Prisma Cloud Release Notes For May 5, 2020

Printer Friendly Page

 

Features Introduced on May 5, 2020

 

New Features

FEATURE
DESCRIPTION
Network RQL supports IP address in a CIDR format
To help you monitor network traffic between VPCs or to a specific destination within a VPC, in a network query, you can search for IP addresses from the RFC 1918 address space using the CIDR format.
You can include a single IP address or a comma separated list of IP addresses in the CIDR format as the source or destination attribute within the query.
For example: 
network where source.ip = 10.144.0.0/16 AND dest.ip = 10.2.0.0/16
 or 
network where cloud.account = 'xyz' AND source.ip IN ( 10.2.2.0/24, 10.2.1.0/24 ) AND dest.ip = 10.2.0.0/24
 

 

Multiple Role Assignments for Prisma Cloud administrator
A System Administrator on Prisma Cloud can now assign up to five roles to any Prisma Cloud user, and set one role as the default role.
When a user with multiple roles logs in, she can change the default role assignment and switch between roles using the 
Profile
 drop-down.
 

 

With this change, when an administrator creates policies, saved searches, saved alert filters and recurring compliance reports without a cloud account selection, the objects are associated with the role assumed by the user instead of the user’s details.
ServiceNow Integration Support for Orlando
Prisma Cloud supports the ServiceNow Orlando release.
 

 

Beta
 Prisma Cloud Business Edition on Azure China
Prisma Cloud introduces the ability to use your Prisma Cloud tenant in China to connect to your Azure China subscriptions and monitor the resources deployed in China.
Please reach out to your account team if you'd like to participate in the beta.
Cloud Account Owner for Azure Subscriptions
When Prisma Cloud detects an issue with an Azure subscription, you can view the cloud account owner information for the subscription. This information is refreshed every 24 hours, and you can use it to contact the account owner directly for any issues related to the subscription.
After you onboard your Azure subscription, the name of the account owner displays in the new 
Cloud Account Owner
 column on 
Settings
Cloud Accounts
.
 

 

Prisma Cloud DevOps Security Enhancements
Centralization of Run and Build Phase Configuration Policies
The Prisma Cloud administrator console is a single pane where you can view all configuration policies that are pertinent to the build and run phases of your application development lifecycle.
On the 
Policies
 page, you can also create custom policy for scanning Kubernetes, Terraform, or CloudFormation Templates in the build phase, and define the JSON query to build the rule. Optionally, you can include the details on how to fix the issue when a policy violation occurs. 
 

 

Terraform 0.12 Support for IaC Scan
Prisma Cloud IaC scan adds support for Terraform 0.12 including multiple modules, variable files, and external variables.
New
 Prisma Cloud GitLab plugins (IaC scan only)
The Prisma Cloud GitLab extension for SCM and CI/CD enable you to scan your files, review any potential security issues, fix and validate code before you check it in to your source control repository or integrate it in your CI/CD pipeline.
 
 
 

Policy Updates

POLICY
DESCRIPTION
GCP MySQL instance with local_infile database flag is not disabled.
Identifies MySQL instances in which local_infile database flag is not disabled. This flag controls the server-side LOCAL capability for LOAD DATA statements. When enabled, the server permits clients to load local data.
GCP PostgreSQL instance with log_checkpoints database flag is disabled.
Identifies PostgreSQL instances in which log_checkpoints database flag is disabled. When the flag is disabled, the server log does not record checkpoints and restart points.
GCP PostgreSQL instance database flag log_connections is disabled.
Identifies PostgreSQL type SQL instances for which the log_connections database flag is disabled. PostgreSQL does not log attempted connections by default. Enabling the log_connections setting creates log entries for each attempted connection as well as successful completion of client authentication and help with troubleshooting issues and identifying unusual connection attempts to the server.
GCP PostgreSQL instance database flag log_disconnections is disabled.
Identifies PostgreSQL type SQL instances for which the log_disconnections database flag is disabled. Enabling the log_disconnections setting will create log entries at the end of each session and help you audit unusual activity.
GCP PostgreSQL instance database flag log_lock_waits is disabled.
Identifies PostgreSQL database instances in which database flag log_lock_waits is not set. Enabling the flag helps identify poor performance due to locking delays or resource starvation caused by specially-crafted SQL.
Policy Updates
The AWS Cloudtrail API 
aws-cloudtrail-describe-trails
 is updated to list the cloud account name when used with the 
count (x)
 function.
With this change, if you have created custom policies that use the count function such as 
config where api.name = aws-cloudtrail-describe-trails' count(X) less than 1
, all open alerts that were previously generated will be resolved and only one new alert will be generated for each cloud account. The new alert will include the cloud account name.
 
For 
aws-iam-list-roles
, Prisma Cloud retrieves data on the 
permissionBoundary
 , and you can use it as part of the json.rule attribute to view the maximum permissions for a role/user as defined in IAM policy.
Example: 
config where api.name = 'aws-iam-list-roles' AND json.rule = role.permissionsBoundary.permissionsBoundaryArn exists 
and view the details on the Investigate page
 

 

Please reach out to your account team if you'd like to use this feature.
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
3 weeks ago
Updated by:
 
Contributors