Prisma Cloud FAQs
Review the Prisma™ Cloud FAQ for answers to commonly
asked questions.
Account Onboarding and SSO
- Explain VPC flow logsVPC flow logs provide a unidirectional record of network traffic that inform you about how packets flowed from A to B and from B to A (as in a separate record). They provide no direct insight into which endpoint is the server in any conversation or which endpoint initiated a conversation. You could look at which flow record has a lower timestamp and assume that the source in that record is the client but, in the case of VPC flow logs, log collection is aggregated over several-minute windows, which removes the precision required to make this a reliable indicator. Additionally, long-lived connections and connections that appear on the boundaries of batches of logs will defeat this heuristic. There are other factors to consider, such as source port vs destination port. You can also compare the count of distinct peers for a given endpoint IP address and port. Prisma™ Cloud evaluates all of these conditions, plus others, with a weight given to each measure and a historical bias. However, these measures are heuristics and are therefore not perfect.
- Why do we need to list permissions for Key Vault in Azure?To support policies based on Azure Key Vault, Prisma Cloud needs to ingest Key Vault. Prisma Cloud does not ingest the keys or secrets—it ingests only their IDs and other metadata.
- Which SAML binding should I use for SSO?The Prisma Cloud SAML endpoint supports HTTP POST binding.
Password and Help
- What are the rules for password similarity and reuse in Prisma Cloud?When you create a new password, we check for its similarity with the current password. The measure of similarity between the new and the current and old password strings is determined by the minimum number of single-character edits,suchas insertions, deletions, and substitutions that are required to change one word into another.We do not accept the new password string if the similarity with the current or old passwords is 70% or higher.Example: If your current password isMenloPark.123!, then you cannot useM3nl0P@rk.123!but you could useParkMenlo.123!.
- What are the complexity requirements for creating Prisma Cloud passwords?Passwords must havea minimum of 8 characters and a maximum of 30 charactersand include one or more of each of the following: an uppercase letter, a lowercase letter, a digit (0 to 9), and a special character (“~”, “`”, “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(”, “)”, “-”, “_”, “+”, “=”, “{”, “}”, “[”, “]”, “|”, “\”, “:”, “;”, “’”, “,”, ““”, “.”, “<”, “>”, “?”, and “/”).
- Help icon in the bottom right corner is not visibleand the application does not launch pages after I click the Help Icon. What should I do?Check toensure that your browser allows pop-ups. Check whether your advertisement blocking software is blocking Prisma Cloud and,if so, whitelist the URL for your Prisma Cloud instance and app.pendo.io. Check and disable any local firewall rules or proxies that are blocking either or both of these URLs.
- Where do I submit documentation requests or report errors in the documentation?Please let us know how we are doing at documentation@paloaltonetworks.com. When writing to us about a documentation error, please include the URL for the page where you see the issue.
- Where do I find documentation for the Compute tab for securing host, container, and serverless functions?If you are using the Prisma Cloud Enterprise edition license, seePrisma Cloud Administrator’s Guide (Compute). If you are using Prisma Cloud Compute Edition license and are deploying and hosting it on your own, see Prisma Cloud Compute Edition Administrator’s Guide.
Policy and Alerts
- What happens when I have two alert rules for the same conditions—one with and one without auto remediation?The Alert Rule with auto remediation enabled takes precedence and alerts are automatically resolved.
- With which threat intelligence feeds does Prisma Cloud integrate?Prisma Cloud integrates with the threat intelligence feeds from Facebook ThreatExchange, AWS GuardDuty, and AWS Inspector to help you turn your threat data into actionable intelligence and to focus on what is relevant to your deployments.
- How often does Prisma Cloud retrieve data from cloud services that provide automated security assessment or threat detection?If you set up an integration with Qualys, Tenable, Amazon GuardDuty, or AWS Inspector for additional context on risks in the cloud, Prisma Cloud retrieves data from these services periodically. The data from Qualys and Tenable is retrieved every hour;the data from AWS Inspector and Amazon GuardDuty is retrieved at every ingestion cycle.
- After I update a config policy query, how long does it take to automatically resolve alerts that no longer match this policy?When a Config-based policy query is changed, all the alerts generated by this policy are re-evaluated at the next scan. Alerts that are no longer valid because of the policy change are automatically resolved.
- What is the list of web applications that Prisma Cloud automatically classifies?Port NumberApplication Classification0ICMP21FTP22SSH23TELNET25SMTP53DNS80Web (80)88Kerberos111RPC (111)135RPC (135)143IMAP389LDAP443Web (443)444SNPP445Generic (445)514Syslog587SMTP636LDAP (TLS)995IMAP1433SQL Server1515OSSEC1521Oracle2376Docker TLS3128Web Proxy3268Active Directory (GC)3306My SQL3389RDP5050Mesos Server5432Postgres5439Redshift5671RabbitMQ5672RabbitMQ5900VNC6168Generic (6168)6379Redis7200Generic (7200)7205Generic (7205)7210MaxDB8000HTTP (8000)8080HTTP (8080)8140Puppet8332Bitcoin8333Bitcoin8443HTTP (8443)8545Ethereum (8545)8888HTTP (8888)9000Generic (9000)9006Web (9006)9092Kafka9300Elastic Search9997Splunk Logger15671RabbitMQ WebUI15672RabbitMQ WebUI27017MongoDB29418Git30000Generic (30000)30303Ethereum (30303)52049NFS55514Syslog60000Generic61420Minuteman LB61421Minuteman LB61668Generic (61668)
Recommended For You
Recommended Videos
Recommended videos not found.
