Prisma Cloud Release Notes For April 21, 2020

Printer Friendly Page

 

Features Introduced on April 21, 2020

 
 

New Features

FEATURE
DESCRIPTION
Permission Groups to support granular RBAC for Compute
Prisma Cloud administrator who require access to the Compute tab or the Compute APIs, you can have granular access and visibility to perform their job functions. The new 
System Admin
, 
Only for Compute capabilities
permission group restricts access to only the Compute tab and enables access to the capabilities for protecting your host, containers,and serverless functions without access to the rest of the Prisma Cloud UI or API.
 

 

The 
Build and Deploy Security
 is another permission group that enables you to restrict access to the DevOps users who need access to a subset of Compute capabilities and/or API access to run IDE, SCM and CI/CD plugins for Infrastructure as Code and image vulnerabilities scans.
Account-Based RBAC for Compute
Visibility to Prisma Cloud Defender data on the 
Compute
 tab now corresponds to the AWS, Azure, or GCP cloud accounts that each administrator is allowed to view.
Custom Email Notification Templates
From the Notification Template Hub on Prisma Cloud, you can add a custom email template for alert notification emails. You can customize the message content and include a link in the email notification.
(
Beta
) Coverage for the MITRE ATT&CK Framework
Prisma Cloud adds support for MITRE ATT&CK, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, as a compliance standard. The MITRE ATT&CK Cloud Matrix for Enterprise support on Prisma Cloud maps policies to identify and protect you from cloud-based attack techniques on AWS, Azure, and GCP.
 

 

Saved Search Addition
The saved search for AWS VPC nearing availability limit enables you to detect if the VPCs per region has reached 80% of the resource availability limit. You can then easily create a policy and generate an alert when the threshold is reached.
Granular list of Permissions for GCP
If you want to create a custom role for onboarding your GCP project or organization on Prisma Cloud, you can now use the list of granular permissions required for successfully onboarding the account.
Unusual User Activity Alerts Enhanced for Service Group Context
If a user typically uses a set of services, and Prisma Cloud detects a new service being used, the alert details include additional context on the anomaly. It alerts you on what was unusual about the activity, and whether the service accessed belongs to the same or a different service group.
 

 

API Ingestion
APIs to ingest the following services:
 
  • AWS Elastic Beanstalk updates to ingest 
    aws-elasticbeanstalk-configuration-settings
 
  • AWS Organization 
    aws-organization
 
 
 
 

Policy Updates

POLICY
DESCRIPTION
Policy Updates
The Recommendation instructions for the 
Azure Load Balancer diagnostics logs are disabled
 is updated.
The 
AWS S3 bucket not configured with secure data transport
 policy is enhanced to check whether bucket is exposed publicly before checking on whether it uses secure data transport.
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
3 weeks ago
Updated by:
 
Contributors