topic Is there a default runtime policy with basic rules for containers and virtual machines before the ML learning is done? in Prisma Cloud Discussions https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/is-there-a-default-runtime-policy-with-basic-rules-for/m-p/572172#M1138 <P>Hello,</P> <P>&nbsp;</P> <P>As mentioned in <A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense</A> the ML will learn the allowed network, process communication and file system and patterns but before that will it scan files for basic viruses or block known bad ip addresses without making a custom rule <A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/custom-runtime-rules?" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/custom-runtime-rules?</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also when the application changes it's pattern because the the developers changed the app will the new features cause issues as new process, file system and network access will be seen in the system ? Basically I am asking if the ML model will automatically adapt by changing itself or giving recommendations for new rule changes. Outside of that is there a trusted ip address that can be configured that the the devs can use to access to changed the web app and then Prisma Cloud to adapt when it sees traffic coming from this IP address?</P> <P>&nbsp;</P> Mon, 08 Jan 2024 20:50:21 GMT nikoolayy1 2024-01-08T20:50:21Z Is there a default runtime policy with basic rules for containers and virtual machines before the ML learning is done? https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/is-there-a-default-runtime-policy-with-basic-rules-for/m-p/572172#M1138 <P>Hello,</P> <P>&nbsp;</P> <P>As mentioned in <A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense</A> the ML will learn the allowed network, process communication and file system and patterns but before that will it scan files for basic viruses or block known bad ip addresses without making a custom rule <A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/custom-runtime-rules?" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/custom-runtime-rules?</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also when the application changes it's pattern because the the developers changed the app will the new features cause issues as new process, file system and network access will be seen in the system ? Basically I am asking if the ML model will automatically adapt by changing itself or giving recommendations for new rule changes. Outside of that is there a trusted ip address that can be configured that the the devs can use to access to changed the web app and then Prisma Cloud to adapt when it sees traffic coming from this IP address?</P> <P>&nbsp;</P> Mon, 08 Jan 2024 20:50:21 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/is-there-a-default-runtime-policy-with-basic-rules-for/m-p/572172#M1138 nikoolayy1 2024-01-08T20:50:21Z Re: Is there a default runtime policy with basic rules for containers and virtual machines before the ML learning is done? https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/is-there-a-default-runtime-policy-with-basic-rules-for/m-p/572365#M1139 <P>Yes, Prisma Cloud will log&nbsp;<SPAN>only threat-based runtime events (malicious files or connections to high-risk IPs) even if there aren't any rules created under Defend--&gt;Runtime.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Whenever there are changes in the images by the developers, Prisma Cloud automatically detects when new images are added anywhere in the environment and automatically puts them in learning mode to create a new model.</SPAN></P> <P><SPAN><A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#learning-mode" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#learning-mode</A></SPAN></P> <P><SPAN><A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#models" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#models</A></SPAN></P> <P>&nbsp;</P> <P><SPAN>You can explicitly allow or deny&nbsp;outgoing connections that deviates from your runtime policy w.r.t IP's and DNS. Please scroll down to Networking on the following link:</SPAN></P> <P><SPAN><A href="https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#best-practices" target="_blank">https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#best-practices</A></SPAN></P> Tue, 09 Jan 2024 16:33:27 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/is-there-a-default-runtime-policy-with-basic-rules-for/m-p/572365#M1139 PPawar3 2024-01-09T16:33:27Z