Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
12-05-2022 12:00 PM
I deployed an App-embedded container to an EKS Cluster on Fargate.
I found the defended container in the console, Compute/Monitor/Runtime/App-embedded details.
1) Why can't Users with any role but System Administrator, see the events in that table? The user-roles are associated with an AccountGroup that the defended-container is a member of.
2) Why does the environment tab render "Found no additional metadata for the App-Embedded resource." ? Shouldn't there be metadata? Don’t we need this metadata to tune our Runtime policies?
12-05-2022 03:09 PM
Hi Tommy,
Thank you for reaching out.
1) You need to create a Resource list on the CSPM side for the cloud account where the fargate defender is deployed and use that resource list as a collection to view the runtime alerts.
Please review the following document for the permissions
2) Currently, metadata information is not displayed for the fargate defender. Can you please create a feature request for it?
https://prismacloud.ideas.aha.io/ideas
Please let me know if you have any other questions.
Regards,
12-05-2022 03:09 PM
Hi Tommy,
Thank you for reaching out.
1) You need to create a Resource list on the CSPM side for the cloud account where the fargate defender is deployed and use that resource list as a collection to view the runtime alerts.
Please review the following document for the permissions
2) Currently, metadata information is not displayed for the fargate defender. Can you please create a feature request for it?
https://prismacloud.ideas.aha.io/ideas
Please let me know if you have any other questions.
Regards,
12-12-2022 07:27 AM
@musiddiqui, Thanks for your suggestion.
Soon, I can take some time to learn about resource lists.
Due to the recently released fine-grained specification of RBAC, PermissionGroups, issue #1 is no longer an issue.
Now, I can simply tailor a custom PermissionGroup.
Issue #2 is a serious shortcoming in the product's capabilities. Defenders and observations render in the console but we users have no information to trace runtime, app-embedded observations back to the EKS Fargate cluster.pod where this telemetry is coming from.
See the new idea here... https://prismacloud.ideas.aha.io/ideas/PANW-I-4415
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
