Prisma Cloud Release Notes For June 2, 2020

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Printer Friendly Page
Features Introduced on June 2, 2020
New Features
 
 
 
 
 
 
 
 
 
 
 
FEATURE
DESCRIPTION
Custom Header Support for Webhook Integration
To enable support for additional data such as the API key or access token of your application in a Webhook integration, Prisma Cloud supports key-value pairs in a custom header.
 

 

If you had previously set up a Webhook integration, the Auth Token you had configured is now sent as a custom header in the payload.
Business Unit Report on Open Alerts
To share a report on the status of your cloud assets and how they are doing against Prisma Cloud security and compliance policy checks, you can generate an on-demand or schedule a 
Business Unit Report
.
 

 

The report enables your business stakeholders to keep track of the total number of assets and how many of them have passed or failed against the enabled policies, and monitor how they’re doing on a regular basis.
You can opt to create a summary report which shows you how you’re doing across all your business units. The detailed report allows you to get more granular on each of the cloud account in the report.
GCP Seoul Region Support
Prisma Cloud can now monitor resources deployed in the Seoul region. To review the list of supported regions, use the 
Cloud Region
 filter on the 
Asset Inventory
.
 

 

API Ingestion
APIs to ingest the following services:
 
  • aws-organization-ou
    Additional permissions required are `organizations:ListChildren, organizations:listPoliciesForTarget, organizations:DescribeOrganizationalUnit`
 
  • aws-organization-account
    Additional permissions required are ‘organizations:listPoliciesForTarget, organizations:DescribeAccount, organizations:ListTagsForResource`
 
  • `aws-organization-root`
    Additional permissions required are `organizations:ListChildren, organizations:listPoliciesForTarget, organizations:listRoots`
 
  • aws-organizations-scp
    Additional permissions required are `organizations:ListChildren, organizations:ListPolicies, organizations:DescribePolicy,organizations:listPoliciesForTarget`
 
  • aws-organizations-tag-policy
    Additional permissions required are `organizations:ListChildren, organizations:ListPolicies, organizations:DescribePolicy,organizations:listPoliciesForTarget`
 
Ingesting Tags for AWS Resources
To enable filtering using tags in RQL, the following AWS APIs ingest tag information on your cloud resources:
 
  • aws-cloudtrail-describe-trails
 
  • aws-cloudwatch-describe-alarms
 
  • aws-describe-workspace-directories
 
  • aws-dynamodb-describe-table
 
  • The 
    cloudwatch:ListTagsForResource
     and 
    dynamodb:ListTagsOfResource
     permission is required to ingest tags for these services. See Update the CFT to enable the additional permissions.
    If you want to grant granular permissions manually:
     
  • Cloudtrail service requires ListTags
  •  
  • Dynamodb service requires ListTagsOfResource
  •  
  • Cloudwatch service requires ListTagsForResource
  •  
 
Saved Search Additions
Use the following 
Saved Searches
 to easily create a policy and generate an alert if you want to check for:
 
  • AWS IAM role with unused S3 buckets permissions_RL
 
  • AWS IAM user with unused S3 buckets permissions_RL
 
  • AWS IAM role with unused permissions_RL
 
  • AWS IAM user with unused permissions_RL
 
  • AWS EC2 instances with Marketplace AMI_RL
 
New Policies and Policy Updates
 
 
 
 
 
 
 
 
POLICY
DESCRIPTION
Anomaly Policies to Detect Network Evasion or Resource Misuse
Five new Anomaly policies are available to help you detect:
 
  • Ports or protocols that are not typically used on your network to provide or consume services.
    Unusual server port activity (Internal)
    —Identifies network activity from one (external or internal) client host to a server host inside your cloud environment, using a server port not previously seen in the VPC.
    Unusual server port activity (External)
    —Identifies network activity from a client host inside your cloud environment to an external server host, using a server port not previously seen in the VPC.
    Unusual protocol activity (Internal)
    —Identifies network activity from one (external or internal) client host to a server host inside your cloud environment, using an IP protocol not previously seen in the VPC.
    Unusual protocol activity (External)
    —Identifies network activity from a client host inside your cloud environment to an external server host, using an IP protocol not previously seen in the VPC.
 
  • Resource misuse by potential spam.
    Spambot activity
    —Identifies a host inside your cloud environment that is generating outbound SMTP traffic and for which no previous mail-related network activity has been observed. This instance may be compromised and sending out spam.
 
 

 

AWS MQ is publicly accessible
Identifies AWS MQ brokers that are publicly accessible from the internet. As a best practice, ensure that AWS MQ brokers are not accessible from the Internet to minimize security risks and exposure of sensitive data.
AWS MFA is not enabled on Root account
Identifies root accounts that do not enforce Multi Factor Authentication (MFA) on the AWS public cloud. Because root accounts have privileged access to all AWS services, enabling MFA reduces the risk of root accounts credentials being compromised.This policy does not apply to AWS GovCloud accounts because you cannot enable MFA on AWS GovCloud (US) root accounts.
Version history
Revision #:
2 of 2
Last update:
‎09-01-2020 12:57 PM
Updated by:
 
Contributors