Radar
Radar is the primary interface for monitoring your environment.
Radar enables you to identify and block known and unknown traffic moving laterally through your environment.
Radar is the default view when you first log into the console.
Radar helps you visualize and navigate through all the data across Prisma Cloud.
For example, On the Radar canvas, you can visualize the connectivity between microservices, instantly drill into the per-layer vulnerability analysis tool, assess compliance, and investigate the incidents.
Radar makes it easy to conceptualize the architecture and connectivity of large environments, identify risks, and zoom in on incidents that require a response.
Radar provides a visual depiction of inter-network and intra-network connections between containers, apps, and cluster services across your environment.
It shows the ports associated with each connection, the direction of traffic flow, and internet accessibility.
When Cloud Native Network Segmentation (CNNS) is enabled, Prisma Cloud automatically generates the mesh shown in Radar based on what it has learned about your environment.
Radar’s pivot has a container view, a host view, and a serverless view.
In the container view, each image with running containers is depicted as a node in the graph.
In the host view, each host machine is depicted as a node in the graph.
As you select a node, an overlay shows vulnerability, compliance, and runtime issues.
The serverless view in Radar, visualize and inspect the attack surface of the serverless functions.
Radar refreshes its view every 24 hours.
The Refresh button has a red marker when new data is available to be displayed.
To get full visibility into your environment, install a Defender on every host in your environment.
Cloud Pivot
You can’t secure what you don’t know about.
Prisma Cloud discovery finds all cloud-native services deployed in AWS, Azure, and Google Cloud.
Cloud Radar helps you visualize what you’ve deployed across different cloud providers and accounts using a map interface.
The map tells you what services are running in which data centers, which services are protected by Prisma Cloud, and their security posture.
Select a marker on the map to see details about the services deployed in the account/region.
You can directly secure both the registries and the serverless functions by selecting
Defend
next to them.
You can filter the data based on an entity to narrow down your search.
For example, filters can narrow your view to just the serverless functions in your Azure development team accounts.
By default, there’s no data in Cloud Radar.
To populate Cloud Radar, configure cloud discovery scans.
Image pivot
Radar lays out nodes on the canvas to promote easy analysis of your containerized apps.
Interconnected nodes are laid out so network traffic flows from left to right.
Traffic sources are weighted to the left, while destinations are weighted to the right.
Single, unconnected nodes are arranged in rows at the bottom of the canvas.
Nodes are color-coded based on the highest severity vulnerability or compliance issue they contain, and reflect the currently defined vulnerability and compliance policies.
Manually rescan your environment if you edit an existing compliance/vulnerability policy to update the compliance/vulnerability issues in the radar view.
Color coding lets you quickly spot trouble areas in your deployment.
- Dark Red — High risk. One or more critical severity vulnerabilities detected.
- Red — High severity vulnerabilities detected.
- Orange — Medium vulnerabilities detected.
- Green — Denotes no vulnerabilities detected.
The numeral encased by the circle indicates the number of containers represented by the node.
For example, a single Kubernetes DNS node may represent five services.
The color of the circle specifies the state of the container’s runtime model.
A blue circle means the container’s model is still in learning mode.
A black circle means the container’s model is activated.
A globe symbol indicates that a container can access the Internet.
Connections between running containers are depicted as arrows in Radar.
Click on an arrow to get more information about the direction of the connection and the port.
The initial zoomed out view gives you a bird’s-eye view of your deployments.
Deployments are grouped by namespace.
A red pool around a namespace indicates an incident occurred in a resource associated with that namespace.
You can zoom-in to get details about each running container.
Select an individual pod to drill down into its vulnerability report, compliance report, runtime anomalies, and WAAS events.
Service account monitoring
Kubernetes has a rich RBAC model based on the notion of service and cluster roles.
This model is fundamental to the secure operation of the entire cluster because these roles control access to resources and services within namespaces and across the cluster.
While these service accounts can be manually inspected with kubectl, it’s difficult to visualize and understand their scope at scale.
Radar provides a discovery and monitoring tool for service accounts.
Every service account associated with a resource in a cluster can easily be inspected.
For each account, Prisma Cloud shows detailed metadata describing the resources it has access to and the level of access it has to each of them.
This visualization makes it easy for security staff to understand role configuration, assess the level of access provided to each service account, and mitigate risks associated with overly broad permissions.
Clicking on a node opens an overlay, and reveals the service accounts associated with the resource.
Clicking on the service accounts lists the service roles and cluster roles.
Service account monitoring is available for Kubernetes and OpenShift clusters.
When you install the Defender DaemonSet, enable the 'Monitor service accounts' option.
Istio monitoring
When Defender DaemonSets are deployed with Istio monitoring enabled, Prisma Cloud can discover the service mesh and show you the connections for each service.
Services integrated with Istio display the Istio logo.
Istio monitoring is available for Kubernetes and OpenShift clusters.
When you install the Defender DaemonSet, enable the 'Monitor Istio' option.
WAAS connectivity monitor
WAAS connectivity monitor monitors the connection between WAAS and the protected application.
WAAS connectivity monitor aggregates data on pages served by WAAS and the application responses.
In addition, it provides easy access to WAAS-related errors registered in the Defender logs (Defenders sends logs to the Console every hour).
a
WAAS monitoring is only available when you select an image or host protected by WAAS.
- Last updated- Most recent time when WAAS monitoring data was sent from the Defenders to the Console (Defender logs are sent to the Console on an hourly basis). By clicking on therefreshbutton users can initiate sending of newer data.
- Aggregation start time- Time when data aggregation began. By clicking on theresetbutton users can re