Prisma Cloud Release Notes October 2, 2019

Showing results for 
Search instead for 
Did you mean: 
L3 Networker
Did you find this article helpful? Yes No
No ratings

Features Introduced on October 2, 2019


New Features

Cloud Security Alliance (CSA) Compliance Standards Support

Prisma Cloud adds support for Cloud Security Alliance: Cloud Controls Matrix (CCM) Version 3.0.1 for AWS, Azure and GCP. CSA is an organization that ensures security, trust and assurance to promote the use of best practices and regulations to effectively manage cloud-specific security controls. This standard includes 136 policies—136 for AWS, 41 for GCP, 30 for Azure.


Azure Key Vault Configuration Checks The Azure Key Vault configuration checks have been updated to retrieve more information so that you can define custom policy for Azure Key Vault certificates that check for:
  • Maximum validity period
  • Status of the reuse key on renewal
  • Exportable private key
  • Key type and key size


Support for Monitoring Resources on Azure Government.

To help government agencies adopt a cloud-first approach and meet the security-related objectives, Prisma Cloud now supports Azure Government Cloud across the following Azure Government regions
  • Azure Gov Virginia (US)
  • Azure Gov Iowa (US)
  • Azure Gov Texas (US)
  • Azure Gov Arizona (US)


Temporary Alert Dismissal

Instead of completely dismissing an alert, with this enhancement you can now snooze open alerts for a specified duration of time. On Alerts > Overview, you can use the Alert Status filter to find Snoozed alerts. After the specified time period, the alert is automatically reopened or resolved depending on whether or not the underlying violation is addressed. 

Prisma Cloud Snooze AlertsPrisma Cloud Snooze Alerts


New Role—Account and Cloud Provisioning Admin.

This new role combines the permissions available for the Cloud Admin and the Account Group Admin to enable administrators who are responsible for adding and managing designated accounts. With this role, in addition to being able to onboard cloud accounts, the administrator can access the dashboard, manage the security policies, investigate issues, view alerts and compliance details for the designated accounts only. View permissions associated with this role on Settings > Roles > +Add New.

Prisma Cloud Admin View PermissionsPrisma Cloud Admin View Permissions


Remediable Policies for Azure Security Center

15 Prisma Cloud default policies for Azure Security Center now include CLI for auto-remediation; only the Azure Security Center default policies that require a contact email address or phone number are not remediable. If Prisma Cloud is set up with the required read-write permissions, any alert rules that are enabled to auto-remediate and include these policies will automatically remediate new alerts that are generated after this Prisma Cloud update. 

Prisma Cloud ASC Remediable PoliciesPrisma Cloud ASC Remediable Policies


New CLI Variables for Custom Policy

When you create a policy you have two new CLI variables to enable auto-remediation. The GCP Zone ${gcpZoneId} and Azure Scope ${azureScope} variables enable you to specify the GCP zone or Azure scope to indicate the node within the Azure resource hierarchy in which the resource is deployed. 

Available CLI VariablesAvailable CLI Variables


API Ingestion Updates

Prisma Cloud has added coverage for the API:

GCP App Engine—gcloud-app-engine-firewall-rule

AWS ActiveMQ—aws-mq-broker


For more information, see more release notes in Technical Documentation for Prisma Cloud.

Rate this article: