on 04-01-2020 06:04 PM - edited on 09-01-2020 01:04 PM by kwadsack
FEATURES | DESCRIPTION |
Support for Multi-Tenant Demisto Deployments | When you enable the Demisto integration on Prisma Cloud, you can now add the tenant name of a Demisto instance that is a part of a multi-tenant deployment. |
API Ingestion Update | Prisma Cloud now ingests the following new services to help build Config queries for investigating and analyzing data:
|
POLICY | DESCRIPTION |
AWS Elastic Load Balancer v2 (ELBv2) with listener TLS/SSL is not configured | Identifies AWS Elastic Load Balancers v2 (ELBv2) that have TLS/SSL listener disabled, and therefore do not receive traffic over a secure channel with a valid SSL certificate. |
Ensure a log metric filter and alarm exist for Management Console sign-in without MFA | Monitors the AWS accounts that do not have a log metric filter and alarm for AWS management console authentication failures, when you do not have MFA enabled. |
AWS Log metric filter and alarm does not exist for usage of the root account | Identifies AWS accounts that do not have a log metric filter and alarm for monitoring the use of the privileged root account for login. |
Azure SQL server audit action groups in auditing policy are not set properly | Identifies Azure SQL servers that are not enabled with AuditActionGroups to capture critical activities performed on these servers. |
AWS CloudTrail logging is disabled | Identifies AWS CloudTrail for that do not maintain an audit trail of activities across different services. |
Policy Updates | The AWS Config Recording is disabled policy RQL is updated to include the count function. With this change, instead of generating an alert at the account level, the policy generates alerts for each region where AWS config recording is not enabled to detect changes to resource configuration.
The updated RQL is:
The following remediable policies have updates to the remediation CLI that require additional permissions:
The additional permissions required are: 'Microsoft.Web/sites/config/write', and 'Microsoft.Web/sites/write' |
For more information, please review the new features in the Prisma Cloud March 10, 2020 Release Notes in TechDocs.