Prisma Cloud FAQs

Review the Prisma™ Cloud FAQ for answers to commonly asked questions.

Account Onboarding and SSO

  • Explain VPC flow logs
    VPC flow logs provide a unidirectional record of network traffic that inform you about how packets flowed from A to B and from B to A (as in a separate record). They provide no direct insight into which endpoint is the server in any conversation or which endpoint initiated a conversation. You could look at which flow record has a lower timestamp and assume that the source in that record is the client but, in the case of VPC flow logs, log collection is aggregated over several-minute windows, which removes the precision required to make this a reliable indicator. Additionally, long-lived connections and connections that appear on the boundaries of batches of logs will defeat this heuristic. There are other factors to consider, such as source port vs destination port. You can also compare the count of distinct peers for a given endpoint IP address and port. Prisma™ Cloud evaluates all of these conditions, plus others, with a weight given to each measure and a historical bias. However, these measures are heuristics and are therefore not perfect.
  • Why do we need to list permissions for Key Vault in Azure?
    To support policies based on Azure Key Vault, Prisma Cloud needs to ingest Key Vault. Prisma Cloud does not ingest the keys or secrets—it ingests only their IDs and other metadata.
  • Which SAML binding should I use for SSO?
    The Prisma Cloud SAML endpoint supports HTTP POST binding.

Password and Help

  • What are the rules for password similarity and reuse in Prisma Cloud?
    When you create a new password, we check for its similarity with the current password. The measure of similarity between the new and the current and old password strings is determined by the minimum number of single-character edits,suchas insertions, deletions, and substitutions that are required to change one word into another.We do not accept the new password string if the similarity with the current or old passwords is 70% or higher.
    Example: If your current password is
    MenloPark.123!
    , then you cannot use
    M3nl0P@rk.123!
    but you could use
    ParkMenlo.123!
    .
  • What are the complexity requirements for creating Prisma Cloud passwords?
    Passwords must havea minimum of 8 characters and a maximum of 30 charactersand include one or more of each of the following: an uppercase letter, a lowercase letter, a digit (0 to 9), and a special character (“
    ~
    ”, “
    `
    ”, “
    !
    ”, “
    @
    ”, “
    #
    ”, “
    $
    ”, “
    %
    ”, “
    ^
    ”, “
    &
    ”, “
    *
    ”, “
    (
    ”, “
    )
    ”, “
    -
    ”, “
    _
    ”, “
    +
    ”, “
    =
    ”, “
    {
    ”, “
    }
    ”, “
    [
    ”, “
    ]
    ”, “
    |
    ”, “
    \
    ”, “
    :
    ”, “
    ;
    ”, “
    ”, “
    ,
    ”, “
    ”, “
    .
    ”, “
    <
    ”, “
    >
    ”, “
    ?
    ”, and “
    /
    ”).
  • Help icon in the bottom right corner is not visibleand the application does not launch pages after I click the Help Icon. What should I do?
    Check toensure that your browser allows pop-ups. Check whether your advertisement blocking software is blocking Prisma Cloud and,if so, whitelist the URL for your Prisma Cloud instance and app.pendo.io. Check and disable any local firewall rules or proxies that are blocking either or both of these URLs.
  • Where do I submit documentation requests or report errors in the documentation?
    Please let us know how we are doing at documentation@paloaltonetworks.com. When writing to us about a documentation error, please include the URL for the page where you see the issue.
  • Where do I find documentation for the Compute tab for securing host, container, and serverless functions?
    If you are using the Prisma Cloud Enterprise edition license, seePrisma Cloud Administrator’s Guide (Compute). If you are using Prisma Cloud Compute Edition license and are deploying and hosting it on your own, see Prisma Cloud Compute Edition Administrator’s Guide.

Policy and Alerts

  • What happens when I have two alert rules for the same conditions—one with and one without auto remediation?
    The Alert Rule with auto remediation enabled takes precedence and alerts are automatically resolved.
  • With which threat intelligence feeds does Prisma Cloud integrate?
    Prisma Cloud integrates with the threat intelligence feeds from Facebook ThreatExchange, AWS GuardDuty, and AWS Inspector to help you turn your threat data into actionable intelligence and to focus on what is relevant to your deployments.
  • How often does Prisma Cloud retrieve data from cloud services that provide automated security assessment or threat detection?
    If you set up an integration with Qualys, Tenable, Amazon GuardDuty, or AWS Inspector for additional context on risks in the cloud, Prisma Cloud retrieves data from these services periodically. The data from Qualys and Tenable is retrieved every hour;the data from AWS Inspector and Amazon GuardDuty is retrieved at every ingestion cycle.
  • After I update a config policy query, how long does it take to automatically resolve alerts that no longer match this policy?
    When a Config-based policy query is changed, all the alerts generated by this policy are re-evaluated at the next scan. Alerts that are no longer valid because of the policy change are automatically resolved.
  • What is the list of web applications that Prisma Cloud automatically classifies?
    Port Number
    Application Classification
    0
    ICMP
    21
    FTP
    22
    SSH
    23
    TELNET
    25
    SMTP
    53
    DNS
    80
    Web (80)
    88
    Kerberos
    111
    RPC (111)
    135
    RPC (135)
    143
    IMAP
    389
    LDAP
    443
    Web (443)
    444
    SNPP
    445
    Generic (445)
    514
    Syslog
    587
    SMTP
    636
    LDAP (TLS)
    995
    IMAP
    1433
    SQL Server
    1515
    OSSEC
    1521
    Oracle
    2376
    Docker TLS
    3128
    Web Proxy
    3268
    Active Directory (GC)
    3306
    My SQL
    3389
    RDP
    5050
    Mesos Server
    5432
    Postgres
    5439
    Redshift
    5671
    RabbitMQ
    5672
    RabbitMQ
    5900
    VNC
    6168
    Generic (6168)
    6379
    Redis
    7200
    Generic (7200)
    7205
    Generic (7205)
    7210
    MaxDB
    8000
    HTTP (8000)
    8080
    HTTP (8080)
    8140
    Puppet
    8332
    Bitcoin
    8333
    Bitcoin
    8443
    HTTP (8443)
    8545
    Ethereum (8545)
    8888
    HTTP (8888)
    9000
    Generic (9000)
    9006
    Web (9006)
    9092
    Kafka
    9300
    Elastic Search
    9997
    Splunk Logger
    15671
    RabbitMQ WebUI
    15672
    RabbitMQ WebUI
    27017
    MongoDB
    29418
    Git
    30000
    Generic (30000)
    30303
    Ethereum (30303)
    52049
    NFS
    55514
    Syslog
    60000
    Generic
    61420
    Minuteman LB
    61421
    Minuteman LB
    61668
    Generic (61668)

Recommended For You