Prisma Cloud Release Notes for June 6, 2019

Retired Member · ‎08-26-2019

New Features

FEATURE	DESCRIPTION
Just-In-Time Provisioning for SSO Users	To successfully access the RedLock service using Single Sign-on (SSO), every user (administrator) requires a local account on Prisma Cloud. With Just-In-Time (JIT) Provisioning, you no longer are required to create the user in advance on Prisma Cloud. After successful authentication with your SSO Identity Provider (IdP), users are now automatically provisioned on Prisma Cloud with the specified role. From Settings SSO, Enable JIT Provisioning and specify the SAML attributes you configured for your users on your IdP.
Coverage for Azure Container Registry Webhooks and Azure App Service Authentication	When you onboard your Azure subscriptions to Prisma Cloud, you can now ingest additional information from the Azure Container Registry webhooks and the Azure App Service to provide more visibility and context. Create a custom role or modify an existing role to include the following permissions: Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig/action— To ingest data from Azure Container Registry webhooks that are triggered when a container image or Helm chart is pushed to a registry, or deleted from it. Microsoft.Web/sites/config/list/action— To ingest Authentication/Authorization data from Azure App Service that hosts websites and web applications. This custom role is required in addition to the Reader Role, which is adequate to ingest configuration data from the Azure App Service.
Bypass DNS Resolution for SAML	If you have deployed your IdP on an internal network, and do not need a DNS look up for the URLs defined on the SSO configuration settings, you can now disable it. To disable DNS look ups, clear the Enforce DNS resolution for RedLock Access SAML on Settings > SSO.
New API Ingestion	Prisma Cloud adds coverage for the following new services that you can use in RQL: GCP—gcloud-compute-target-https-proxies AWS—aws-rds-db-clusters

API Ingestion Updates

API	DETAILS ON THE UPDATES
aws-iam-get-policy-version	aws-iam-get-policy-version API is modified to lists all IAM users, groups, and roles that the specified managed policy is attached to. With this change, this API now retrieves information about managed policies along with all IAM users, groups, and roles attached to the policies.
aws-rds-db-cluster-snapshots	The aws-rds-db-cluster-snapshots API now includes a new JSON field dbclusterSnapshotAttributes that provides information the attributes in an RDS database cluster snapshot.
aws-kms-get-key-rotation-status	The aws-kms-get-key-rotation-status API now includes a new JSON field policies. With this change, this API now retrieves KMS key rotation status along with the list of policies associated with the key.
aws-ecr-get-repository-policy	The aws-ecr-get-repository-policy is updated to include the IAM policy statement, which provides information on the operations performed on the ECR resource. With this change the JSON structure is fully revised.
aws-sqs-get-queue-attributes	The aws-sqs-get-queue-attributes is updated to include the policy statement, which provides information on the operations performed on the SQS resource. With this change the JSON structure is fully revised.

This information was adapted from a TechDocs article. For more information about the release notes or to view other release notes, please visit Features Introduced on June 6, 2019.