Password and Help

What are the rules for password similarity and reuse in Prisma Cloud?
When you create a new password, we check for its similarity with the current password. The measure of similarity between the new and the current and old password strings is determined by the minimum number of single-character edits, such as insertions, deletions, substitutions that are required to change one word in to another. We do not accept the new password string if the similarity with the current or old passwords is 70% or higher.
Example: If your current password is*MenloPark.123!
, then you cannot use *M3nl0P@rk.123!
but you could use
ParkMenlo.123!
.
What are the complexity requirements for creating Prisma Cloud passwords?
Passwords must have a minimum of 8 characters and a maximum of 30 characters and include one or more of each of the following: an uppercase letter, a lowercase letter, a digit (0 to 9), and a special character (“
~
”, “
`
”, “
!
”, “
@
”, “
#
”, “
$
”, “
%
”, “
^
”, “
&
”, “
*
”, “
(
”, “
)
”, “
-
”, “
_
”, “
+
”, “
=
”, “
{
”, “
}
”, “
[
”, “
]
”, “
|
”, “
\
”, “
:
”, “
;
”, “
’
”, “
,
”, “
“
”, “
.
”, “
<
”, “
>
”, “
?
”, and “
/
”).
Help icon
Check to ensure that your browser allows pop-ups. Check whether your advertisement blocking software is blocking Prisma Cloud and, if so, add the URL for your Prisma Cloud instance and app.pendo.io to the allow list. Check and disable any local firewall rules or proxies that are blocking either or both of these URLs.
Where do I submit documentation requests or report errors in the documentation?
Please let us know how we are doing at documentation@paloaltonetworks.com. When writing to us about a documentation error, please include the URL for the page where you see the issue.
Where do I find documentation for the Compute tab for securing host, container, and serverless functions?
If you are using the Prisma Cloud Enterprise edition license, see Prisma Cloud Administrator’s Guide (Compute). If you are using Prisma Cloud Compute Edition license and are deploying and hosting it on your own, see Prisma Cloud Compute Edition Administrator’s Guide.
How do I get technical help or open a support case?
Check the discussions on the Palo Alto Networks Live Community, and to open a support case, log in to the Customer Support Portal.

Policy and Investigate Page

Policy and Alerts

What happens when I have two alert rules for the same conditions—one with and one without auto remediation?

The alert rule with auto remediation enabled takes precedence and the violation is automatically resolved.

With which threat intelligence feeds does Prisma Cloud integrate?

Prisma Cloud provides users with comprehensive threat intelligence and vulnerability data sourced across multiple unique sources:

Prisma Cloud Intelligence Stream
: Our own collection of 30-plus upstream data sources across commercial, open-source and proprietary feeds; offering vulnerability data for hosts, containers and functions as well as malware and IP-reputation lists.
Palo Alto Networks sources
: In addition to AutoFocus, Prisma Cloud integrates with WildFire for malware scanning as part of data security capabilities.
When combined with AutoFocus, Prisma Cloud enables unmatched alert accuracy with the risk clarity required to effectively protect today’s highly dynamic, distributed cloud environments.
Third-party sources
: Prisma Cloud integrates with data provided from Qualys, Tenable, AWS GuardDuty, AWS Inspector and others to provide a single view into risk within cloud environments.
Each threat intelligence feed provides a classification for each of the IP addresses they include, and Prisma Cloud uses this data to identify bad actors. Some IP addresses that have been known to launch Command and Control traffic or DDOS attacks, are classified as outright malicious. Other IP addresses are listed as suspicious, and these have demonstrated patterns of association with other malicious sites or have indicators—file properties, behaviors, and activities— that are suspicious or highly suspicious. For details on AutoFocus, see AutoFocus artifacts.

How often does Prisma Cloud retrieve data from cloud services that provide automated security assessment or threat detection?

If you set up an integration with Qualys, Tenable, Amazon GuardDuty, or AWS Inspector for additional context on risks in the cloud, Prisma Cloud retrieves data from these services periodically. The data from Qualys and Tenable is retrieved every hour; the data from AWS Inspector and Amazon GuardDuty is retrieved at every ingestion cycle.

After I update a config policy query, how long does it take to automatically resolve alerts that no longer match this policy?

When a Config-based policy query is changed, all the alerts generated by this policy are re-evaluated at the next scan. Alerts that are no longer valid because of the policy change are automatically resolved.

What is the list of web applications that Prisma Cloud automatically classifies?

Port Number	Application Classification
0	ICMP
21	FTP
22	SSH
23	TELNET
25	SMTP
53	DNS
80	Web (80)
88	Kerberos
111	RPC (111)
135	RPC (135)
143	IMAP
389	LDAP
443	Web (443)
444	SNPP
445	Generic (445)
514	Syslog
587	SMTP
636	LDAP (TLS)
995	IMAP
1433	SQL Server
1515	OSSEC
1521	Oracle
2376	Docker TLS
3128	Web Proxy
3268	Active Directory (GC)
3306	My SQL
3389	RDP
5050	Mesos Server
5432	Postgres
5439	Redshift
5671	RabbitMQ
5672	RabbitMQ
5900	VNC
6168	Generic (6168)
6379	Redis
7200	Generic (7200)
7205	Generic (7205)
7210	MaxDB
8000	HTTP (8000)
8080	HTTP (8080)
8140	Puppet
8332	Bitcoin
8333	Bitcoin
8443	HTTP (8443)
8545	Ethereum (8545)
8888	HTTP (8888)
9000	Generic (9000)
9006	Web (9006)
9092	Kafka
9300	Elastic Search
9997	Splunk Logger
15671	RabbitMQ WebUI
15672	RabbitMQ WebUI
27017	MongoDB
29418	Git
30000	Generic (30000)
30303	Ethereum (30303)
52049	NFS
55514	Syslog
60000	Generic
61420	Minuteman LB
61421	Minuteman LB
61668	Generic (61668)