Reliable metrics to conclude an asset's defended status in Cloud Discovery

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Reliable metrics to conclude an asset's defended status in Cloud Discovery

L1 Bithead

The "defended" status, attached to each Cloud Discovery discovered asset, is not reflecting the asset's actual defended status. 

 

Across registry, serverless, hosts, etc, Prisma Cloud Discovery uses a loose definition to conclude the defended status of assets. For instance:

  • Registry scans -> Looks at the registry settings, does it have a setting matching the name of the registry? The it is considered "defended"

  • Serverless scans --> Does the cloud account have serverless scan enabled? Then it is considered "defended"

  • Containers/hosts --> Does the host have a defender? Then it is considered "defended"

 

What we have seen quite regularly is that, this is not enough. More metrics must be employed before concluding an asset is indeed defended.

 

Practical examples we have faced:

  • Registry Setting exists, but due to improper access credentials, the registry cannot be scanned. Cloud Discovery still shows it as defended

  • Accounts with Serverless Scan turned on appear as defended, when there are obvious issues collecting any data (see screenshots)

  • Etc.

 

Suggestion: Use of reliable metrics before concluding an asset's "defended" status.

 

Have you come across this issue? Did you manage to solve it? If yes, how? If not, please consider upvoting the idea linked below.

 

Linked Idea:  Use of reliable metrics | Prisma Cloud New Features Request Portal (aha.io)

 

Somewhat related LiveCommunity thread: Why are EKS Clusters defended with daemonsets NOT rendering in PCC/Manage/Defenders/Manage DaemonSet... 

1 REPLY 1

Community Team Member

Thanks for sharing @patriciar !

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 923 Views
  • 1 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!