FEATURE
|
DESCRIPTION
|
---|---|
Support for the AWS Hong Kong region
|
Prisma Cloud can now monitor resources in the AWS Hong Kong region (ap-east-1).
|
IP Address Modeling for Anomaly Alert Generation
|
To reduce false positives when detecting unusual user activity, Prisma Cloud has augmented UEBA modeling to incorporate IP address information.
Prisma Cloud relies on a third-party source for IP address to geo-location resolution to detect unusual user activity. Using the IP address to geo-location resolution can sometimes generate false positives in the Unusual User Activity policy when the same IP resolves to different locations at different points in time. With this modeling change, when there is unusual user activity from a previously unseen location for a known IP address, the service no longer generates anomaly alerts.
|
Microsoft Teams Integration
|
Create an Office 365 webhook integration on a Microsoft Teams channel and configure Prisma Cloud to send notifications to it. Sending RedLock alerts to a Microsoft Teams channel enables your DevOps and SecOps teams to investigate and remediate security incidents more promptly.
|
API Ingestion Updates
|
Prisma Cloud has added coverage for the GCP API service gcloud-compute-global-forwarding-rule
|
POLICY NAME
|
DESCRIPTION
|
---|---|
GCP storage bucket is encrypted using default KMS key instead of customer-managed key
|
Identifies storage buckets that are encrypted with the default Google-managed keys. As a best practice, use Customer-managed keys to encrypt the data in your storage bucket and ensure full control over your data.
|
GCP load balancer target proxy is configured with default SSL policy instead of custom SSL policy
|
Identifies load balancer target proxies which are configured with default SSL policy instead of a custom SSL policy. As a best practice, using custom SSL policy to access load balancers gives you better control over SSL/TLS versions and ciphers.
|
GCP load balancer HTTPS target proxy is not configured with QUIC protocol
|
Identifies load Balancer HTTPS target proxies which are not configured with QUIC protocol. Enabling the QUIC protocol helps the load balancer target HTTPS proxies to establish connections faster, supports stream-based multiplexing, improved loss recovery, and eliminates head-of-line blocking.
|
This information was adapted from a TechDocs article. For more information about the release notes or to view other release notes, please visit Features Introduced on July 11, 2019.