Prisma Cloud Release Notes for June 22, 2019

Printer Friendly Page

New Features

FEATURE
DESCRIPTION
Amazon GuardDuty Findings on IAM Users
To help you to find potential security issues —malicious activity and unauthorized behavior— that pertain to IAM Users who are identified in Amazon GuardDuty findings, you can now specify hostfinding.type = 'AWS GuardDuty IAM' in a Config RQL query.
aws-guardduty-iam.png
Azure Network Security Group Rule Actions
To help you audit Network Security Groups (NSGs) directly from the RedLock console, the resource explorer and the network explorer display how Azure NSGs are configured to enforce traffic in your Azure environment.
To display the information on the Azure NSG rule, both the resource explorer and the network explorer, now have a new Action column, which indicates whether the NSG rule is set to Allow or Deny traffic.
API Ingestion Update
Prisma Cloud has improved coverage for the following API service that you can query using RQL:
The API aws-elasticbeanstalk-environment JSON is modified to include the response from the environment resources details in the describeEnvironmentResources field.
 

Policy Updates

The following new policies are available in this release:
POLICY NAME
DESCRIPTION
AWS EKS cluster control plane assigned to multiple security groups
Checks the number of security groups assigned to your AWS EKS cluster control plane and alerts if more than one security group is attached to the cluster.
AWS EKS cluster using the default VPC
Identifies AWS Kubernetes clusters which are configured with the default VPC instead of a custom VPC.
AWS EKS control plane logging disabled
Checks whether or not Kubernetes control plane logging for audit and diagnostic logs is enabled so that log data on your EKS cluster is directly written to CloudWatch Logs. This policy alerts you if logging is disabled.
AWS EKS cluster security group overly permissive to all traffic
Identifies security group rules that are attached to the cluster network and allow inbound traffic for all protocols from the public internet.
AWS EKS cluster endpoint access publicly enabled
Checks whether your Kubernetes cluster endpoint that enables the API server to communicate with all worker nodes within your cluster is publicly accessible. This policy alerts if you have not restricted public access to the Kubernetes cluster endpoint.

 

This information was adapted from a TechDocs article. For more information about the release notes or to view other release notes, please visit Features Introduced on June 22, 2019.

Tags (4)
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎08-26-2019 10:22 AM
Updated by:
 
Contributors