01-08-2024 12:50 PM
Hello,
As mentioned in https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense the ML will learn the allowed network, process communication and file system and patterns but before that will it scan files for basic viruses or block known bad ip addresses without making a custom rule https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/custom-runtime-rules?
Also when the application changes it's pattern because the the developers changed the app will the new features cause issues as new process, file system and network access will be seen in the system ? Basically I am asking if the ML model will automatically adapt by changing itself or giving recommendations for new rule changes. Outside of that is there a trusted ip address that can be configured that the the devs can use to access to changed the web app and then Prisma Cloud to adapt when it sees traffic coming from this IP address?
01-09-2024 08:33 AM
Yes, Prisma Cloud will log only threat-based runtime events (malicious files or connections to high-risk IPs) even if there aren't any rules created under Defend-->Runtime.
Whenever there are changes in the images by the developers, Prisma Cloud automatically detects when new images are added anywhere in the environment and automatically puts them in learning mode to create a new model.
You can explicitly allow or deny outgoing connections that deviates from your runtime policy w.r.t IP's and DNS. Please scroll down to Networking on the following link:
01-09-2024 08:33 AM
Yes, Prisma Cloud will log only threat-based runtime events (malicious files or connections to high-risk IPs) even if there aren't any rules created under Defend-->Runtime.
Whenever there are changes in the images by the developers, Prisma Cloud automatically detects when new images are added anywhere in the environment and automatically puts them in learning mode to create a new model.
You can explicitly allow or deny outgoing connections that deviates from your runtime policy w.r.t IP's and DNS. Please scroll down to Networking on the following link:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
