Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
Prisma Cloud Release Notes, Features Introduced in 20.12.1, December 2020
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- Technologies
- Prisma Cloud
- Prisma Cloud Articles
- Prisma Cloud Release Notes, Features Introduced in 20.12.1, December 2020
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report This Content
ENwankwo1
L3 Networker
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
on 01-25-2021 04:09 PM - edited on 01-25-2021 04:13 PM by jadickson
No ratings
New Features Introduced in 20.12.1
New Features
|
FEATURE
|
DESCRIPTION
|
|---|---|
|
Machine Learning Classification Improvements for Unusual User Activity / UEBA Policies
|
For better detection of anomalies, the machine learning model is being updated on Prisma Cloud. These changes are transparent to you.
For Excessive login failures, the detection window has been reduced from 1 hour to 15 minutes and the default threshold is set to 5 failed login events. Also, the model building thresholds have been reduced from 7 days and 4 events to 1 day and just 1 event to help you detect incidents sooner.
For generating alerts on Account hijacking attempts, the minimum distance between the two locations has to be at least 1000 miles within a 2-hour period.
For Unusual user activity, the unknown location alert will be generated only if the new location is at least 160 miles away, instead of 120 miles from any of the known locations in the model.
|
|
Malware Scan Status in Data Inventory
|
If you have enabled the Prisma Cloud Data Security subscription, you can review the malware scan status on the Data Inventory table on Inventory Data.
Two new columns display the time stamp of when Prisma Cloud received the verdict from the WildFire service, and the scan status to indicate whether the scan is in progress, failed, file type is not supported or too large, or confirmation if the object is malware or benign.
|
|
Read-Only Permission Group Update
|
Prisma Cloud administrators who are assigned to the read-only permission group can now save filters on the
Asset Inventory and Compliance page.
|
|
API Ingestion
|
Azure Data Lake Analytics
azure-data-lake-analytics-account
Microsoft.DataLakeAnalytics/accounts/read
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/read
Microsoft.DataLakeAnalytics/accounts/firewallRules/read
Microsoft.DataLakeAnalytics/accounts/storageAccounts/read
Microsoft.Authorization/permissions/read
The Reader role includes these permissions, and the azure_prisma_cloud_read_only_role.json will be updated to include the permissions.
In addition to the permissions above, on each Azure Data Lake Analytics account you must assign the Prisma Cloud role to access catalog related information such as ACLs, databases, credentials, external data sources, so that it can ingest metadata. For details on how to enable permissions, see Set up your Azure subscription for Prisma Cloud.
|
|
|
Azure Data Lake Store (Gen 1)
azure-data-lake-store-gen1-account
Microsoft.DataLakeStore/accounts/read
Microsoft.DataLakeStore/accounts/firewallRules/read
Microsoft.DataLakeStore/accounts/virtualNetworkRules/read
Microsoft.DataLakeStore/accounts/trustedIdProviders/read
The Reader role includes these permissions, and the azure_prisma_cloud_read_only_role.json will be updated to include the permissions.
|
New Policy and Policy Updates
|
NEW POLICIES AND POLICY UPDATES
|
|
|---|---|
|
Policy Updates—RQL and Metadata
|
AWS Security Groups policies
These policies are renamed to remove the word 'internet' from the name and to leverage nested rules for RQL optimization:
Reason:
Impact
—There is no change in the number of alerts generated against these policies. |
|
Azure Network Security Group policies
Reason
—The severity was updated because these policies check for overly permissive Azure network security group inbound rules from all open ports for TCP, UDP or any protocol.Impact
— The compliance report may include additional alerts because three additional policies are mapped to Azure CIS compliance benchmark. |
|
|
|
GCP Kubernetes Engine Clusters have HTTP load balancing disabled
Updated RQL
— The updated RQL is config from cloud.resource where cloud.type = 'gcp' AND api.name = 'gcloud-container-describe-clusters' AND json.rule = 'addonsConfig.httpLoadBalancing.disabled equals true'Impact
—Open alerts that are false positives will be resolved. |
|
Custom Policy Modification
|
When you modify the RQL in a custom policy, you cannot change the cloud.type and the api.name, in the existing policy.
To revise either of these attributes, you must create a new custom policy and disable or delete the existing policy.
|
REST API Updates
|
CHANGE
|
DESCRIPTION
|
|---|---|
|
Infrastructure-As-Code (IaC) Scan API Version 2
|
A new IaC Scan API that returns scan result details in OASIS Static Analysis Results Interchange Format (SARIF) is available.
|
Labels:
Rate this article:
Labels
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
