This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Reliable metrics to conclude an asset's defended status in Cloud Discovery

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Reliable metrics to conclude an asset's defended status in Cloud Discovery

patriciar
L0 Member

‎01-02-2024 07:48 AM

The "defended" status, attached to each Cloud Discovery discovered asset, is not reflecting the asset's actual defended status. 

 

Across registry, serverless, hosts, etc, Prisma Cloud Discovery uses a loose definition to conclude the defended status of assets. For instance:

  • Registry scans -> Looks at the registry settings, does it have a setting matching the name of the registry? The it is considered "defended"

  • Serverless scans --> Does the cloud account have serverless scan enabled? Then it is considered "defended"

  • Containers/hosts --> Does the host have a defender? Then it is considered "defended"

 

What we have seen quite regularly is that, this is not enough. More metrics must be employed before concluding an asset is indeed defended.

 

Practical examples we have faced:

  • Registry Setting exists, but due to improper access credentials, the registry cannot be scanned. Cloud Discovery still shows it as defended

  • Accounts with Serverless Scan turned on appear as defended, when there are obvious issues collecting any data (see screenshots)

  • Etc.

 

Suggestion: Use of reliable metrics before concluding an asset's "defended" status.

 

Have you come across this issue? Did you manage to solve it? If yes, how? If not, please consider upvoting the idea linked below.

 

Linked Idea:  Use of reliable metrics | Prisma Cloud New Features Request Portal (aha.io)

 

Somewhat related LiveCommunity thread: Why are EKS Clusters defended with daemonsets NOT rendering in PCC/Manage/Defenders/Manage DaemonSet... 

1 person had this problem.
Preview file
69 KB
Preview file
71 KB
(1)
1 REPLY 1

JayGolf
Community Team Member

‎01-02-2024 04:09 PM

Thanks for sharing @patriciar !

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 605 Views
  • 1 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks