Prisma Cloud Release Notes for February 26, 2020

Printer Friendly Page

Features Introduced on February 26, 2020

 

Prisma Cloud has an update to the Service Names that are displayed for each cloud provider.
For details, see Service Name Changes.

 

New Features

FEATURE DESCRIPTION
International Regions Support on Alibaba Cloud If you have adopted Alibaba Cloud, you can now use Prisma Cloud for visibility and compliance monitoring of International regions, in addition to the regions within Mainland China. To get started, add your Alibaba Cloud account on Prisma Cloud.
Asset Inventory and Compliance Overview—Usability Enhancements The inline links on the Inventory > Asset and Compliance > Overview take you to the Asset Explorer, and the View Alerts links enable you to view all open alerts on Alerts > Overview filtered by severity. 

Prisma Cloud Usability Asset CompliancePrisma Cloud Usability Asset Compliance

 

API Ingestion Update Azure
  • azure-databricks-workspace
  • azure-data-factory-v2

 

AWS

  • aws-directconnect-describe-gateway
  • aws-vpc-nat-gateway
  • aws-waf-classic-web-acl-resource
    To ingest the resources associated with this API, you must update the CFT and enable additional permissions:
    • waf-regional:ListResourcesForWebACL
    • waf-regional:ListWebACLs
  • aws-logs-describe-metric-filters is updated so that the count function now reports asset metadata for the AWS account instead of grouping data by AWS region.
RQL Config queries with joins support json.rule specification within the alias clause

For faster search results in a join operation, you can now use json.rule as part of the alias clause within a Configuration RQL, config where query.

For example, to get a list of all EC2 instances that use a specified snapshot ID and AMI, you can use the query:

config where api.name = 'aws-ec2-describe-instances' AND json.rule = tags[*].key contains "Name" as X; config where api.name = 'aws-ec2-describe-snapshots' AND json.rule = snapshot.snapshotId contains "snap-004b0221589e516d7" as Y; config where api.name = 'aws-ec2-describe-images' AND json.rule = image.imageId contains "ami-03698559b1d406e89" as Z;

Instead of using:

config where api.name = 'aws-ec2-describe-instances' as X; config where api.name = 'aws-ec2-describe-snapshots' as Y; config where api.name = 'aws-ec2-describe-images' as Z; filter '(($.X.tags[*].key contains "Name") and ($.Y.snapshot.snapshotId contains "snap-004b0221589e516d7") and ($.Z.image.imageId contains "ami-03698559b1d406e89"))' ; show X; limit search records to 100

 

Search within the JSON Resource configuration

Prisma Cloud administrative console provides a new search window directly within the JSON Resource configuration on the Investigate page. Use this search to easily find something that is part of the metadata ingested on Prisma Cloud, and speed up your investigation. 

RQL Search Within Resource ConfigRQL Search Within Resource Config

 

 

 

 

New Policies

CLOUD POLICY NAME AND DESCRIPTION
AWS A set of AWS policies that identify the AWS regions where you have not enabled AWS Log metric filter and alarms to monitor configuration changes, and detect unauthorized, or malicious activities. The following policies are now available:
  • AWS Log metric filter and alarm does not exist for unauthorized API calls
  • AWS Log metric filter and alarm does not exist for IAM policy changes
  • AWS Log metric filter and alarm does not exist for CloudTrail configuration changes
  • AWS Log metric filter and alarm does not exist for AWS management console authentication failures
  • AWS Log metric filter and alarm does not exist for disabling or scheduled deletion of customer created CMKs
  • AWS Log metric filter and alarm does not exist for S3 bucket policy changes
  • AWS Log metric filter and alarm does not exist for AWS Config configuration changes
  • AWS Log metric filter and alarm does not exist for Security group changes
  • AWS Log metric filter and alarm does not exist for Network Access Control Lists (NACL) changes
  • AWS Log metric filter and alarm does not exist for Network gateways changes
  • AWS Log metric filter and alarm does not exist for Route table changes
  • AWS Log metric filter and alarm does not exist for VPC changes
Azure

Azure Monitor log profile does not capture all activities — Identifies the Monitor log profiles which are not configured to capture all activities for the categories Write, Delete, and Action for the control/management plane activities performed on the subscription.

 

Azure log profile not capturing activity logs for all regions — Identifies Azure log profiles which are not capturing activity logs for all regions.

 

Azure MySQL Database Server SSL connection is disabled — Identifies Azure MYSQL database server for which SSL connections between database server and client applications are not encrypted and can be at risk of ‘man in the middle’ attacks.

 

Azure Storage Account Container with Activity log has BYOK encryption disabled — Identifies Azure storage account where the activity logs are exported with BYOK (Bring Your Own Key) without encryption, and hence lacks confidentiality controls for log data.

 

Google Cloud Platform A set of GCP policies that identify GCP projects where you have not enabled Log metric filter and alarms to monitor configuration changes, and detect unauthorized, or malicious activities.
  • GCP Log metric filter and alert does not exist for VPC network changes
  • GCP Log metric filter and alert does not exist for Cloud Storage IAM permission changes
  • GCP Log metric filter and alert does not exist for SQL instance configuration changes
  • GCP Log metric filter and alert does not exist for IAM custom role changes
  • GCP Log metric filter and alert does not exist for Project Ownership assignments/changes
  • GCP Log metric filter and alert does not exist for Audit Configuration Changes
  • GCP Log metric filter and alert does not exist for VPC Network Firewall rule changes
  • GCP Log metric filter and alert does not exist for VPC network route changes

 

For more information, please review the new features in the Prisma Cloud February 26, 2020 Release Notes in TechDocs.

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎05-15-2020 04:42 PM
Updated by:
 
Contributors