on 08-26-2019 09:53 AM - edited on 09-01-2020 01:29 PM by kwadsack
FEATURE
|
DESCRIPTION
|
---|---|
Amazon GuardDuty Findings on IAM Users
|
To help you to find potential security issues —malicious activity and unauthorized behavior— that pertain to IAM Users who are identified in Amazon GuardDuty findings, you can now specify hostfinding.type = 'AWS GuardDuty IAM' in a Config RQL query.
|
Azure Network Security Group Rule Actions
|
To help you audit Network Security Groups (NSGs) directly from the RedLock console, the resource explorer and the network explorer display how Azure NSGs are configured to enforce traffic in your Azure environment.
To display the information on the Azure NSG rule, both the resource explorer and the network explorer, now have a new Action column, which indicates whether the NSG rule is set to Allow or Deny traffic.
|
API Ingestion Update
|
Prisma Cloud has improved coverage for the following API service that you can query using RQL:
The API aws-elasticbeanstalk-environment JSON is modified to include the response from the environment resources details in the describeEnvironmentResources field.
|
POLICY NAME
|
DESCRIPTION
|
---|---|
AWS EKS cluster control plane assigned to multiple security groups
|
Checks the number of security groups assigned to your AWS EKS cluster control plane and alerts if more than one security group is attached to the cluster.
|
AWS EKS cluster using the default VPC
|
Identifies AWS Kubernetes clusters which are configured with the default VPC instead of a custom VPC.
|
AWS EKS control plane logging disabled
|
Checks whether or not Kubernetes control plane logging for audit and diagnostic logs is enabled so that log data on your EKS cluster is directly written to CloudWatch Logs. This policy alerts you if logging is disabled.
|
AWS EKS cluster security group overly permissive to all traffic
|
Identifies security group rules that are attached to the cluster network and allow inbound traffic for all protocols from the public internet.
|
AWS EKS cluster endpoint access publicly enabled
|
Checks whether your Kubernetes cluster endpoint that enables the API server to communicate with all worker nodes within your cluster is publicly accessible. This policy alerts if you have not restricted public access to the Kubernetes cluster endpoint.
|
This information was adapted from a TechDocs article. For more information about the release notes or to view other release notes, please visit Features Introduced on June 22, 2019.