Prisma Cloud Release Notes For November 6, 2019

Printer Friendly Page

Features Introduced on November 6, 2019

 

New Features

FEATURE DESCRIPTION
Prisma Cloud on the GCP Marketplace

You can now purchase or try the Prisma Cloud service from the GCP Marketplace. The ability to launch Prisma Cloud from the GCP Marketplace, along with the VM-Series firewall and Panorama, enable you to use API-based and inline enforcement to protect and manage your resources deployed on the Google Cloud Platform.

Prisma Cloud GCP MarketplacePrisma Cloud GCP Marketplace

Left Navigation Menu

(November 11, 2019 release) The navigation bar on the Prisma Cloud user interface moved to the left.

Prisma Cloud Left NavigationPrisma Cloud Left Navigation

Anomaly Policies for Network Reconnaissance Detection

Anomaly policies have a new category for detecting Network Reconnaissance activity. This category includes four new Prisma Cloud default policies to help you identify port scan and port sweep attempts on cloud resources. Of the four new policies, the two policies for monitoring external port scan and port sweep activities are disabled by default, and the two policies for monitoring internal port scan and port sweep activities are enabled by default.

Prisma Cloud Anomaly Policies NetworkPrisma Cloud Anomaly Policies Network

Prisma Cloud Integration with Demisto

To help your security teams with the best incident management and automated workflows, Prisma Cloud integrates with Demisto, the Security Operations and Automated Response tool.

With this push-based integration, you can send Prisma Cloud alerts to Demisto and enable multi-step automated remediation workflows using playbooks.

Azure CIS v1.1 Support The Azure CIS v1.0 compliance standard on Prisma Cloud is updated for v1.1, and includes policy updates that check for compliance with the requirements and sections in v1.1.
Support for SOC2 compliance standard on Azure and GCP Added new policies to enable SOC2 compliance checks on Azure and Google Cloud Platform.
Custom Source Type for Splunk HEC You can now set up a custom source type to identify Prisma Cloud alerts sent to the Splunk HTTP Event Collector (HEC). When you specify a string on Prisma Cloud, it will override what you define on the Splunk HEC.
IP Address Whitelist for Accessing Prisma Cloud Administrative Console

To restrict access to the Prisma Cloud administrator console and API, you can now whitelist the IP addresses or CIDR ranges that are permitted to access the management interfaces.

A maximum of 500 IP addresses or 10 CIDR block entries are allowed.

RQL Enhancement to Find a Specific Resource by Name

With the api.name attribute, you can now use a new group by operator to find whether an object exists within a result set. For example, to verify if a specific Azure resource group is deployed within the Azure subscriptions that are monitored by Prisma Cloud, you can use the following RQL:

config where cloud.type = 'azure' AND api.name = 'azure-resource-group' group by account as X; filter ' name is not member of (shanna-rg,shanna-resource-group)' ;

The query aggregates a list of all resource groups and displays those subscriptions that are not included in the specified resource groups.

Prisma Cloud RQL Aggregate OperatorPrisma Cloud RQL Aggregate Operator

And you can use this RQL to create a custom policy to generate alerts when a policy violation is detected.

API Ingestion

Prisma Cloud now ingests the following new services to help build Config queries for investigating and analyzing data:

  • gcloud-app-engine-application
  • gcloud-organization-iam-policy
  • azure-network-firewall
  • azure-postgresql-server

 

 

Policy Updates

POLICY DESCRIPTION
Azure Storage Accounts ensure default network access rule for Storage Accounts is set to deny Identifies storage accounts that accept connections from clients on any network.
Azure Storage ensure 'Trusted Microsoft Services' is enabled for Storage Account access Verifies if Trusted Microsoft Services are granted access to storage accounts; these services bypass the network rules but are granted access with strong authentication mechanisms.
Azure App Service web app does not redirect all HTTP traffic to HTTPS Identifies whether your Azure App service is configured with a URL rewrite rule to redirect all HTTP requests to use HTTPS.
Azure App Services web app authentication is off Checks if Azure App services is enabled to prevent anonymous HTTP requests from reaching the API app, or is set up to authenticate requests that have tokens before they reach the API app.
Azure App Service web app doesn't use latest TLS Checks that Azure App service web app uses TLS v1.2.
Azure App Service web app doesn't require client certificates Checks that the App service is configured to request client certificates for incoming requests.
Azure App Service web app doesn't have a Managed Service Identity Checks that the App service is configured to use a Managed Service Identify to connect securely to other apps and does not store secrets in the app.
Azure App Service web app doesn’t use latest .Net Core version Checks for the best practice for using the latest .Net Core version. Python, PHP, Java version.
Azure App Service web app doesn’t use latest Python version  
Azure App Service web app doesn’t use latest PHP version  
Azure App Service web app doesn't use latest Java version  
Azure Key Vault is not recoverable Checks if your Azure Key Vault is not enabled for Do not purge and soft delete functions, to prevent loss of encrypted data including storage accounts, SQL databases, and/or dependent services provided by key vault objects.
Azure Security Center policies Phone number for Security contact is not set in Security Center
Security contact emails is not set in Security Center
Send email also to subscription owners is set to OFF in Security Center
Send me emails about alerts is set to OFF in Security Center
Standard pricing tier is not selected in Security Center
Tags (5)
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
4 of 4
Last update:
‎05-15-2020 04:38 PM
Updated by:
 
Contributors