Prisma Cloud Release Notes For June 16, 2020


ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Printer Friendly Page


Features Introduced on June 16, 2020




New Features
Threat Source and Unit 42 tags in Network RQL
In Network RQL, you can now filter for search results based on threat source, such as AutoFocus or Facebook ThreatExchange.


And for AutoFocus, you can further query for specific tag groups using
 that reference genre for malware families as categorized by the Unit 42 threat research team.


For example: 
network where dest.publicnetwork IN ('Suspicious IPs') and threat.source IN ( 'AF' ) AND = 'Cryptominer'
Prisma Cloud Business Edition on Azure China
Start using the Prisma Cloud tenant in China to connect to your Azure China subscriptions and monitor the resources deployed in China.
Plugin Updates for scanning IaC templates
The GitHub plugin adds support for Terraform version 0.12 and enables you to include your Prisma Cloud credentials as part of the installation process.
The Visual Studio Code plugin adds support for Terraform version 0.12 and enables you to scan multiple files within a directory.
API Ingestion
  • GCP IAM Recommender, which is a part of the Google Recommendations service— 
    Additional permissions required are 
  • Google API Key—
    Additional permissions required are 
    GCP has released this API as an alpha release. To use this API, you must be explicitly allowed access to the API from Google Cloud. Because Google Cloud does not provide an SLA for this alpha version, this API is also not bound by the terms of the Prisma Cloud SLA.
Saved Search Additions
Use the following Saved Search to easily create a policy and generate an alert if you want to check for:
  • AWS IAM user with unused Key management or System manager permissions
  • AWS IAM role which is not set with any permission boundaries or set with excessive permission boundary permissions
New Policy and Policy Updates
AWS IAM roles with administrator access permissions
Identifies AWS IAM roles with administrator access privileges. Granting least privilege access is recommended as a security best practice.
AWS IAM groups with administrator access permissions
Identifies AWS IAM groups with administrator access privileges.
GCP SQL Server instance database flag 'cross db ownership chaining' is enabled
Identifies GCP SQL Server instances that are enabled for cross database ownership, so that you can assess the security implications of this setting.
GCP SQL Server instance database flag ‘contained database authentication’ is enabled
Identifies SQL Server instances that are enabled for contained database authentication, as this poses a security risk because control over access to the server is no longer limited to members of the system or security administrators.
Prisma Cloud Default Policies—No longer available
Due to the delay in generating the associated alerts, the following Prisma Cloud default policies are no longer available:
  • AWS Multiple Lambda Functions using same IAM role.
  • AWS Log metric filter and alarm does not exist for Security group changes.
These policies are being removed to optimize performance and to address the time to alert delays due to the large volume of data that these policies parse.
Tags (6)
Version history
Revision #:
2 of 2
Last update:
‎09-01-2020 12:56 PM
Updated by: