Prisma Cloud Release Notes October 2, 2019

Printer Friendly Page

Features Introduced on October 2, 2019

 

New Features

FEATURE DESCRIPTION
Cloud Security Alliance (CSA) Compliance Standards Support

Prisma Cloud adds support for Cloud Security Alliance: Cloud Controls Matrix (CCM) Version 3.0.1 for AWS, Azure and GCP. CSA is an organization that ensures security, trust and assurance to promote the use of best practices and regulations to effectively manage cloud-specific security controls. This standard includes 136 policies—136 for AWS, 41 for GCP, 30 for Azure.

 

Azure Key Vault Configuration Checks The Azure Key Vault configuration checks have been updated to retrieve more information so that you can define custom policy for Azure Key Vault certificates that check for:
  • Maximum validity period
  • Status of the reuse key on renewal
  • Exportable private key
  • Key type and key size

 

Support for Monitoring Resources on Azure Government.

To help government agencies adopt a cloud-first approach and meet the security-related objectives, Prisma Cloud now supports Azure Government Cloud across the following Azure Government regions
  • Azure Gov Virginia (US)
  • Azure Gov Iowa (US)
  • Azure Gov Texas (US)
  • Azure Gov Arizona (US)

 

Temporary Alert Dismissal

Instead of completely dismissing an alert, with this enhancement you can now snooze open alerts for a specified duration of time. On Alerts > Overview, you can use the Alert Status filter to find Snoozed alerts. After the specified time period, the alert is automatically reopened or resolved depending on whether or not the underlying violation is addressed. 

Prisma Cloud Snooze AlertsPrisma Cloud Snooze Alerts

 

New Role—Account and Cloud Provisioning Admin.

This new role combines the permissions available for the Cloud Admin and the Account Group Admin to enable administrators who are responsible for adding and managing designated accounts. With this role, in addition to being able to onboard cloud accounts, the administrator can access the dashboard, manage the security policies, investigate issues, view alerts and compliance details for the designated accounts only. View permissions associated with this role on Settings > Roles > +Add New.

Prisma Cloud Admin View PermissionsPrisma Cloud Admin View Permissions

 

Remediable Policies for Azure Security Center

15 Prisma Cloud default policies for Azure Security Center now include CLI for auto-remediation; only the Azure Security Center default policies that require a contact email address or phone number are not remediable. If Prisma Cloud is set up with the required read-write permissions, any alert rules that are enabled to auto-remediate and include these policies will automatically remediate new alerts that are generated after this Prisma Cloud update. 

Prisma Cloud ASC Remediable PoliciesPrisma Cloud ASC Remediable Policies

 

New CLI Variables for Custom Policy

When you create a policy you have two new CLI variables to enable auto-remediation. The GCP Zone ${gcpZoneId} and Azure Scope ${azureScope} variables enable you to specify the GCP zone or Azure scope to indicate the node within the Azure resource hierarchy in which the resource is deployed. 

Available CLI VariablesAvailable CLI Variables

 

API Ingestion Updates

Prisma Cloud has added coverage for the API:

GCP App Engine—gcloud-app-engine-firewall-rule

AWS ActiveMQ—aws-mq-broker

 

For more information, see more release notes in Technical Documentation for Prisma Cloud.

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
4 of 4
Last update:
‎05-15-2020 04:36 PM
Updated by:
 
Contributors