These policies create alerts which need to be evaluated and also indicate which cloud objects need to be updated to be in compliance.    Managing these alerts is a task that many organizations find difficult as the number of alerts increases. Prisma Cloud allows you to define an auto-remediation to correct certain alerts.  However, oftentimes an organization requires much more customization and integration with other tools that they are using.    This article describes how to increase your alert automation and integrate with other tools by using a security orchestration, automation, and response (SOAR) platform from Palo Alto Networks.

Identity and Access Management (IAM) refers to the processes and tools for managing user access to resources and enforcing security policies. IAM is crucial for securing the modern enterprise as it enables organizations to control who can access what resources. By enforcing strong IAM policies, companies can enforce the principle of least privilege, meaning users and resources are only granted minimum permissions necessary to perform their jobs. This minimizes the horizontal scaling of security attacks in the event of compromised credentials.    Prisma Cloud offers capabilities to embed IAM into the software delivery lifecycle. It can scan infrastructure-as-code for misconfigurations and enforce least privilege during deployment. Additionally, Prisma Cloud can monitor permissions at runtime and alert on anomalies that indicate privilege creep or excessive permissions. By leveraging the CIEM module within Prisma Cloud, organizations can confidently monitor access while minimizing risk.   This article will provide RQLs to create sample policies based on IAM requirements, as well as demonstrate how a simple IAM RQL can be continually extended to add additional IAM functionality.