Prisma Cloud Release Notes For June 16, 2020

ENwankwo1

Features Introduced on June 16, 2020

New Features

FEATURE	DESCRIPTION
Threat Source and Unit 42 tags in Network RQL	In Network RQL, you can now filter for search results based on threat source, such as AutoFocus or Facebook ThreatExchange. And for AutoFocus, you can further query for specific tag groups using threat.tag.group that reference genre for malware families as categorized by the Unit 42 threat research team. For example: network where dest.publicnetwork IN ('Suspicious IPs') and threat.source IN ( 'AF' ) AND threat.tag.group = 'Cryptominer'
Prisma Cloud Business Edition on Azure China	Start using the Prisma Cloud tenant in China to connect to your Azure China subscriptions and monitor the resources deployed in China.
Plugin Updates for scanning IaC templates	The GitHub plugin adds support for Terraform version 0.12 and enables you to include your Prisma Cloud credentials as part of the installation process. The Visual Studio Code plugin adds support for Terraform version 0.12 and enables you to scan multiple files within a directory.
API Ingestion	GCP IAM Recommender, which is a part of the Google Recommendations service— gcloud-iam-policy-recommendation-list Additional permissions required are recommender.iamPolicyRecommendations.list . For details see permissions and roles for GCP. Google API Key— gcloud-api-key Additional permissions required are serviceusage.apiKeys.list . GCP has released this API as an alpha release. To use this API, you must be explicitly allowed access to the API from Google Cloud. Because Google Cloud does not provide an SLA for this alpha version, this API is also not bound by the terms of the Prisma Cloud SLA.
Saved Search Additions	Use the following Saved Search to easily create a policy and generate an alert if you want to check for: AWS IAM user with unused Key management or System manager permissions AWS IAM role which is not set with any permission boundaries or set with excessive permission boundary permissions

New Policy and Policy Updates

POLICY NAME	DESCRIPTION
AWS IAM roles with administrator access permissions	Identifies AWS IAM roles with administrator access privileges. Granting least privilege access is recommended as a security best practice.
AWS IAM groups with administrator access permissions	Identifies AWS IAM groups with administrator access privileges.
GCP SQL Server instance database flag 'cross db ownership chaining' is enabled	Identifies GCP SQL Server instances that are enabled for cross database ownership, so that you can assess the security implications of this setting.
GCP SQL Server instance database flag ‘contained database authentication’ is enabled	Identifies SQL Server instances that are enabled for contained database authentication, as this poses a security risk because control over access to the server is no longer limited to members of the system or security administrators.
Prisma Cloud Default Policies—No longer available	Due to the delay in generating the associated alerts, the following Prisma Cloud default policies are no longer available: AWS Multiple Lambda Functions using same IAM role. AWS Log metric filter and alarm does not exist for Security group changes. These policies are being removed to optimize performance and to address the time to alert delays due to the large volume of data that these policies parse.

Strata

Prisma

Cortex

Prisma Cloud Release Notes For June 16, 2020