Prisma Cloud Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
The /tmp directory is a critical system directory used for temporary storage by various users and applications. As a world-writable directory, it provides a shared space for files that are created and used by different processes during their execution. However, because of its open-write nature, the /tmp directory can pose security risks, if not properly configured.
View full article
In today's digital landscape, webshell attacks pose a significant security threat to organizations worldwide. These attacks involve the deployment of malicious scripts on a web server, allowing attackers to: Gain unauthorized access Execute commands Manipulate server resources   Webshells can be exploited for various malicious activities, such as data theft, system compromise, and further infiltration into an organization's network.   As web applications evolve in complexity, so do the techniques used in these attacks. Traditional security measures often fall short in detecting webshells due to their ability to blend in with legitimate web traffic and their minimal footprint on the server. Therefore, proactive detection and quick response are essential to mitigate these threats.
View full article
After being named a Leader in 2024 for the fifth consecutive year in the Gartner® Magic Quadrant™ for Cloud AI Developer Services, Azure AI is positioned at the forefront of empowering customers on their generative AI journey, offering a wide variety of models (such as OpenAI, Phi-3, Meta), models dedicated to sectors such as healthcare, as well as an Unified AI development platform (Azure AI Studio) to help developers accelerate the development of production-ready copilots.   Given the rise of this service, in this document, we aim to explore how Prisma Cloud AI-SPM can help customers in discovering Azure AI resources to effectively detect and prioritize AI risks.
View full article
Effective risk prioritization and vulnerability management are essential for securing modern cloud-native environments. Prisma Cloud offers robust features that help organizations assess, prioritize, and mitigate vulnerabilities using contextual insights. This article outlines key strategies and workflows for leveraging Prisma Cloud's risk factors, focusing on optimizing vulnerability remediation efforts.Risk prioritization in vulnerability management is achieved by combining environmental context and Common Vulnerabilities and Exposures (CVE) risk factors, enabling organizations to focus on the most critical threats.   Prisma Cloud provides two categories of risk factors—CVE risk factors and Environmental risk factors—to identify and address vulnerabilities. These factors enable SecOps teams to assess vulnerabilities' potential impact and prioritize remediation based on the actual risk to their environment.
View full article
Integrating Prisma Cloud with Azure Sentinel enables you to centralize and analyze security data from your Prisma Cloud environment within Azure Sentinel. This integration provides advanced threat detection, security monitoring, and incident response capabilities by forwarding Prisma Cloud findings (Only Audit Incidents) to Azure Sentinel. The process is streamlined through the use of a Data Connector, which allows Prisma Cloud Audit Incidents to be ingested and correlated with other security data within Sentinel.
View full article
Prisma Cloud agentless scanning is initially configured in the same account scanning architecture. In this article, we describe an alternative approach as customers might prefer the hub and target account scanning architecture.   
View full article
The Prisma Cloud Darwin release enables you to utilize out of the box dashboards as well as custom dashboards. With the capabilities to track and monitor your cloud security posture ranging from vulnerabilities to compliance. In this article, we will discuss the existing OOTB dashboards and the capability of creating custom dashboards in Prisma Cloud.
View full article
This document goes over how to configure Azure RBAC providing fine-grained access to Azure Resources and visibility in Prisma Cloud.   With Azure RBAC, you can create a role definition that outlines the permissions to be applied to Prisma Cloud app registrations. This article specifically addresses the application of Azure RBAC predefined roles to manage access to Azure resources.    Azure Resources offers two authorization systems such as Azure Role Based Access Control and an access policy model.    Azure RBAC has several built-in roles you can assign to service principals and managed identities.    Azure Resources authorized by access policy model  Azure Resources authorized by Azure RBAC (Recommended Authorization)   The Prisma Cloud role created for Azure ingestion with Terraform currently utilizes the access policy module, requiring the addition of permissions one at a time. Azure recommends leveraging role-based Azure RBAC, which enables configuring permissions for Prisma Cloud using pre-defined Azure roles containing a set of permissions. With Azure RBAC, any updates to the role's permissions automatically apply without the need for manual adjustments.
View full article
Prisma Cloud allows you to create policies to ensure that your Cloud Security Posture Management is in compliance with best practices and the needs of your organization.  These policies create alerts which need to be evaluated and also indicate which cloud objects need to be updated to be in compliance.    Managing these alerts is a task that many organizations find difficult as the number of alerts increases. Prisma Cloud allows you to define an auto-remediation to correct certain alerts.  However, oftentimes an organization requires much more customization and integration with other tools that they are using.    This article describes how to increase your alert automation and integrate with other tools by using a security orchestration, automation, and response (SOAR) platform from Palo Alto Networks.
View full article
Event Assisted Ingestion is an enhancement that is intended to reduce the number of API calls. It helps to make the API call only if the resource configuration is changed. Prisma Cloud will listen to any changes on the resources we support and it calls the corresponding API to sync the details for the resource between the cloud and itself.   Prisma Cloud leverages Amazon EventBridge to receive audit logs in near real-time, thus allowing Prisma Cloud to reduce the total number of API calls and total time to alert.
View full article
The Prisma Cloud image analysis sandbox lets you dynamically analyze the runtime behavior of images before running them in your development and production environments. This article will walk you through the installation, execution, and analysis of the results of a sample image using the image analysis sandbox features of Prisma Cloud.
View full article
Prisma Cloud allows you to create policies to ensure that your Cloud Security Posture Management is in compliance with best practices and the needs of your organization.  These policies create alerts which need to be evaluated and also indicate which cloud objects need to be updated for compliance.    Managing these alerts is a task that many organizations find difficult as the number of alerts increases. Prisma Cloud allows you to define an auto-remediation to correct certain alerts.  However, oftentimes an organization requires much more customization and integration with other tools that they are using.   This article continues on from the previous article “Enhanced Alert Remediation” using XSOAR via CSPM, building on the concepts introduced in that article.     This article will dive into post-integration of Prisma Cloud alerts to Cortex XSOAR incidents (where we discussed how to integrate Prisma Cloud to Cortex XSOAR), and how playbooks can be used to not only help remediate, but create an organized flow on how these violations should be delegated.
View full article
Identity and Access Management (IAM) refers to the processes and tools for managing user access to resources and enforcing security policies. IAM is crucial for securing the modern enterprise as it enables organizations to control who can access what resources. By enforcing strong IAM policies, companies can enforce the principle of least privilege, meaning users and resources are only granted minimum permissions necessary to perform their jobs. This minimizes the horizontal scaling of security attacks in the event of compromised credentials.    Prisma Cloud offers capabilities to embed IAM into the software delivery lifecycle. It can scan infrastructure-as-code for misconfigurations and enforce least privilege during deployment. Additionally, Prisma Cloud can monitor permissions at runtime and alert on anomalies that indicate privilege creep or excessive permissions. By leveraging the CIEM module within Prisma Cloud, organizations can confidently monitor access while minimizing risk.   This article will provide RQLs to create sample policies based on IAM requirements, as well as demonstrate how a simple IAM RQL can be continually extended to add additional IAM functionality. 
View full article
The Prisma Cloud Asset Inventory Dashboard provides up-to-date information on all cloud assets from various cloud types that Prisma Cloud monitors in a centralized dashboard. You can use the Inventory dashboard to manage your applications, assets, compute workloads, and data.   The Prisma cloud asset inventory enables customers to perform the following: Analyze changes to resources  Review access Identify vulnerabilities, findings, and attack path situations Provide risk mitigation directives Improve operational efficiency   Centralizing the visibility of cloud assets will eliminate manual effort and allow teams to focus on more important tasks. 
View full article
“Auto Create Account Groups” is a useful feature for managing a large number of GCP projects and folders.    If there are various teams creating folders and projects in your organization, it makes sense to have separate account groups for each team, and create separate alert rules based on the account groups. This will help maintain alert isolation for each team and make it manageable for taking proactive actions to mitigate those alerts.    In this article, we would like to illustrate an example using a GCP account with nested folders and projects in a GCP Organization. The name of the GCP Organization is “example.world” 
View full article
If you have ever wondered whether you can use APIs to unlock the full potential of Prisma Cloud's data, you are in the right place. This article explores how to connect securely, navigate the available endpoints, and most importantly, extract crucial information about your cloud environment through the understanding of the core components of Prisma Cloud API. By the end of this article, you will have a solid understanding of how to take advantage of Prisma Cloud’s API to enhance your visibility into your organization's cloud security posture. 
View full article
In this article, we show you how to  Configure Azure VM Image scanning, including the process of configuring permissions on Azure Portal and the CLI. We covered supported Azure Image types for VM image scanning, Creating the service account with necessary permissions. Configuring Azure cloud account with a service account and Configuring VM image scan.
View full article
An "Attack Path" refers to a sequence of steps or a series of vulnerabilities and misconfigurations that an attacker exploits to achieve their malicious objectives within a cloud environment. 
View full article
  • 44 Posts
  • 290 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Labels
Top Contributors
Top Liked Authors