Prisma SaaS can be configured to forward syslog data to an external syslog server which is usually located behind a perimeter device such as Palo Alto Networks firewall.
The public IP addresses listed below need to be allowed on UDP port 514 on the downstream firewall to receive syslog data from Prisma SaaS services. Regional Prisma SaaS IP addresses:
Port to open
UDP Port 514
Prisma SaaS Syslog and API Integration:
... View more
Dropbox is a file hosting service headquartered in San Francisco, California. They offer cloud storage, file synchronization, personal cloud, and client software. It brings your files and cloud content together with the tools your team wants to use.
Provides access to your organization’s work from your computer, mobile device, or any web browser. In addition, users may invite others to view and edit an account's shared files, upload documents, and photos to a shared folder and gives other users rights to view shared files.
Prisma SaaS currently supports business version and up. These paid account types include Standard, Advanced, and Enterprise
Cloud App Category
Business and up
Cloud App Admin Role Requirement
User Management Admin
Files and Folders
Activity Based Monitoring
Activities within a folder
Exposure (Public, External, Company & Internal)
All Exposures are supported
Selective Scanning (OU)
Forward/Backward Scan (Split Scan)
Know Malware (Wildfire DP)
Unknown Malware (WF Submission)
3rd Party Data Classification
Security Control/Risky Configuration
Must log into the portal with Super Admin account or one that has the required permission to add cloud apps
The authentication step in the portal needs to be completed with a Dropbox Admin account that includes the User Management Admin permission
Step 1 – After confirming the prerequisites are all met, Admin users can proceed with adding a Dropbox cloud app to the Prisma SaaS Portal.
Settings > Cloud Apps and Scan Settings > Add a Cloud App > Select Dropbox
Step 2 – From the grid of cloud apps click > Connect to Dropbox Account.
Step 3 – Admin will be presented with the Dropbox authentication page.
Enter the Dropbox admin credentials and click Sign-in. The web browser will then route back to the list of connected cloud apps once completed.
Step 4 – By default the related scan does not start automatically and must be manually started to initiate the process. This option is available under Actions. At this point you can choose to assign a unique name to the newly connected cloud app.
When you add a cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays any match occurrences. As a best practice, consider the business use of your applications to determine if you need to Add a New Asset Rule to look for incidents unique to Dropbox
Prisma SaaS scans assets in the associated app and identifies possible incidents. Depending on the number of users and assets, it may take some time to complete the process. However, as soon as you begin to see this information populating the Prisma SaaS dashboard, you can begin to Assess Incidents .
Optional: Enable Admin Quarantine Feature
This feature is enabled by clicking on the cloud app name and assigning an email alias to the Account for Admin Quarantine field. This will set up the related Admin Quarantine folder within this Dropbox user’s directory and must be established before using the quarantine Action for Dropbox. This includes manual and automated quarantine Actions.
Prisma SaaS Administrator’s Guide
Begin Scanning Dropbox or Yammer
New Features Introduced in 2020
... View more
The following license types are currently available for Prisma SaaS
Prisma SaaS All Apps License – The All Apps license is a user-based license which grants one user the right to use Prisma SaaS to secure SaaS applications. A Prisma SaaS All Apps license is term-based at one or three years.
Public Cloud Storage License – This volume-based license helps you gain bucket and blob visibility and control for your AWS, Azure, and Google Cloud Storage, and it is term-based at one or three years. You can identify and remove public buckets and blobs from inadvertent exposure or use, prevent the propagation of malware and data exfiltration with advanced machine learning and DLP, and view an audit trail for stored buckets and blobs to detect anomalies.
Scope of scanning for Prisma SaaS All Apps License
The service automatically scans your cloud apps using predefined data patterns, classifies all documents using machine learning, and checks hash on all Microsoft Office documents, PDF, and portable executable files against WildFire rules without requiring you to create any policies.
Monitoring for risky or suspicious user or admin behavior
You can review user activity logs enabling you to monitor and investigate the actions of your end users on the data and assets stored in your apps. You can track events, such as file and folder downloads and uploads as well as failed login attempts, or you can learn how a user shared or collaborated on assets hosted in your SaaS applications.
Preventing malware propagation by scanning files using WildFire analysis
WildFire detects and protects against malicious portable executables, Microsoft Office Files, Adobe Portable Document Format (PDF) files, and known threats based on file hash (a unique fingerprint of a file as a result of running the file through a cryptographic hash function).
License Entitlement and Limitations
Currently, a license includes three properties:
License Type (Prisma SaaS All App and Public Cloud Storage)
Service End Date
Total User Count
Service End Date – This is when the current license loaded into the portal expires. When expiration occurs, all scanning of content is stopped until a valid license is applied. We will continue to keep the collected data in the portal for 90 days. After this point, the tenant is de-provisioned and deleted. These are provisioned for durations of one or three years.
Total User Count – This is the quantity of users that we can track and collect data on. This includes, activities, files owned, and shared. Currently this metric is not enforced and we try to match the total number of active users in the organization.
... View more