on 07-24-2020 01:46 AM - edited on 09-01-2020 12:56 PM by kwadsack
FEATURE
|
DESCRIPTION
|
---|---|
Threat Source and Unit 42 tags in Network RQL
|
In Network RQL, you can now filter for search results based on threat source, such as AutoFocus or Facebook ThreatExchange.
threat.tag.group
that reference genre for malware families as categorized by the Unit 42 threat research team.
network where dest.publicnetwork IN ('Suspicious IPs') and threat.source IN ( 'AF' ) AND threat.tag.group = 'Cryptominer'
|
Prisma Cloud Business Edition on Azure China
|
Start using the Prisma Cloud tenant in China to connect to your Azure China subscriptions and monitor the resources deployed in China.
|
Plugin Updates for scanning IaC templates
|
The GitHub plugin adds support for Terraform version 0.12 and enables you to include your Prisma Cloud credentials as part of the installation process.
The Visual Studio Code plugin adds support for Terraform version 0.12 and enables you to scan multiple files within a directory.
|
API Ingestion
|
|
Saved Search Additions
|
Use the following Saved Search to easily create a policy and generate an alert if you want to check for:
|
POLICY NAME
|
DESCRIPTION
|
---|---|
AWS IAM roles with administrator access permissions
|
Identifies AWS IAM roles with administrator access privileges. Granting least privilege access is recommended as a security best practice.
|
AWS IAM groups with administrator access permissions
|
Identifies AWS IAM groups with administrator access privileges.
|
GCP SQL Server instance database flag 'cross db ownership chaining' is enabled
|
Identifies GCP SQL Server instances that are enabled for cross database ownership, so that you can assess the security implications of this setting.
|
GCP SQL Server instance database flag ‘contained database authentication’ is enabled
|
Identifies SQL Server instances that are enabled for contained database authentication, as this poses a security risk because control over access to the server is no longer limited to members of the system or security administrators.
|
Prisma Cloud Default Policies—No longer available
|
Due to the delay in generating the associated alerts, the following Prisma Cloud default policies are no longer available:
These policies are being removed to optimize performance and to address the time to alert delays due to the large volume of data that these policies parse.
|