Prisma Cloud Release Notes for May 9, 2019

Showing results for 
Search instead for 
Did you mean: 
Retired Member
Not applicable
Did you find this article helpful? Yes No
No ratings

New Features

RedLock Service in New Regions
Prisma Cloud is now available in the Australia & New Zealand (ANZ) region. You can select this region, when you sign up for the service from the AWS Marketplace or the Palo Alto Networks Marketplace. In addition, Prisma Cloud is also available on AWS GovCloud. You can request a RedLock tenant on AWS GovCloud, when you sign up for the service from the Palo Alto Networks Marketplace.
Operators in Event RQL
You can now use the operators Contains, Does not Contain, Exists, and Does not exist with Event RQL queries.
API Ingestion Update
The API aws-iam-get-policy-version is now updated to fetch unattached policies.
user Attribute Rename in Event RQL
user attribute in Event RQL is renamed to subject to represent both users and instances.
event where role = ’oktaDevReadWriteRole’ and subject = ’’
role Attribute in Event RQL
The new Event RQL attribute role" allows you to filter the search results by role.
Event where role = ’OktaDevReadWriteRole’
Support for Strings with Space Separators
You can now use RQL to search for strings that include white space as a separator. This capability helps you find values with space, such as in keys, key value pairs, or security groups. For example, if your key name is test 4081 and it has the value 
tag with space, use this query.
config where cloud.type = 'aws' AND = 'aws-ec2-describe-security-groups' AND json.rule = "tags[*] size greater than 0 and tags[?(@.key=='test 4081')].value contains \"tag with space\""
Network Alert Workflow Update
Prisma Cloud now automatically reopens any alerts for a Network policy violation that you had manually dismissed, in the event that the same policy is violated again.

Policy Updates

GCP Kubernetes cluster size contains less than 3 nodes
Checks the size of your cluster pools and alerts if there are fewer than 3 nodes in a pool.
GCP Kubernetes cluster Istio Config not enabled
Checks your cluster for the Istio add-on feature and alerts if it is not enabled.
GCP Kubernetes cluster not in redundant zones
Alerts if your cluster is not located in at least 3 zones.
GCP Kubernetes cluster Application-layer Secrets not encrypted
Checks your cluster for the Application-layer Secrets Encryption security feature and alerts if it is not enabled.
GCP Kubernetes cluster intra-node visibility disabled
Checks your cluster's intra-node visibility feature and generates an alert if it's disabled.
AWS SSM Parameter is not encrypted
Identifies the AWS SSM Parameters which are not encrypted.
AWS Cloudfront Distribution with S3 have Origin Access set to disabled
Identifies the AWS CloudFront distributions which are utilizing S3 bucket and have Origin Access Disabled.
AWS CloudFront Distributions with Field-Level Encryption not enabled
Identifies CloudFront distributions for which field-level encryption is not enabled.
This information was adapted from TechDocs. For more information about the release notes or to view other release notes, please visit Features Introduced on May 9, 2019.


Rate this article: