FEATURE
|
DESCRIPTION
|
---|---|
Just-In-Time Provisioning for SSO Users
|
To successfully access the RedLock service using Single Sign-on (SSO), every user (administrator) requires a local account on Prisma Cloud. With Just-In-Time (JIT) Provisioning, you no longer are required to create the user in advance on Prisma Cloud. After successful authentication with your SSO Identity Provider (IdP), users are now automatically provisioned on Prisma Cloud with the specified role. From Settings SSO, Enable JIT Provisioning and specify the SAML attributes you configured for your users on your IdP.
|
Coverage for Azure Container Registry Webhooks and Azure App Service Authentication
|
When you onboard your Azure subscriptions to Prisma Cloud, you can now ingest additional information from the Azure Container Registry webhooks and the Azure App Service to provide more visibility and context.
|
Bypass DNS Resolution for SAML
|
If you have deployed your IdP on an internal network, and do not need a DNS look up for the URLs defined on the SSO configuration settings, you can now disable it. To disable DNS look ups, clear the Enforce DNS resolution for RedLock Access SAML on Settings > SSO.
|
New API Ingestion
|
Prisma Cloud adds coverage for the following new services that you can use in RQL:
|
API
|
DETAILS ON THE UPDATES
|
---|---|
aws-iam-get-policy-version
|
aws-iam-get-policy-version API is modified to lists all IAM users, groups, and roles that the specified managed policy is attached to. With this change, this API now retrieves information about managed policies along with all IAM users, groups, and roles attached to the policies.
|
aws-rds-db-cluster-snapshots
|
The aws-rds-db-cluster-snapshots API now includes a new JSON field
dbclusterSnapshotAttributes that provides information the attributes in an RDS database cluster snapshot.
|
aws-kms-get-key-rotation-status
|
The aws-kms-get-key-rotation-status API now includes a new JSON field
policies. With this change, this API now retrieves KMS key rotation status along with the list of policies associated with the key.
|
aws-ecr-get-repository-policy
|
The aws-ecr-get-repository-policy is updated to include the IAM policy statement, which provides information on the operations performed on the ECR resource. With this change the JSON structure is fully revised.
|
aws-sqs-get-queue-attributes
|
The aws-sqs-get-queue-attributes is updated to include the policy statement, which provides information on the operations performed on the SQS resource. With this change the JSON structure is fully revised.
|
This information was adapted from a TechDocs article. For more information about the release notes or to view other release notes, please visit Features Introduced on June 6, 2019.