New features

Provides a new mechanism to automatically protect serverless functions with Serverless Defender directly from Console or the API.

Streamlines operations by automatically upgrading all Container Defenders, Defender DaemonSets, and Host Defenders when Console is upgraded. (Serverless Defenders can be upgraded by way of the new auto-protect feature. App Embedded Defenders must still be manually upgraded).

Consolidates all CI policy in Console (previously, policy was partially specified in the Jenkins plugin or twistcli).

Extends and improves the Trusted Images feature with trust groups, which let you capture related images in entities that can then be used in policy rules.

Adds the ability to tag vulnerability findings, filter views based on tags, and set policy based on tags.

Extends Prisma Cloud support for registries, with support for Harbor registries, Nexus Registry webhooks, certificate-based authentication for Docker v2 registries, and jFrog Artifactory virtual repositories.

Adds the ability to scan VM images, specifically Amazon Machine Images (AMIs).

Integrates the Open Policy Agent into Prisma Cloud Compute so that you can specify admission control logic using the Rego language.

Maps Prisma Cloud roles to Prisma Cloud Compute roles for better control over what users and groups can see and do in the Compute tab.

Automatically maps Prisma Cloud API access keys to the corresponding Compute role. Previously, an administrator would manually need to create the mapping.

Collects AWS tags for VM instances, and lets you create collections based on these tags.

Enhances the Vulnerability Explorer UI to better allow security and risk teams to quickly prioritize risk across any cloud native environment.

Adds the ability to append a custom string to all Console and Defender syslog messages. Useful when you want to be able to identify syslog messages from different Prisma Cloud deployments (where a deployment consists of one Console and all the Defenders connected to it).

Aligns UI look and feel with the rest of the Prisma Cloud product, along with other UI/UX improvements.

Improves the Jenkins plugin UI, including a better interface for viewing vulnerabilities.

Eliminates Jenkins plugin dependencies on the "Dashboard View" and "Static Analysis Utilities" plugins.

Adds a project parameter to the pipeline to scan resources in specific projects only

[Prisma Cloud Enterprise Edition] Introduces a unified integrated navigation bar for accessing the Compute tab, and navigating through Compute pages.

Adds support for deep linking to Console’s pages so that you can copy links from your browser’s nav bar to share and return to specific pages in the Console UI.

Lets you quickly clear out column filters by clicking
Clear all filters
.

Adds filters for registry scan results (registry, repo), users (name, role) and groups (name, role).

Adds the notion of capabilities to runtime profiles to better model container images that have one or more aspects that can’t be modeled strictly by process, file system, and network rules.

Adds the ability to monitor your environment for raw sockets, which can indicate suspicious activity.

Extends twistcli to scan infrastructure as code (IaC) files, such as CloudFormation, Terraform, and Kubernetes YAML files, for compliance issues.

Adds native support for Demisto as a sink for Compute alerts and events.

Improves readability and formatting of twistcli’s scan report output.

Adds VMware Photon OS as a supported host OS.

Fortifies Python vulnerability data in our Intelligence Stream.

Adds a new dedicated vulnerability policy for serverless functions.

Adds support for custom runtime rule, custom compliance rules, Kuberneres audit rules, CNNF, and assigned collections to tenant Projects.

Adds support for certificate-based authentication for the Twistlock for Pivotal tile (now Twistlock for VMware Tanzu tile).

Disables Console’s unencrypted HTTP listener by default for better out-of-the-box security.

Extends runtime protection on file systems with controls for preventing existing files from being modified.

Adds new user roles for better control over what users can do in Prisma Cloud Compute. The new roles are Vulnerability Manager and DevSecOps User. The DevSecOps role has read only access to all pages under
Monitor
and
Radar
.

Enhances runtime process monitoring capabilities.

Enhances malware detection capabilities.

Updates base image for Console and Defender containers to Red Hat Universal Base Image (UBI) 8.

Improves runtime system to properly capture and model initial startup events.

Improves Container Radar layout so that network traffic flows from left to right.

Extends support for Kubernetes labels, including labels defined and applied at runtime and namespace labels.

Brings feature parity for Docker-less environments, including registry scanning, twistcli scanning, and Jenkins plugin scanning.

Adds support for downloading backup files from the Console UI or the API.

Adds the capability to rotate Console’s self-signed certificates (valid for 3 years) a month before expiration.

Adds the ability to minimize the scan progress bar, while still monitoring scan progress.

Updates support for the Microsoft Edge browser. Prisma Cloud only supports the new Microsoft Edge Chromium-based browser (version 80.0.361 and later).