on 04-01-2020 05:29 PM - edited on 09-01-2020 01:07 PM by kwadsack
FEATURE | DESCRIPTION |
International Regions Support on Alibaba Cloud | If you have adopted Alibaba Cloud, you can now use Prisma Cloud for visibility and compliance monitoring of International regions, in addition to the regions within Mainland China. To get started, add your Alibaba Cloud account on Prisma Cloud. |
Asset Inventory and Compliance Overview—Usability Enhancements | The inline links on the Inventory > Asset and Compliance > Overview take you to the Asset Explorer, and the View Alerts links enable you to view all open alerts on Alerts > Overview filtered by severity.
|
API Ingestion Update | Azure
AWS
|
RQL Config queries with joins support json.rule specification within the alias clause |
For faster search results in a join operation, you can now use json.rule as part of the alias clause within a Configuration RQL, config where query. For example, to get a list of all EC2 instances that use a specified snapshot ID and AMI, you can use the query: config where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*].key contains "Name" as X; config where api.name = 'aws-ec2-describe-snapshots' AND json.rule = snapshot.snapshotId contains "snap-004b0221589e516d7" as Y; config where api.name = 'aws-ec2-describe-images' AND json.rule = image.imageId contains "ami-03698559b1d406e89" as Z; Instead of using: config where api.name = 'aws-ec2-describe-instances' as X; config where api.name = 'aws-ec2-describe-snapshots' as Y; config where api.name = 'aws-ec2-describe-images' as Z; filter '(($.X.tags[*].key contains "Name") and ($.Y.snapshot.snapshotId contains "snap-004b0221589e516d7") and ($.Z.image.imageId contains "ami-03698559b1d406e89"))' ; show X; limit search records to 100
|
Search within the JSON Resource configuration |
Prisma Cloud administrative console provides a new search window directly within the JSON Resource configuration on the Investigate page. Use this search to easily find something that is part of the metadata ingested on Prisma Cloud, and speed up your investigation.
|
CLOUD | POLICY NAME AND DESCRIPTION |
AWS | A set of AWS policies that identify the AWS regions where you have not enabled AWS Log metric filter and alarms to monitor configuration changes, and detect unauthorized, or malicious activities. The following policies are now available:
|
Azure |
Azure Monitor log profile does not capture all activities — Identifies the Monitor log profiles which are not configured to capture all activities for the categories Write, Delete, and Action for the control/management plane activities performed on the subscription.
Azure log profile not capturing activity logs for all regions — Identifies Azure log profiles which are not capturing activity logs for all regions.
Azure MySQL Database Server SSL connection is disabled — Identifies Azure MYSQL database server for which SSL connections between database server and client applications are not encrypted and can be at risk of ‘man in the middle’ attacks.
Azure Storage Account Container with Activity log has BYOK encryption disabled — Identifies Azure storage account where the activity logs are exported with BYOK (Bring Your Own Key) without encryption, and hence lacks confidentiality controls for log data.
|
Google Cloud Platform | A set of GCP policies that identify GCP projects where you have not enabled Log metric filter and alarms to monitor configuration changes, and detect unauthorized, or malicious activities.
|
For more information, please review the new features in the Prisma Cloud February 26, 2020 Release Notes in TechDocs.