Prisma Cloud Release Notes for July 25, 2019

Printer Friendly Page

New Features

FEATURE
DESCRIPTION
Flow Logs Ingestion Update
After you enable flow logs, Prisma Cloud will ingest flow log data for the last seven days only. If flow logs become unavailable for any reason such as if you manually disable flow logs, or modify API permissions, or an internal error occurs, when access is restored logs from the preceding seven days only are ingested.
Deletion of GCP Organization and Master Service Account
If you no longer want Prisma Cloud to monitor a GCP organization, or you want to delete a GCP project that you onboarded using a master service account, you can now delete the organization or project on Settings > Cloud Accounts.
 
gcp-delete-proj-msa.png
 
Although the service stops ingesting data from the project or organization as soon as you delete it, all the data on your cloud resources is purged only after 24 hours. Therefore, if the deletion was unintentional you can onboard the account back within 24 hours to resume monitoring and retain the history on your cloud resources. The audit logs retain the activity history of the user who deleted the account, the name of the cloud account and when the action was performed.
In addition, when you delete a project on GCP, Prisma Cloud learns about it and automatically deletes the account from the list of monitored accounts on Settings > Cloud Accounts. To track the automatic deletion of the project, an audit log is generated.
RQL Enhancements for Functions
For Config RQL queries, view the results of the _DateTime.function as a column on the Investigate page, instead of locating and verifying the results within the resource JSON.
For example, the query
config where api.name = 'aws-ec2-describe-instances' addcolumn _DateTime.ageInDays(launchTime)

adds a column for LaunchTime and displays the results on the page.

 

rql_rlp-8381-3.png
 
Functions also support auto-suggest when you enter the prefix _ in a json.rule or addcolumn attribute.
 
rql_rlp-8381.png
 
and
 
rql_rlp-8381-2.png
Saved Search for Identifying VM-Series Firewalls
Use the new saved search to list VM-Series Firewall instances that are deployed on your GCP, AWS, and Azure environments. You can use this saved search to easily create a policy and generate an alert if you want to ensure that your internet-facing workloads are secured with VM-Series firewalls.
where api.name = 'gcloud-compute-instances-list' as X; config where api.name = 'gcp-compute-disk-list' as Y; filter '$.X.disks[*].source contains $.Y.name and ($.Y.sourceImage contains vmseries-bundle or $.Y.sourceImage contains vmseries-byol)' ; show X;
 

Policy Updates

POLICY
DESCRIPTION
Azure AKS cluster pool profile count contains less than 3 nodes
Checks if there are fewer than 3 nodes within your AKS cluster pool profile and alerts you to it.
Azure AKS cluster Azure CNI networking not enabled
Checks your AKS cluster for the Container Networking Interface (CNI) plugin and generates an alert if it is not enabled.
Azure AKS cluster monitoring not enabled
Checks if monitoring is enabled for AKS clusters and alerts you if no configuration is found, or the monitoring add-on is disabled.
Azure AKS enable role-based access control (RBAC) not enforced
Checks whether your AKS cluster is RBAC enabled to grant users or groups access to only the resources they need.
Azure ACR HTTPS not enabled for webhook
Checks your Azure container registry webhooks for the use of the HTTPS protocol and alerts you to if it is not enabled.
Azure AKS cluster HTTP application routing enabled
Checks if your AKS cluster has the HTTP application routing add-on that creates publicly accessible DNS names for application endpoints and alerts you if it is enabled.
Config policy GCP HTTPS Load balancer SSL Policy not using restrictive profile
Identifies GCP HTTPS Load balancers that are not using a restrictive profile in SSL Policy to meet stricter compliance requirements.
GCP HTTPS Load balancer is configured with SSL policy having TLS version 1.1 or lower
Identifies GCP HTTPS Load balancers that are configured to use SSL policy with TLS version 1.1 or lower.

 

This information was adapted from a TechDocs article. For more information about the release notes or to view other release notes, please visit Features Introduced on July 25, 2019.

Tags (4)
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
4 of 4
Last update:
‎08-26-2019 10:54 AM
Updated by:
 
Contributors