Is there a default runtime policy with basic rules for containers and virtual machines before the ML learning is done?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Is there a default runtime policy with basic rules for containers and virtual machines before the ML learning is done?

L6 Presenter

Hello,

 

As mentioned in https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense the ML will learn the allowed network, process communication and file system and patterns but before that will it scan files for basic viruses or block known bad ip addresses without making a custom rule https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/custom-runtime-rules?

 

 

Also when the application changes it's pattern because the the developers changed the app will the new features cause issues as new process, file system and network access will be seen in the system ? Basically I am asking if the ML model will automatically adapt by changing itself or giving recommendations for new rule changes. Outside of that is there a trusted ip address that can be configured that the the devs can use to access to changed the web app and then Prisma Cloud to adapt when it sees traffic coming from this IP address?

 

1 accepted solution

Accepted Solutions

L0 Member

Yes, Prisma Cloud will log only threat-based runtime events (malicious files or connections to high-risk IPs) even if there aren't any rules created under Defend-->Runtime.

 

Whenever there are changes in the images by the developers, Prisma Cloud automatically detects when new images are added anywhere in the environment and automatically puts them in learning mode to create a new model.

https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-container...

https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-container...

 

You can explicitly allow or deny outgoing connections that deviates from your runtime policy w.r.t IP's and DNS. Please scroll down to Networking on the following link:

https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-container...

View solution in original post

1 REPLY 1

L0 Member

Yes, Prisma Cloud will log only threat-based runtime events (malicious files or connections to high-risk IPs) even if there aren't any rules created under Defend-->Runtime.

 

Whenever there are changes in the images by the developers, Prisma Cloud automatically detects when new images are added anywhere in the environment and automatically puts them in learning mode to create a new model.

https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-container...

https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-container...

 

You can explicitly allow or deny outgoing connections that deviates from your runtime policy w.r.t IP's and DNS. Please scroll down to Networking on the following link:

https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-container...

  • 1 accepted solution
  • 743 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!