1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Configure
    6. Custom feeds

    Custom feeds

    You can supplement the Prisma Cloud Intelligence Stream with your own custom data, including:
    For each data type, you can add individual entries to a table from the Console UI, bulk upload a list from a CSV file, or submit a JSON object via the Prisma Cloud API.

    Supplementing the IP reputation list

    You can supplement the Prisma Cloud Intelligence Stream with your own list of banned IP addresses. Update your custom IP reputation list from the Console UI. You can specify one entry at a time, or do a bulk upload from a CSV file. The maximum file size is 20MB.
    The first line in your CSV file must be a header record that contains the field names. Specify one IP address per line. For example:
    ip
99.104.125.48
101.200.81.187
103.19.89.118
    1. Open Console.
    2. Go to
      Manage > System > Custom Feeds
      .
    3. Click
      IP Reputation Lists
      , and either click
      Add
       or
      Import CSV
      .
      Your list of banned IP addresses is immediately enforced when your data is imported. A default runtime defense rule,
      Default - detect suspicious runtime behavior
      , logs an alert when a container tries to connect to a banned IP address.
    4. Review the default rule
      Go to
      Defend > Runtime > {Container Policy | Host Policy}
      , then click manage for the
      Default - detect suspicious runtime behavior
       rule. You should see that
      Prisma Cloud Advanced Threat Protection
       is set to
      On
      .

    Supplementing the malware data feed

    You can supplement the Prisma Cloud Intelligence Stream with your own custom malware signatures. Update your custom list of malware signatures from the Console UI. You can specify one entry at a time, or do a bulk upload from a CSV file. The maximum file size is 20MB.
    Malware scanning and detection is supported for Linux container images and hosts only. Windows containers and hosts are not supported.
    The first line in your CSV file must be a header record that contains the field names. For malware data, specify the MD5, followed by the description. Specify one entry per line. For example:
    md5,name
194836fbe0f121a25b145e55e80cef22,evil malware
0aeb0cac186a81a6ac45776d6b56dd70,evil binary
33cc273ae3aa8bce6a22c92e7d11f63a,bigevil
    1. Open Console.
    2. Go to
      Manage > System > Malware signatures
      .
    3. Click
      Upload Malware Data
      , and either click
      Add
       or
      Import CSV
      .
      Your custom malware data is used in all subsequent image scans. It is also used immediately by the runtime defense file system sensor, which assesses all writes to the host and container file system.

    Create a list of trusted executables

    If a legitimate binary or a process created from a legitimate binary is incorrectly identified as malicious by any of the runtime detection capabilities, you can add the signature of the binary to a list of trusted executables signatures and ensure that it will not be inspected by any runtime capabilities.