Prisma Cloud Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
In today's digital landscape, webshell attacks pose a significant security threat to organizations worldwide. These attacks involve the deployment of malicious scripts on a web server, allowing attackers to: Gain unauthorized access Execute commands Manipulate server resources   Webshells can be exploited for various malicious activities, such as data theft, system compromise, and further infiltration into an organization's network.   As web applications evolve in complexity, so do the techniques used in these attacks. Traditional security measures often fall short in detecting webshells due to their ability to blend in with legitimate web traffic and their minimal footprint on the server. Therefore, proactive detection and quick response are essential to mitigate these threats.
View full article
After being named a Leader in 2024 for the fifth consecutive year in the Gartner® Magic Quadrant™ for Cloud AI Developer Services, Azure AI is positioned at the forefront of empowering customers on their generative AI journey, offering a wide variety of models (such as OpenAI, Phi-3, Meta), models dedicated to sectors such as healthcare, as well as an Unified AI development platform (Azure AI Studio) to help developers accelerate the development of production-ready copilots.   Given the rise of this service, in this document, we aim to explore how Prisma Cloud AI-SPM can help customers in discovering Azure AI resources to effectively detect and prioritize AI risks.
View full article
Effective risk prioritization and vulnerability management are essential for securing modern cloud-native environments. Prisma Cloud offers robust features that help organizations assess, prioritize, and mitigate vulnerabilities using contextual insights. This article outlines key strategies and workflows for leveraging Prisma Cloud's risk factors, focusing on optimizing vulnerability remediation efforts.Risk prioritization in vulnerability management is achieved by combining environmental context and Common Vulnerabilities and Exposures (CVE) risk factors, enabling organizations to focus on the most critical threats.   Prisma Cloud provides two categories of risk factors—CVE risk factors and Environmental risk factors—to identify and address vulnerabilities. These factors enable SecOps teams to assess vulnerabilities' potential impact and prioritize remediation based on the actual risk to their environment.
View full article
Integrating Prisma Cloud with Azure Sentinel enables you to centralize and analyze security data from your Prisma Cloud environment within Azure Sentinel. This integration provides advanced threat detection, security monitoring, and incident response capabilities by forwarding Prisma Cloud findings (Only Audit Incidents) to Azure Sentinel. The process is streamlined through the use of a Data Connector, which allows Prisma Cloud Audit Incidents to be ingested and correlated with other security data within Sentinel.
View full article
Prisma Cloud agentless scanning is initially configured in the same account scanning architecture. In this article, we describe an alternative approach as customers might prefer the hub and target account scanning architecture.   
View full article
This guide describes how to configure agentless vulnerability and compliance scanning for virtual machines in Microsoft Azure subscriptions.   This article will use a credential dedicated to the agentless scanning process.  
View full article
The Prisma Cloud Darwin release enables you to utilize out of the box dashboards as well as custom dashboards. With the capabilities to track and monitor your cloud security posture ranging from vulnerabilities to compliance. In this article, we will discuss the existing OOTB dashboards and the capability of creating custom dashboards in Prisma Cloud.
View full article
This document goes over how to configure Azure RBAC providing fine-grained access to Azure Resources and visibility in Prisma Cloud.   With Azure RBAC, you can create a role definition that outlines the permissions to be applied to Prisma Cloud app registrations. This article specifically addresses the application of Azure RBAC predefined roles to manage access to Azure resources.    Azure Resources offers two authorization systems such as Azure Role Based Access Control and an access policy model.    Azure RBAC has several built-in roles you can assign to service principals and managed identities.    Azure Resources authorized by access policy model  Azure Resources authorized by Azure RBAC (Recommended Authorization)   The Prisma Cloud role created for Azure ingestion with Terraform currently utilizes the access policy module, requiring the addition of permissions one at a time. Azure recommends leveraging role-based Azure RBAC, which enables configuring permissions for Prisma Cloud using pre-defined Azure roles containing a set of permissions. With Azure RBAC, any updates to the role's permissions automatically apply without the need for manual adjustments.
View full article
Prisma Cloud allows you to create policies to ensure that your Cloud Security Posture Management is in compliance with best practices and the needs of your organization.  These policies create alerts which need to be evaluated and also indicate which cloud objects need to be updated to be in compliance.    Managing these alerts is a task that many organizations find difficult as the number of alerts increases. Prisma Cloud allows you to define an auto-remediation to correct certain alerts.  However, oftentimes an organization requires much more customization and integration with other tools that they are using.    This article describes how to increase your alert automation and integrate with other tools by using a security orchestration, automation, and response (SOAR) platform from Palo Alto Networks.
View full article
A common customer question is how to view host vulnerabilities in the Asset Inventory for each Cloud Service Provider. In this article, we will focus on Azure, following up with articles for GCP and AWS.     Kubernetes is a popular container orchestration tool.  Most Cloud Service Providers have a managed offering.  Azure has AKS, Google offers GKE, AWS has EKS and Red Hat offers RedHat openshift.   The container workloads for all of these managed offerings run on host machines and those machines can contain vulnerabilities.
View full article
Prisma Cloud collects data about cloud resources in your cloud accounts and allows extracting information about those cloud resources such that answers to common security questions can be answered, such as show me ec2 volumes that are not encrypted.   These queries are written in Resource Query Language (RQL), and can be debugged and run on the Investigate page in Prisma Cloud.
View full article
Event Assisted Ingestion is an enhancement that is intended to reduce the number of API calls. It helps to make the API call only if the resource configuration is changed. Prisma Cloud will listen to any changes on the resources we support and it calls the corresponding API to sync the details for the resource between the cloud and itself.   Prisma Cloud leverages Amazon EventBridge to receive audit logs in near real-time, thus allowing Prisma Cloud to reduce the total number of API calls and total time to alert.
View full article
The Prisma Cloud image analysis sandbox lets you dynamically analyze the runtime behavior of images before running them in your development and production environments. This article will walk you through the installation, execution, and analysis of the results of a sample image using the image analysis sandbox features of Prisma Cloud.
View full article
Many organizations have to create, read, update, and delete their cloud infrastructure. Terraform is an easy way to provision and deploy Infrastructure resources such as servers, databases, network components, etc.    By using Terraform, you no longer have to log in nor navigate and set up all your settings manually in the Prisma Cloud console. You can now just simply create a Terraform configuration and efficiently apply it directly in a command line.   In this article, we would like to illustrate how you can onboard your AWS accounts using Prisma Cloud Terraform provider.
View full article
This guide describes how to configure agentless vulnerability and compliance scanning of virtual machines in Microsoft Azure subscriptions. This example uses Prisma Cloud Enterprise Edition (PCEE, Compute SaaS) which has a different configuration process from using the same feature in the Compute Edition (Self-Hosted). Additionally, we will be onboarding and scanning a single Azure subscription.
View full article
Prisma Cloud allows you to create policies to ensure that your Cloud Security Posture Management is in compliance with best practices and the needs of your organization.  These policies create alerts which need to be evaluated and also indicate which cloud objects need to be updated for compliance.    Managing these alerts is a task that many organizations find difficult as the number of alerts increases. Prisma Cloud allows you to define an auto-remediation to correct certain alerts.  However, oftentimes an organization requires much more customization and integration with other tools that they are using.   This article continues on from the previous article “Enhanced Alert Remediation” using XSOAR via CSPM, building on the concepts introduced in that article.     This article will dive into post-integration of Prisma Cloud alerts to Cortex XSOAR incidents (where we discussed how to integrate Prisma Cloud to Cortex XSOAR), and how playbooks can be used to not only help remediate, but create an organized flow on how these violations should be delegated.
View full article
A common customer question is how to view host vulnerabilities in the Asset Inventory for each Cloud Service Provider. Host vulnerabilities are easily identified in the Runtime Security Module, by selecting Monitor - Vulnerabilities - Hosts.    Most Cloud Service Providers have a managed offering-- Azure has AKS, Google offers GKE, AWS has EKS and Red Hat offers RedHat openshift; in this article, specifically, we will focus on EKS. The container workloads for all of these managed offerings run on host machines and those machines can contain vulnerabilities.   The Prisma Cloud Command Center (Figure 1) and Vulnerabilities (Figure 2) dashboards are the first high level dashboards that provide visibility into Vulnerabilities, and its purpose is to identify top issues by severity for hosts, images and repositories.  In order to narrow the scope and filter based on EKS worker nodes in Cloud Security, it is recommended to explore the asset inventory.
View full article
The Palo Alto Networks Prisma Cloud (CSPM and CWPP) not only can help the organizations to discover the impacted resources, but can also protect the exploit from happening.   Vulnerabilities or CVEs are publicly disclosed security vulnerabilities that threat actors can exploit to gain unauthorized access to systems or networks. CVEs are widely present in programs and operating systems until an organization works to remediate the known CVEs.  The list of known vulnerabilities continues to increase daily, and the prioritization of these vulnerabilities change rapidly as exploits are found.    This article will guide you on leveraging the Prisma Cloud Product to gain visibility of your cloud resources affected by any vulnerabilities/CVEs.  In this article, we will use Log4Shell and/or SpringShell as an example of a vulnerability to demonstrate how Prisma Cloud can help with understanding your Attack Surface. 
View full article
The Kubernetes auditing system tracks the activities of users, administrators, and other components impacting the cluster. Once you configure the Prisma Cloud CWP Kubernetes auditing feature, Prisma Cloud can ingest, analyze, and alert on security-relevant events. You can either write custom rules or use pre-written rules from Prisma Cloud Labs to evaluate the incoming audit stream and detect suspicious activities.   This article outlines troubleshooting steps to follow if audit logs are not visible in the console after configuring Kubernetes auditing for your Elastic Kubernetes Service (EKS).  
View full article
Identity and Access Management (IAM) refers to the processes and tools for managing user access to resources and enforcing security policies. IAM is crucial for securing the modern enterprise as it enables organizations to control who can access what resources. By enforcing strong IAM policies, companies can enforce the principle of least privilege, meaning users and resources are only granted minimum permissions necessary to perform their jobs. This minimizes the horizontal scaling of security attacks in the event of compromised credentials.    Prisma Cloud offers capabilities to embed IAM into the software delivery lifecycle. It can scan infrastructure-as-code for misconfigurations and enforce least privilege during deployment. Additionally, Prisma Cloud can monitor permissions at runtime and alert on anomalies that indicate privilege creep or excessive permissions. By leveraging the CIEM module within Prisma Cloud, organizations can confidently monitor access while minimizing risk.   This article will provide RQLs to create sample policies based on IAM requirements, as well as demonstrate how a simple IAM RQL can be continually extended to add additional IAM functionality. 
View full article
The Prisma Cloud Asset Inventory Dashboard provides up-to-date information on all cloud assets from various cloud types that Prisma Cloud monitors in a centralized dashboard. You can use the Inventory dashboard to manage your applications, assets, compute workloads, and data.   The Prisma cloud asset inventory enables customers to perform the following: Analyze changes to resources  Review access Identify vulnerabilities, findings, and attack path situations Provide risk mitigation directives Improve operational efficiency   Centralizing the visibility of cloud assets will eliminate manual effort and allow teams to focus on more important tasks. 
View full article
Prisma Cloud Console is backwards compatible with up to two (n-2) major releases back (including all minor versions) for the following:   All types of Defenders. Twistcli/Jenkins plugin.
View full article
This document presents a step-by-step guide for automating the deployment of Prisma Cloud Windows container defender to Google Kubernetes Engine Windows nodes. You will set up a Kubernetes cluster with a Windows node-pool and leverage the Google Cloud startup scripts on Windows VMs to install the Prisma Cloud container defenders. We will discuss installation of Prisma Cloud defender on Windows Google Kubernetes Engine clusters.
View full article
“Auto Create Account Groups” is a useful feature for managing a large number of GCP projects and folders.    If there are various teams creating folders and projects in your organization, it makes sense to have separate account groups for each team, and create separate alert rules based on the account groups. This will help maintain alert isolation for each team and make it manageable for taking proactive actions to mitigate those alerts.    In this article, we would like to illustrate an example using a GCP account with nested folders and projects in a GCP Organization. The name of the GCP Organization is “example.world” 
View full article
This document provides guidance on how to configure Single Sign On (SSO) between Prisma Cloud Enterprise and Microsoft Entra ID (formally known as Azure Active Directory, or Azure AD) to use Just-in-Time (JIT) provisioning to automatically create users in Prisma Cloud based on their AD Groups assignment.
View full article
Visibility is a crucial part of cyber-security because “if you cannot see the asset, then you cannot protect it.” Prisma Cloud Workload protection has a RADARS section which helps visualize digital assets in a cloud environment.
View full article
A Secrets Manager is a secure and centralized tool or service used in the field of information technology and cybersecurity to store, manage, and access sensitive information, commonly referred to as "secrets". These secrets can include credentials, API keys, encryption keys, certificates, and other sensitive data that applications and services require for secure operation. Secret Manager systems can vary depending on the platform or service you use. For example: Cloud-Based: Cloud providers like AWS Secrets Manager, Google Cloud Secret Manager, and Azure Key Vault offer secret management services tailored for their respective cloud ecosystems. Containers often require sensitive information, such as passwords, SSH keys, encryption keys, and so on. Prisma Cloud integrates with many common secrets management platforms to securely distribute secrets from those stores to the containers that need them.
View full article
Many teams are relying on automation to streamline their Security Operations Center. Automation allows customers to scale their operations as their cloud presence grows and allows the data from Prisma Cloud to be integrated with a customer’s existing workflow to manage Cloud security.  This API is also used by Cortex XSOAR playbooks for alert remediation and alert report generation.
View full article
If you have ever wondered whether you can use APIs to unlock the full potential of Prisma Cloud's data, you are in the right place. This article explores how to connect securely, navigate the available endpoints, and most importantly, extract crucial information about your cloud environment through the understanding of the core components of Prisma Cloud API. By the end of this article, you will have a solid understanding of how to take advantage of Prisma Cloud’s API to enhance your visibility into your organization's cloud security posture. 
View full article
A best practice in security is alerting on the assets that you find most critical. The concept of vulnerability and exploit defines that a vulnerability can be exploited.   
View full article
  • 43 Posts
  • 286 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
Top Contributors
Top Liked Authors