: Features Introduced in August 2023

Features Introduced in August 2023

Table of Contents

Features Introduced in August 2023

Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in August 2023.
The host, container, and serverless capabilities on the
tab are being upgraded starting on August 20, 2023. When upgraded, the version will be 31.00.129.

Defender Upgrade

Plan to Upgrade Defender Versions 22.06 and Earlier
With the v31.00.129 (Newton) release, Defender versions supported (n, n-1, and n-2) are v31.xx.xxx, v30.xx.xxx, and v22.12.xxx.
To prepare for this update, you must upgrade your Defenders from version v22.06.xx.xxx (Kepler) or earlier to a later version. Failure to upgrade Defenders will result in disconnection of any Defender version below 22.12 such as 22.06.

New Features in Prisma Cloud Compute

Expanded Support for Red Hat’s Non-RPM Content
The Prisma Cloud Intelligence Stream now includes vulnerability data on non-RPM content from Red Hat, including binaries, Python scripts, JavaScript files, and Java JAR files within layered products like OpenShift. Rather than just flagging these as vulnerable, Prisma Cloud can now leverage Red Hat’s own detailed image analysis, enhancing precision in threat detection.
Support of Registry Tags directly in Compute Collections
Added support for registry labels under collections to enable role-based access control (RBAC). The scan results for deployed images are now segregated with a
Custom label
within collections. This enhancement facilitates the association between the registry and the scanned images pertaining to that registry, along with registry-based role-based access control (RBAC) for improved security and management.
Support for Continuous Integration (CI) Scanning of Images on Linux Using Containerd
Added the ability for users to run CI scans on Linux using the containerd runtime. This change benefits customers using Kubernetes environments, which no longer support Docker as they need to perform CI scans without Docker.
GKE CIS Compliance Checks for Worker Nodes
CIS Benchmark for Google Kubernetes Engine (GKE) version 1.4.0 is now supported. This update includes compliance checks for worker nodes.

Deprecation Notice

End of Support for Docker Access Control
The Docker Access Control at
Defend > Access > Docker
and Access User role at
Manage > Authentication > Roles
were planned for End of Support in Newton (v31.00.129) as announced in 22.06 Release Notes. The deprecation is now extended until the next release Newton Update 1 (v31.01.xxx), when the feature will be no longer supported.
Support for Cloud Native Network Segmentation (CNNS)
The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts was planned for End of Support in this release v31.00.129. The deprecation notice is now extended until the next major release code named O’Neal (v32.0.xxx). The configuration settings on the console (
Compute > Defend > CNNS
) and the corresponding APIs for CNNS will be dropped in v32.0.xxx.
Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this will continue to be available.
List of API endpoints that are no longer supported:
Support for Code Repo Scanning
Scanning your code repositories from the Prisma Cloud Compute Console at
Compute > Monitor> Vulnerabilities > Code repositories
and use of Twistcli for code repo scanning was planned for End of Support in this release v31.00.129. The deprecation notice is now extended until the next major release code named O’Neal (v32.0.xxx), when the support will be dropped.
You must now use the
Code Security
capabilities on Prisma Cloud to scan IaC templates, code repositories, and CI pipelines for misconfigurations and vulnerabilities.

API Changes

Support and Identification of Registry Asset in Registry Scan
Starting with 31.00, the value in the field
for an object returned in the API endpoint response
GET, api/vVERSION/registry
is now
instead of
31.00 and onwards:
type shared.ScanType Possible values: [registry,ciImage,container,host,agentlessHost,registry,serverlessScan,ciServerless,vm,tas,ciTas,cloudDiscovery,serverlessRadar,serverlessAutoDeploy,hostAutoDeploy,codeRepo,ciCodeRepo]
30.03 and earlier:
type shared.ScanType Possible values: [image,ciImage,container,host,agentlessHost,registry,serverlessScan,ciServerless,vm,tas,ciTas,cloudDiscovery,serverlessRadar,serverlessAutoDeploy,hostAutoDeploy,codeRepo,ciCodeRepo]

Recommended For You