Prisma Cloud Release Notes For March 10, 2020

Printer Friendly Page

Features Introduced on March 10, 2020

 

 

New Features

FEATURES DESCRIPTION
Support for Multi-Tenant Demisto Deployments When you enable the Demisto integration on Prisma Cloud, you can now add the tenant name of a Demisto instance that is a part of a multi-tenant deployment.
API Ingestion Update Prisma Cloud now ingests the following new services to help build Config queries for investigating and analyzing data:
  • azure-sql-managed-instance
  • aws-elbv2-target-group
  • aws-apigateway-client-certificates

 

 

New Policies and Policy Updates

POLICY DESCRIPTION
AWS Elastic Load Balancer v2 (ELBv2) with listener TLS/SSL is not configured Identifies AWS Elastic Load Balancers v2 (ELBv2) that have TLS/SSL listener disabled, and therefore do not receive traffic over a secure channel with a valid SSL certificate.
Ensure a log metric filter and alarm exist for Management Console sign-in without MFA Monitors the AWS accounts that do not have a log metric filter and alarm for AWS management console authentication failures, when you do not have MFA enabled.
AWS Log metric filter and alarm does not exist for usage of the root account Identifies AWS accounts that do not have a log metric filter and alarm for monitoring the use of the privileged root account for login.
Azure SQL server audit action groups in auditing policy are not set properly Identifies Azure SQL servers that are not enabled with AuditActionGroups to capture critical activities performed on these servers.
AWS CloudTrail logging is disabled Identifies AWS CloudTrail for that do not maintain an audit trail of activities across different services.
Policy Updates The AWS Config Recording is disabled policy RQL is updated to include the count function. With this change, instead of generating an alert at the account level, the policy generates alerts for each region where AWS config recording is not enabled to detect changes to resource configuration.

The updated RQL is:
config where cloud.type = 'aws' AND api.name = 'aws-configservice-describe-configuration-recorders' AND json.rule = 'status.recording is true and status.lastStatus equals SUCCESS and recordingGroup.allSupported is true' as X; count(X) less than 1

 

The following remediable policies have updates to the remediation CLI that require additional permissions:

  • Azure App Service Web app authentication is off
  • Azure App Service Web app doesn't redirect HTTP to HTTPS
  • Azure App Service Web app doesn't use latest TLS version
  • Azure App Service Web app doesn't require Client Certs
  • Azure App Service Web app doesn't have a Managed Service Identity
  • Azure App Service Web app doesn't use HTTP 2.

The additional permissions required are: 'Microsoft.Web/sites/config/write', and 'Microsoft.Web/sites/write'

 

For more information, please review the new features in the Prisma Cloud March 10, 2020 Release Notes in TechDocs.

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎05-15-2020 04:42 PM
Updated by:
 
Contributors