About jeisenhart

New Features FEATURE DESCRIPTION Integration Status Checks Prisma Cloud performs periodic checks and background validation of outbound external integrations to identify exceptions or failures in processing notifications. With the exception of Email, PagerDuty, Qualys, and Tenable.io integrations, the status checks now indicate when a change on the integration vendor impacts outbound alert notifications. The status checks display as red—integration failed validations, yellow—one or more templates associated with the integration are invalid, or green—working and all templates are valid. Any state transitions are automatically reflected on the Prisma Cloud administrator console. Resource Attribution on Azure Updates Prisma Cloud correlates data available in resource configurations and audit events to you identify who (which user) made changes to specific Azure resources. In addition to the services that were supported in the last release, resource attribution is now available for events related to the following Azure resources: Azure Network Watcher Azure Load Balancer Azure SQL Database Azure SQL Server Azure Storage Account Azure VPN Connection Azure Container Registry Azure Application Gateway Azure Disk Azure Vault Azure App Service API Ingestion Updates Prisma Cloud has added coverage for the API: azure-cosmos-db azure-network-route-table Update the JSON for the API   aws-sns-get-subscription-attributes Some fields such as   RawMessageDelivery ,   PendingConfirmation ,   ConfirmationWasAuthenticated   are no longer retrieved for this API.   Policy Updates POLICY DESCRIPTION AWS ECS Task Definition Elevated Privileges Enabled Checks the security configuration of your task definition for ECS Containers and alerts you to it. AWS ECS/ ECS Fargate task definition execution IAM Role not found Generates an alert if a task execution IAM role is not defined in your task definition for pulling container images and publishing container logs to Amazon CloudWatch. AWS ECS Task Definition Root User Found Checks if your container definition uses a root user and alerts you to it. GCP GKE Unsupported Node Version Checks your GKE master node version and generates an alert if the version running is unsupported. Non-Corporate Accounts Have Access to Google Cloud Platform (GCP) Resources The RQL in this customizable policy is updated to match on more than one domain, and the match criteria checks for whether the email address contains or ends in the specified domain(s). ... View more

New Features FEATURE DESCRIPTION Simplified Cloud Account Onboarding for First-Tme Users The   Cloud Account Onboarding   tours are designed to help you onboard your cloud accounts on AWS, Azure, and GCP and simplify the first step for cloud monitoring and governance. The guided experience helps Prisma Cloud administrators with the System Administrator and Cloud Provisioning Administrator roles automate some of the configuration options for quicker onboarding. HITRUST Compliance Standard for AWS With the support for the Health Information Trust Alliance (HITRUST) security control framework, Prisma Cloud enables you to audit how you are doing on this healthcare regulatory requirement. Use the policy checks included in the HITRUST Version 9.2 compliance standard to ensure that your AWS workloads that store, process, transmit, and analyze protected health information are securely handling sensitive data. Principal ARN Check for Prisma Cloud Monitored AWS Accounts The   _AWSCloudAccount.isRedLockMonitored  function is enhanced to check for the Principal ARN in addition to the Account ID specified in the policy trust document and verify whether the AWS Principal ARN belongs to an account that is monitored by Prisma Cloud. The RQL is   config where api.name = 'aws-iam-list-roles' AND json.rule = ‘_AWSCloudAccount.isRedLockMonitored(role.assumeRolePolicyDocument.Statement[*].Principal.AWS) is true’ With this enhancement, when you use this RQL in a custom policy, an alert is generated when a cross-account role allows access to an AWS account that belongs to an AWS account—third-party or other AWS accounts you own—that is not monitored by Prisma Cloud. API Ingestion Updates Prisma Cloud has added coverage for the API: aws-iam-saml-provider   Policy Updates POLICY DESCRIPTION GCP load balancer sensitive configuration updates Detects sensitive configuration updates such as the deletion or modification of a GCP load balancer and SSL policies.   This information was adapted from a TechDocs article. For more information about the release notes or to view other release notes, please visit Features Introduced in August 2019. ... View more

To continue providing a consistent and integrated experience across all our products, we’ve released a unified UX for Prisma ™  Cloud:   The URLs to access Prisma Cloud have changed: While we recommend you update your URLs, redirects are in place to minimize interruption of ongoing workflows and automation scripts. Previous Access URL Updated Access URL app.redlock.io app.prismacloud.io app2.redlock.io app2.prismacloud.io app3.redlock.io app3.prismacloud.io app.anz.redlock.io app.anz.prismacloud.io app.eu.redlock.io app.eu.prismacloud.io app.gov.redlock.io app.gov.prismacloud.io Previous API URL Updated API URL api.redlock.io api.prismacloud.io api2.redlock.io api2.prismacloud.io api3.redlock.io api3.prismacloud.io api.anz.redlock.io api.anz.prismacloud.io api.eu.redlock.io api.eu.prismacloud.io api.gov.redlock.io api.gov.prismacloud.io   Change in authentication for non-SSO users We’ve integrated with the Palo Alto Networks login service, so if you’re currently not using a third-party identity provider for single sign-on (SSO), you only need one set of credentials to access all your products, services, support, and collateral. This   will not   affect anyone currently using third-party SSO to access the Prisma Cloud application. However,   this change does affect non-SSO users   who access it directly with a username and password. We’ve exchanged local credential access as well as the "forgot" and "change password" processes for a more robust login flow. Non-SSO users will now need to log in via the Palo Alto Networks login page: The Prisma Cloud application will redirect you to the Palo Alto Networks login page. After authentication, all single-tenant users will be redirected to the application. If you have multiple tenants within the same region, you’ll be redirected to the Palo Alto Networks Hub, which will let you choose which tenant to log in to If you haven’t set up an account yet, you’ll be able to do so by clicking “Forgot Password?” on the new sign-in page.   If you’re currently using username and password for automation purposes via our APIs, please refer to the section below on "API Access Keys."    The Palo Alto Networks Hub The hub shows all the products you’re authorized to use in an easy-to-navigate dashboard to give you better visibility of your overall security posture. API Access Keys We have implemented API access keys, providing system administrators the ability to grant or revoke users’ access key permissions to communicate with our APIs. Existing username and password-based automations will not be immediately disabled. Your automations will continue to work; however, we strongly recommend you adopt new access keys for more secure access. Our intention is to sunset local passwords altogether from Prisma Cloud in a few months. We’ll send reminders to those using username and password-based automation to switch over to access keys before deprecating local passwords to ensure your business remains uninterrupted. For additional information, please watch:  Prisma Cloud: Product Update and Demo ... View more