Prisma Cloud Release Notes For June 16, 2020

Printer Friendly Page

 

Features Introduced on June 16, 2020

 

 

 

New Features
 
 
 
 
 
 
 
 
 
 
FEATURE
DESCRIPTION
Threat Source and Unit 42 tags in Network RQL
In Network RQL, you can now filter for search results based on threat source, such as AutoFocus or Facebook ThreatExchange.
 

 

And for AutoFocus, you can further query for specific tag groups using 
threat.tag.group
 that reference genre for malware families as categorized by the Unit 42 threat research team.
 

 

For example: 
network where dest.publicnetwork IN ('Suspicious IPs') and threat.source IN ( 'AF' ) AND threat.tag.group = 'Cryptominer'
Prisma Cloud Business Edition on Azure China
Start using the Prisma Cloud tenant in China to connect to your Azure China subscriptions and monitor the resources deployed in China.
Plugin Updates for scanning IaC templates
The GitHub plugin adds support for Terraform version 0.12 and enables you to include your Prisma Cloud credentials as part of the installation process.
The Visual Studio Code plugin adds support for Terraform version 0.12 and enables you to scan multiple files within a directory.
API Ingestion
 
  • GCP IAM Recommender, which is a part of the Google Recommendations service— 
    gcloud-iam-policy-recommendation-list
    Additional permissions required are 
    recommender.iamPolicyRecommendations.list
    .
 
  • Google API Key—
    gcloud-api-key
    Additional permissions required are 
    serviceusage.apiKeys.list
    .
    GCP has released this API as an alpha release. To use this API, you must be explicitly allowed access to the API from Google Cloud. Because Google Cloud does not provide an SLA for this alpha version, this API is also not bound by the terms of the Prisma Cloud SLA.
 
Saved Search Additions
Use the following Saved Search to easily create a policy and generate an alert if you want to check for:
 
  • AWS IAM user with unused Key management or System manager permissions
 
  • AWS IAM role which is not set with any permission boundaries or set with excessive permission boundary permissions
 
New Policy and Policy Updates
 
 
 
 
 
 
 
 
 
 
POLICY NAME
DESCRIPTION
AWS IAM roles with administrator access permissions
Identifies AWS IAM roles with administrator access privileges. Granting least privilege access is recommended as a security best practice.
AWS IAM groups with administrator access permissions
Identifies AWS IAM groups with administrator access privileges.
GCP SQL Server instance database flag 'cross db ownership chaining' is enabled
Identifies GCP SQL Server instances that are enabled for cross database ownership, so that you can assess the security implications of this setting.
GCP SQL Server instance database flag ‘contained database authentication’ is enabled
Identifies SQL Server instances that are enabled for contained database authentication, as this poses a security risk because control over access to the server is no longer limited to members of the system or security administrators.
Prisma Cloud Default Policies—No longer available
Due to the delay in generating the associated alerts, the following Prisma Cloud default policies are no longer available:
 
  • AWS Multiple Lambda Functions using same IAM role.
 
  • AWS Log metric filter and alarm does not exist for Security group changes.
 
These policies are being removed to optimize performance and to address the time to alert delays due to the large volume of data that these policies parse.
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
1 of 1
Last update:
3 weeks ago
Updated by:
 
Contributors