Throughout the security lifecycle of an application or cloud environment it is important to be able to understand the tools available to each security professional. One of the best tools for any security professional to be able to use is scripting. Scripting allows one to create a program that automates an individual task and, when coupled with the Prisma Cloud Compute Workload Protection Platform (CWPP), you can effectively complete your use cases with ease. All that it takes to create a script is an understanding of the tools available to you, practice, and studying the available documentation of API calls that can interface with your scripting program.
Through the CWPP API and this article, you will be able to begin to establish a new way to be able to solve your company’s problems while enhancing your available tools in problem solving. In this article, we are utilizing a SaaS CWPP console for the examples and a text editor which can save text files for scripting along with a linux command line available in MacOS terminal or in Windows with Subsystem for Linux.
When interacting with a command line, you can type directly into the command prompt. As an example, to help those of you who have not yet worked with a Linux command line, you can navigate to different directories using the “cd” or ‘current directory’ command. You can determine the path to your current directory by typing “pwd,” or ‘print working directory’, and you can list the files in the current directory using “ls”.
Incident response is a daily problem to solve in cybersecurity. Bad actors are constantly looking for new ways to hack into an enterprise. Due to the consequences of ill-intentioned hacking causing potential distress at a global scale, we all have a responsibility to be as prepared as possible to better protect our environments by the proactive action of incident response. Through the Cloud Workload Protection Platform (CWPP) of Prisma Cloud, there are ways to be proactive in achieving goals in incident response while creating protocols to coherently scope your applications and accounts in these environments. In this article, you will learn about the primary scoping utility that is available to you in the console through collections and approaches to optimally creating scope.
“What could you have done better as an organization to adjust to Log4J?”
This question has resonated with the cybersecurity community for a while now. Within the capabilities of the Prisma Cloud product here at Palo Alto Networks, there are a number of threat landscape views and preventative tools that are available to customers.
In this article, we will review some of the core features that security professionals can utilize to be notified of CVE detection, available API calls within the Prisma Compute console that will help to give a quick view into resources affected by Log4J through the correlated CVE, as well as some advanced preventatives, such as creating a custom CVE or uploading an MD5 malware hash, that are available to users of the console. With these additional tools there will be a better understanding of not only how to get a grasp around aspects of the threat landscape of Log4J in your environment, but also a better way to approach potential future zero-days through utilization of the capabilities of Prisma Cloud.