: 30.02 Update 2 Release Notes

30.02 Update 2 Release Notes

Table of Contents

30.02 Update 2 Release Notes

The following table outlines the release particulars:
Code name
Maxwell, 30.02 Update 2
Release date
June 25, 2023
Maintenance Release
Review the system requirements to learn about the supported operating systems, hypervisors, runtimes, tools, and orchestrators.

CVE Coverage Update

New Features in Agentless Security

Encrypted volumes support in GCP with hub mode

This feature adds the capability to scan encrypted volumes in GCP with agentless scanning when using hub mode.

New Features in Core

Container Runtime Types in Defender Deployment

The Defender deployment workflows support Docker, CRI-O, and Containerd Container Runtime types.
When installing a Defender using twistcli, pass the `--container-runtime flag with docker, cri-o, or containerd to match the runtime in your environment.

Windows Server 2016

Reinstating the support for Defenders on Windows 2016. For details on the extended support from Microsoft, see the Microsoft documentation.

Added new NAT gateway IP addresses

Prisma Cloud is adding new NAT IP addresses for the Compute SaaS Console Region in GCP. The egress IPs for connections from The Compute SaaS Console to the internet in us-east 1 (South Carolina) are: and
Make sure to add these IP addresses to your allow list. These IP addresses will be added to the documentation.

Added Support for Managed Identities in Azure

Added support for Azure Managed Identities to authenticate any Azure resources that support AD authentication without adding keys in Prisma Console.
To use this authentication method, add an Azure role with required permissions to scan the resources under
Manage > Cloud accounts

New Features in Host Security

Support custom compliance checks

Added support for custom compliance checks on clusters running containerd runtime.

Change in the format of runtime events information used in notification webhooks

Replaced the aggregated and rest macros with the following macros:
  • aggregatedAlerts: Returns the aggregated audit events in JSON format. It represents the same data as the old aggregated macro, but in JSON format instead of text.
  • dropped: Returns the number of alerts that were dropped after the aggregation buffer has reached its limit. This change fixes an issue where some of the aggregated alerts were missing fields like ContainerID, Namespace, and User.
The aggregated and rest macros are still available but are being deprecated after the two upcoming releases following our deprecation notice policy. For existing settings of alert providers, you must edit the alert structure and use the new macros.

API Changes and New APIs

Add Backward Compatibility to api/v1/cloud/discovery/entities

API endpoint is now available as a supported and backward compatible route to view the cloud discovered entities.

Monitor the status of an OnDemand and Regular registry scan

The new API endpoint
is available to view the progress of onDemand and regular ongoing registry scans. Set the request parameter
to true to view progress of an ongoing on-demand scan. By default,
is set to false and shows the progress of a regular scan.

Breaking Changes in API

Defender APIs modified to support the containerd runtime
The following APIs have been enhanced to include support for the containerd runtime in addition to the existing Docker and CRI-O runtimes:
The cri boolean parameter (in the common.DaemonSetOptions schema) in the above endpoints has been replaced by the common.ContainerRuntime schema in the 30.02 release.
Old (30.01 and earlier releases)
Example request schema showing
set to a boolean value
for Docker and CRI-O:
{ "consoleAddr":"", "namespace":"twistlock", "orchestration":"kubernetes", "selinux":false, "cri":true, "privileged":false, "serviceAccounts":true, "istio":false, "collectPodLabels":false, "proxy":null, "taskName":null, "gkeAutopilot":false }
New (in release 30.02)
From 30.02, you can set the following values for container runtime:
  • containerd
  • crio
  • docker
Example request schema showing
is replaced with
{ "consoleAddr":"", "namespace":"twistlock", "orchestration":"kubernetes", "selinux":false, "containerRuntime":"containerd", "privileged":false, "serviceAccounts":true, "istio":false, "collectPodLabels":false, "proxy":null, "taskName":null, "gkeAutopilot":false }
You must update existing scripts that use either of the two endpoints when you upgrade to 30.02 or a future release.

Deprecation Notice

  • The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts is being deprecated. The configuration settings on the Console (
    Compute > Defend > CNNS
    ) and the corresponding APIs for CNNS will be removed in the next major release. Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this will continue to be available.
List of deprecated API endpoints:

Addressed Issues

  • Fixed an issue with the Defenders and agentless scans detecting an incorrect Kubernetes version. The Kubernetes version in the scan results on Prisma Console now matches the Kubernetes version that is installed on the host.
  • Fixed a certificate error during the serverless scan in GCP when TLS proxy is enabled. This was addressed by adding support for global proxy in GCP client.
  • Addressed incorrect "Fix status" of the CVEs that originated from National Vulnerability Database (NVD). With this update, the "Fix status" for such CVEs remains empty when there is no fix available in the NVD, instead of calculating a wrong fix status.

Recommended For You