|Resource Count Attribute in Config RQL||
The count attribute in RQL provides you with a tally of the number of resources of a specific type.
config where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-vpcs' as X; config where api.name = 'aws-ec2-describe-subnets' as Y; filter 'not $.X.vpcId equals $.Y.vpcId'; show X; count(X) > 2
displays the number of VPCs that do not have subnets associated only when there are more than 2 VPCs (for the selected time period).
count is available for use with the api.name attribute as <X, Y or Z>); it is not available with json.rule.
When the api.name is a global service (such as, aws-iam-get-account-summary), count includes all resources for that service within the cloud account; if the api.name is a regional service (such as, aws-rds-describe-db-instances), the count includes the only resources tied to the cloud region for the cloud account.
|Tag-Based Filtering for All Cloud Resources||
You can now find all resources that have a specific tag name or value.
The operators supported include the following:
config where tag ('key') = 'value', for example,
config where tag ('CreatedBy') ='Automation'
config where tag ('key') EXISTS, for example,
config where tag('CreatedBy') exists
config where tag ('key') in ('value1', 'value2', 'value3'), for example,
config where tag ('AcmeApiName') in ('azure-network-lb-list', 'aws-iam-list-access-keys')
So, instead of finding resources that are tagged within a specific service such as
config where api.name = 'gcloud-compute-instances-list' AND json.rule = tags.items[*] contains "production"
You can now find all resources with a specific tag value across a cloud platform or all cloud platforms.
You can also use All, Any and the negation of the operators listed above.
Tag-based filtering allows you to find resources on the Investigate page. You cannot save the query as a saved search or use it in custom policy. Additionally, only the tags that are displayed in the Resource Explorer are available for you to match on.
|Inventory and Asset Explorer||
The Asset Inventory is renamed as Inventory and is now accessible directly from the left navigation. Along with this change, you have a new Asset Explorer page enables you to view all the resources that pass compliance checks on Prisma Cloud. To view the Asset Explorer, click the
Passed resources link on the Compliance > Overview page.
|ServiceNow Integration Update||
Prisma Cloud can now support ServiceNow releases Madrid and New York for incident management and security incident management flows.
With this release, when you enable the integration, you are prompted to select your ServiceNow release version. If you have an existing ServiceNow integration on Prisma Cloud, the London release is selected as the default version and you can edit it on Settings > Integrations to select the correct release version, if different.
|HiTrust Compliance Standard Version 9.3||Prisma Cloud enables you to audit your AWS, Azure, and GCP resources against the healthcare regulatory requirement, Health Information Trust Alliance (HITRUST) Version 9.3 compliance standard to ensure that your workloads that store, process, transmit, and analyze protected health information are securely handling sensitive data.|
|API Ingestion Update||
The JSON metadata for the following APIs have been updated:
azure-network-nsg-list includes the fields:
$.securityRules[*].sourceApplicationSecurityGroups and $.securityRules[*].destinationApplicationSecurityGroups
azure-network-nic-list includes the field: $.properties.ipConfigurations.properties.applicationSecurityGroups
Prisma Cloud can now retrieve the metadata on the server side encryption algorithm—AES256 or KMS—used on an S3 bucket. When it uses KMS, the kmsMasterKeyID is included with this update. You to find the sse algorithm in use, you can use the RQL
|AWS ECR repository is exposed to public||Identifies AWS Elastic Container Registry (ECR) repository, a collection of Docker images available on AWS cloud, that are publicly accessible.|
|Azure PostgreSQL database with SSL connection disabled||Identifies Azure PostgreSQL database servers that do not enforce SSL for communication with the client application.|
|Azure PostgreSQL database with log checkpoints parameter disabled||Identifies Azure PostgreSQL database servers that do not have the log checkpoint parameter enabled to generate query and error logs.|
|Azure PostgreSQL database with log connections parameter is disabled||Identifies Azure PostgreSQL database servers that do not have the log connections parameter enabled to record all connection attempts to the server including successful client authentication events.|
|Azure PostgreSQL database with log disconnections parameter disabled||Identifies Azure PostgreSQL database servers that do not have the log disconnections parameter enabled to record when a session ends, which triggers the generation of query and error logs.|
|Azure PostgreSQL database with log duration parameter disabled||Identifies Azure PostgreSQL database servers that do not have the log duration parameter enabled to record the duration of each completed SQL statement, which triggers the generation of query and error logs.|
|Azure PostgreSQL database with connection throttling parameter is disabled||Identifies Azure PostgreSQL database servers that do not have connection throttling enabled to verbosely record log messages, and generate query and error logs for concurrent connections.|
|Azure PostgreSQL database log retention days is less than or equal to 3 days||Identifies Azure PostgreSQL database servers that do not have log retention period set to at least four days.|
For more information, please review the Features Introduced on December 19, 2019 in TechDocs.