What is Included with Prisma Cloud Data Security?
Table of Contents
Prisma Cloud Enterprise Edition
Expand all | Collapse all
-
- Prisma Cloud
- Prisma Cloud License Types
- Prisma Cloud—How it Works
- Get Prisma Cloud From the AWS Marketplace
- Get Prisma Cloud From the GCP Marketplace
- Access Prisma Cloud
- Prisma Cloud—First Look
- Prisma Cloud—Next Steps
- Enable Access to the Prisma Cloud Console
- Access the Prisma Cloud REST API
- Prisma Cloud FAQs
-
- Cloud Account Onboarding
-
- Onboard Your AWS Organization
- Onboard Your AWS Account
- Configure Audit Logs
- Configure Flow Logs
- Configure Data Security
- Configure DNS Logs
- Configure Findings
- Update an Onboarded AWS Organization
- Add AWS Member Accounts on Prisma Cloud
- Update an Onboarded AWS Account
- Update an Onboarded AWS Account to AWS Organization
- AWS APIs Ingested by Prisma Cloud
- Troubleshoot AWS Onboarding Errors
- Prisma Cloud on AWS China
- Manually Set Up Prisma Cloud Role for AWS Accounts
- Automate AWS Cloud Accounts Onboarding
-
- Connect your Azure Account
- Connect your Azure Tenant
- Connect an Azure Subscription
- Connect an Azure Active Directory Tenant
- Authorize Prisma Cloud to access Azure APIs
- Update Azure Application Permissions
- View and Edit a Connected Azure Account
- Troubleshoot Azure Account Onboarding
- Microsoft Azure API Ingestions and Required Permissions
-
- Prerequisites to Onboard GCP Organizations and Projects
- Onboard Your GCP Organization
- Onboard Your GCP Projects
- Flow Logs Compression on GCP
- Enable Flow Logs for GCP Organization
- Enable Flow Logs for GCP Project
- Update an Onboarded GCP Account
- Create a Service Account With a Custom Role
- GCP API Ingestions
- Cloud Service Provider Regions on Prisma Cloud
-
- Prisma Cloud Administrator Roles
- Create and Manage Account Groups on Prisma Cloud
- Create Prisma Cloud Roles
- Create Custom Prisma Cloud Roles
- Prisma Cloud Administrator Permissions
- Manage Roles in Prisma Cloud
- Add Administrative Users On Prisma Cloud
- Add Service Accounts On Prisma Cloud
- Create and Manage Access Keys
- Manage your Prisma Cloud Profile
-
- Get Started
- Set up ADFS SSO on Prisma Cloud
- Set up Azure AD SSO on Prisma Cloud
- Set up Google SSO on Prisma Cloud
- Set up Just-in-Time Provisioning on Google
- Set up Okta SSO on Prisma Cloud
- Set up Just-in-Time Provisioning on Okta
- Set up OneLogin SSO on Prisma Cloud
- Set up Just-in-Time Provisioning on OneLogin
- View and Forward Audit Logs
- Define Prisma Cloud Enterprise and Anomaly Settings
- Add a Resource List on Prisma Cloud
- Adoption Advisor
-
- Prisma Cloud Alerts and Notifications
- Trusted IP Addresses on Prisma Cloud
- Enable Prisma Cloud Alerts
- Create an Alert Rule for Run-Time Checks
- Configure Prisma Cloud to Automatically Remediate Alerts
- Send Prisma Cloud Alert Notifications to Third-Party Tools
- View and Respond to Prisma Cloud Alerts
- Suppress Alerts for Prisma Cloud Anomaly Policies
- Generate Reports on Prisma Cloud Alerts
- Alert Payload
- Prisma Cloud Alert Resolution Reasons
- Alert Notifications on State Change
- Create Views
-
- Prisma Cloud Integrations
- Integrate Prisma Cloud with Amazon GuardDuty
- Integrate Prisma Cloud with Amazon Inspector
- Integrate Prisma Cloud with Amazon S3
- Integrate Prisma Cloud with AWS Security Hub
- Integrate Prisma Cloud with Amazon SQS
- Integrate Prisma Cloud with Azure Service Bus Queue
- Integrate Prisma Cloud with Cortex XSOAR
- Integrate Prisma Cloud with Google Cloud Security Command Center (SCC)
- Integrate Prisma Cloud with Jira
- Integrate Prisma Cloud with Microsoft Teams
- Integrate Prisma Cloud with PagerDuty
- Integrate Prisma Cloud with Qualys
- Integrate Prisma Cloud with ServiceNow
- Integrate Prisma Cloud with Slack
- Integrate Prisma Cloud with Splunk
- Integrate Prisma Cloud with Tenable
- Integrate Prisma Cloud with Webhooks
- Prisma Cloud Integrations—Supported Capabilities
-
- What is Prisma Cloud IAM Security?
- Enable IAM Security
- Investigate IAM Incidents on Prisma Cloud
- Cloud Identity Inventory
- Create an IAM Policy
- Integrate Prisma Cloud with IdP Services
- Integrate Prisma Cloud with Okta
- Integrate Prisma Cloud with AWS IAM Identity Center
- Remediate Alerts for IAM Security
- Context Used to Calculate Effective Permissions
What is Included with Prisma Cloud Data Security?
- Azure Blob Storage and AWS S3 support for Prisma Cloud tenants in the Canada, EMEA, Singapore, and USA regions.If you are using the Prisma Cloud tenant in Canada, Prisma Cloud Data Security will be enabled and the Data Security, Enterprise DLP, and Wildfire services will run in North America. If you have concerns regarding data sovereignty, reach out to your Prisma Cloud customer support representative.
- Freemium experience that offers 3 credits per tenant, before you are charged for using the Prisma Cloud Data Security module. When your data exceeds the freemium threshold, you use credits from the Prisma Cloud Enterprise Edition license. You can apply the free 3 credits to 600GB of exposure scanning or 100GB of sensitive and malware scanning, after which the cost will be adjusted based on scan capability. For full scan, all selected data will be scanned at5 credits/TBfor exposure, while only classifiable data and malware will be charged at30 credits/TBfor full scan (exposure, malware, and sensitivity analysis).The actual volume of compressed files is determined at the time of scanning.
- Ability to scan all or selected storage resources when you onboard your Azure subscription account(s) and AWS account(s) on Prisma Cloud. You can choose to enable a forward or backward scan when you add the cloud account.The default scan quota for each tenant is 1500 credits; this quota allows you to control how much data is scanned so that you can align your organizational DLP budget with the amount of data that is scanned. This 1500 credits limit is adjustable and you can open a support ticket with Prisma Cloud Customer Success to increase it and balance your costs, while also ensuring that you’re using Prisma Cloud Data Security to scan the file types that you want to secure.Prisma Cloud Data Security needs to read objects stored on your AWS S3 buckets for scanning them. The encryption types supported are—Amazon S3 created and managed keys (SSE-S3), and AMS KMS keys that are AWS Managed or Customer Managed.If you use the AWS Key Management Service with Customer Managed Keys (CMK), when you assign the correct permissions to the Prisma Cloud IAM role, Prisma Cloud can scan files in S3 buckets that are encrypted using customer managed encryption keys.
- For AWS, Prisma Cloud provides visibility, exposure, and classification of S3 buckets and objects on the new Data Dashboard, Data Inventory, and Object Explorer.
- S3 objects in standard storage class only are ingested for scanning.
- For malware scanning:
- The uncompressed file size must be less than 100MB. For example, if the file size is more than 100MB, but was compressed to under 100MB the file will not be successfully scanned.
- For data classification scanning:
- The size of .avro, .csv, .json, .ORC, .parquet, and .txt files must be less than 2.5GB.
- For all other Supported File Sizes and Types—Prisma Cloud Data Security file types, the uncompressed file size must be less than 20MB. For example, if the file size is more than 20MB, but was compressed to under 20MB the file will not be successfully scanned.
- For ML-based classification scanning, the file size must be less than 1MB.Prisma Cloud Data Security uses Palo Alto Networks’ Enterprise DLP and WildFire services to process and scan S3 objects for sensitive data and malware. When S3 objects are sent to Enterprise DLP for analysis, these objects are stored temporarily in Prisma Cloud’s S3 buckets for less than 24 hours, and then deleted. Additionally, the files with .avro, .ORC, and .parquet extensions are stored up to 7 days. Enterprise DLP does not retain any data after it provides a data classification verdict on your files. Files processed by WildFire follow the standard retention policy for Wildfire.
- For Azure, Prisma Cloud supports the following data types and sizes:
- For data classification scanning, the file size must be less than 20MB.
- For malware scanning, the file size must be less than 20MB.
- Exposure Evaluation for all file types.Prisma Cloud does not provide support for .avro, .csv, .json, .ORC, .parquet, and .txt file types in Azure.
- Default Data policies to detect public exposure of sensitive information. The data policies generate alerts on Prisma Cloud and you can set up notification to external integration channels supported on Prisma Cloud. In addition, you can create custom data profiles and patterns and use them in policies to scan content for your security needs.
- Integration with Config RQL to show all objects in a storage resource, including exposure, data profile and malware detection in the Resource Explorer.
- Alerts for Data Security policy violations can be forwarded to your integrations with Amazon SQS, Webhook, Splunk, and Azure Service Bus only.