Prisma Cloud FAQs
Review the Prisma™ Cloud FAQ for answers to commonly
asked questions.
Account Onboarding and SSO
- Explain VPC flow logsVPC flow logs provide a unidirectional record of network traffic that inform you about how packets flowed from A to B and from B to A (as in a separate record). They provide no direct insight into which endpoint is the server in any conversation or which endpoint initiated a conversation. You could look at which flow record has a lower timestamp and assume that the source in that record is the client but, in the case of VPC flow logs, log collection is aggregated over several-minute windows, which removes the precision required to make this a reliable indicator. Additionally, long-lived connections and connections that appear on the boundaries of batches of logs will defeat this heuristic. There are other factors to consider, such as source port vs destination port. You can also compare the count of distinct peers for a given endpoint IP address and port. Prisma™ Cloud evaluates all of these conditions, plus others, with a weight given to each measure and a historical bias. However, these measures are heuristics and are therefore not perfect.
- Why do we need to list permissions for Key Vault in Azure?To support policies based on Azure Key Vault, Prisma Cloud needs to ingest Key Vault. Prisma Cloud does not ingest the keys or secretsonly their IDs and other metadata.
- Which SAML binding should I use for SSO?The Prisma Cloud SAML endpoint supports HTTP POST binding.
Password and Help
- What are the rules for password similarity and reuse in Prisma Cloud?When you create a new password, we check for its similarity with the current password. The measure of similarity between the new and the current and old password strings is determined by the minimum number of single-character edits, such as insertions, deletions, substitutions that are required to change one word in to another. We do not accept the new password string if the similarity with the current or old passwords is 70% or higher.Example: If your current password isMenloPark.123!, then you cannot useM3nl0P@rk.123!but you could useParkMenlo.123!.
- What are the complexity requirements for creating Prisma Cloud passwords?Passwords must have a minimum of 8 characters and a maximum of 30 characters and include one or more of each of the following: an uppercase letter, a lowercase letter, a digit (0 to 9), and a special character (“~”, “`”, “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(”, “)”, “-”, “_”, “+”, “=”, “{”, “}”, “[”, “]”, “|”, “\”, “:”, “;”, “’”, “,”, ““”, “.”, “<”, “>”, “?”, and “/”).
- Help iconCheck to ensure that your browser allows pop-ups. Check whether your advertisement blocking software is blocking Prisma Cloud and, if so, add the URL for your Prisma Cloud instance and app.pendo.io to the allow list. Check and disable any local firewall rules or proxies that are blocking either or both of these URLs.
- Where do I submit documentation requests or report errors in the documentation?Please let us know how we are doing at documentation@paloaltonetworks.com. When writing to us about a documentation error, please include the URL for the page where you see the issue.
- Where do I find documentation for the Compute tab for securing host, container, and serverless functions?If you are using the Prisma Cloud Enterprise edition license, see Prisma Cloud Administrator’s Guide (Compute). If you are using Prisma Cloud Compute Edition license and are deploying and hosting it on your own, see Prisma Cloud Compute Edition Administrator’s Guide.
- How do I get technical help or open a support case?Check the discussions on the Palo Alto Networks Live Community, and to open a support case, log in to the Customer Support Portal.
Policy and Alerts
- What happens when I have two alert rules for the same conditions—one with and one without auto remediation?The alert rule with auto remediation enabled takes precedence and the violation is automatically resolved.
- With which threat intelligence feeds does Prisma Cloud integrate?Prisma Cloud provides users with comprehensive threat intelligence and vulnerability data sourced across multiple unique sources:
- Prisma Cloud Intelligence Stream: Our own collection of 30-plus upstream data sources across commercial, open-source and proprietary feeds; offering vulnerability data for hosts, containers and functions as well as malware and IP-reputation lists.
- Palo Alto Networks sources: In addition to AutoFocus, Prisma Cloud integrates with WildFire for malware scanning as part of data security capabilities.When combined with AutoFocus, Prisma Cloud enables unmatched alert accuracy with the risk clarity required to effectively protect today’s highly dynamic, distributed cloud environments.
- Third-party sources: Prisma Cloud integrates with data provided from Qualys, Tenable, AWS GuardDuty, AWS Inspector and others to provide a single view into risk within cloud environments.
Each threat intelligence feed provides a classification for each of the IP addresses they include, and Prisma Cloud uses this data to identify bad actors. Some IP addresses that have been known to launch Command and Control traffic or DDOS attacks, are classified as outright malicious. Other IP addresses are listed as suspicious, and these have demonstrated patterns of association with other malicious sites or have indicators—file properties, behaviors, and activities— that are suspicious or highly suspicious. For details on AutoFocus, see AutoFocus artifacts. - How often does Prisma Cloud retrieve data from cloud services that provide automated security assessment or threat detection?If you set up an integration with Qualys, Tenable, Amazon GuardDuty, or AWS Inspector for additional context on risks in the cloud, Prisma Cloud retrieves data from these services periodically. The data from Qualys and Tenable is retrieved every hour; the data from AWS Inspector and Amazon GuardDuty is retrieved at every ingestion cycle.
- After I update a config policy query, how long does it take to automatically resolve alerts that no longer match this policy?When a Config-based policy query is changed, all the alerts generated by this policy are re-evaluated at the next scan. Alerts that are no longer valid because of the policy change are automatically resolved.
- What is the list of web applications that Prisma Cloud automatically classifies?Port NumberApplication Classification0ICMP21FTP22SSH23TELNET25SMTP53DNS80Web (80)88Kerberos111RPC (111)135RPC (135)143IMAP389LDAP443Web (443)444SNPP445Generic (445)514Syslog587SMTP636LDAP (TLS)995IMAP1433SQL Server1515OSSEC1521Oracle2376Docker TLS3128Web Proxy3268Active Directory (GC)3306My SQL3389RDP5050Mesos Server5432Postgres5439Redshift5671RabbitMQ5672RabbitMQ5900VNC6168Generic (6168)6379Redis7200Generic (7200)7205Generic (7205)7210MaxDB8000HTTP (8000)8080HTTP (8080)8140Puppet8332Bitcoin8333Bitcoin8443HTTP (8443)8545Ethereum (8545)8888HTTP (8888)9000Generic (9000)9006Web (9006)9092Kafka9300Elastic Search9997Splunk Logger15671RabbitMQ WebUI15672RabbitMQ WebUI27017MongoDB29418Git30000Generic (30000)30303Ethereum (30303)52049NFS55514Syslog60000Generic61420Minuteman LB61421Minuteman LB61668Generic (61668)
Recommended For You
Recommended Videos
Recommended videos not found.