Compute/Monitor/Runtime/App-embedded details missing?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Compute/Monitor/Runtime/App-embedded details missing?

L3 Networker

I deployed an App-embedded container to an EKS Cluster on Fargate.
I found the defended container in the console, Compute/Monitor/Runtime/App-embedded details.

1) Why can't Users with any role but System Administrator, see the events in that table? The user-roles are associated with an AccountGroup that the defended-container is a member of.
2) Why does the environment tab render "Found no additional metadata for the App-Embedded resource." ? Shouldn't there be metadata? Don’t we need this metadata to tune our Runtime policies?

Tommy Hunt AWS-CSA, Java-CEA, PMP, SAFe Program Consultant
thunt@citrusoft.org
https://www.citrusoft.org
1 accepted solution

Accepted Solutions

L2 Linker

Hi Tommy,

 

Thank you for reaching out. 

1) You need to create a Resource list on the CSPM side for the cloud account where the fargate defender is deployed and use that resource list as a collection to view the runtime alerts. 

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-adminis...

Please review the following document for the permissions 

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-adminis...

 

2) Currently, metadata information is not displayed for the fargate defender. Can you please create a feature request for it?

https://prismacloud.ideas.aha.io/ideas

 

Please let me know if you have any other questions.

 

Regards,

Muhammad Wahaaj Siddiqui | Sr. Technical Support Engineer - Prisma Cloud Compute | PCCSE, CKA, CKS, AWS SysOps, AWS DevOps Professional

View solution in original post

2 REPLIES 2

L2 Linker

Hi Tommy,

 

Thank you for reaching out. 

1) You need to create a Resource list on the CSPM side for the cloud account where the fargate defender is deployed and use that resource list as a collection to view the runtime alerts. 

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-adminis...

Please review the following document for the permissions 

https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-adminis...

 

2) Currently, metadata information is not displayed for the fargate defender. Can you please create a feature request for it?

https://prismacloud.ideas.aha.io/ideas

 

Please let me know if you have any other questions.

 

Regards,

Muhammad Wahaaj Siddiqui | Sr. Technical Support Engineer - Prisma Cloud Compute | PCCSE, CKA, CKS, AWS SysOps, AWS DevOps Professional

 @musiddiqui, Thanks for your suggestion.

Soon,  I can take some time to learn about resource lists.

 

Due to the recently released fine-grained specification of RBAC, PermissionGroups, issue #1 is no longer an issue.

Now, I can simply tailor a custom PermissionGroup.

 

Issue #2 is a serious shortcoming in the product's capabilities. Defenders and observations render in the console but we users have no information to trace runtime, app-embedded observations back to the EKS Fargate cluster.pod where this telemetry is coming from.

See the new idea here... https://prismacloud.ideas.aha.io/ideas/PANW-I-4415

Tommy Hunt AWS-CSA, Java-CEA, PMP, SAFe Program Consultant
thunt@citrusoft.org
https://www.citrusoft.org
  • 1 accepted solution
  • 1639 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!