Features Introduced in February 2022
Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in February 2022.
The host, container, and serverless capabilities on the
Computetab are being upgraded on Prisma Cloud Enterprise Edition on February 27, 2022. When upgraded, the version will be 22.01.857.
New Features in Prisma Cloud Compute
New Features in the Core Platform
CVE Coverage Update
After updating to the enhanced intelligence feed in this release, you may see alerts on vulnerabilities in Prisma Cloud components and Defender images of releases 21.08 or older.
The following vulnerabilities may cause an alert on previous releases: CVE-2021-38297, CVE-2021-41771 and CVE-2021-41772. We have determined that Prisma Cloud components are not impacted by these vulnerabilities. There is no risk to continue running any of the supported Prisma Cloud releases.
To ensure these vulnerability alerts do not display, upgrade to the latest 22.01 release, where applicable. If you are not ready to upgrade right away, add an exception in the default
Ignore Twistlock Componentsrule (under *
) to suppress these vulnerability alerts.
Intelligence Stream Update
The Intelligence Stream updates include vulnerability information for SUSE SLES 12 and 15.
Support for Operating Systems
This release includes support for:
Enhanced Scoping for Vulnerability Tags
For enhanced exception and metadata reporting on vulnerabilities, Prisma Cloud allows you to granularly tag vulnerabilities based on CVE ID, package, and resources.
page to assign a tag to a CVE for a single package, or for all the packages affected by it. You can assign a tag to a specific resource such as ubuntu:18.04, resources defined using wildcards (for example, ubuntu:*), and to multiple resources across your environment. For container images, when you assign the tag to a base image, Prisma Cloud automatically assigns the tag to all its descendant images.
Collections and tags
Organization-Level Credentials for GCP
You can now use your organization-level credentials to enable Prisma Cloud to find and scan all projects in your GCP organization resource hierarchy. With the support for organization-level credentials, capabilities such as cloud discovery and registry scanning are simplified and you do not need to create credentials for each project.
Log DNS Queries in Forensics
To investigate incidents and events that occur in your environment, the forensics capabilities with recording DNS queries are extended to include containers, hosts, and App-Embedded Defenders.
Cortex XDR Integration
Cortex XDR is now a native alert provider to which Prisma Cloud Compute can send runtime audits and incidents. With this integration, you can now create a new profile on
and send alerts to Cortex XDR.
Simplified Certificate Management for Console-Defender Communication
Console-Defender communication certificates are now automatically rotated one year before expiration. During the year after rotation and until expiration of the old certificates, Console communicates with Defenders using both the old and new certificates. This allows the entire deployment to continue functioning without the need for immediate redeployment of the Defenders.
PII/Sensitive Information Sanitization for Runtime Events
You can now you can filter sensitive information included within Runtime events, such as commands run inside protected workloads, and ensure that it is not included in the Runtime findings (including Forensics, Incidents, Audits.) on
For protecting user privacy as well as ensuring that logs comply with relevant regulations (PCI, GDPR, HIPAA, amongst others), you have two options to scrub your sensitive Runtime data in Prisma Cloud Compute,
You can now send alerts from Prisma Cloud Compute Edition Console to Splunk and consolidate alert notifications to enable your operations teams. The alert integration with Splunk uses the Splunk HTTP Event Collector and the _json source type.
This enhancement is in addition to the existing Prisma Cloud Enterprise Edition integration with Splunk.
Quicker Vulnerability Alerting
To supplement the existing vulnerability alerting mechanism, you can now send alerts as soon as new vulnerabilities are detected when:
Extended RBAC Across Prisma Cloud Views
RBAC capabilities across Prisma Cloud enable you to limit data only to specify users and groups based on the Resource List and Collections assignments. These enhancements restrict views after the first scan.
New Features in Container Security
Kubernetes auditing enhancements for EKS and AKS
Kubernetes auditing, which ingests audit data from Kubernetes clusters to help you identify risks and security events, now supports AWS EKS clusters and Azure AKS clusters.The configuration settings on
are enhanced to include AWS and Azure, in addition to the existing GCP support. Additionally, you can configure Kubernetes auditing policy rules more granularly using a cluster filter and apply rules to specific clusters.
CIS Benchmarks Support
CIS Benchmarks was extended to cover:
The newly-added compliance checks are set to ignore on preexisting compliance rules, regardless of severity.
Compliance for containerd Containers
All CRI runtime compliance checks are now applicable for containerd containers also.
This feature is not supported on Bottlerocket OS.
Multiple Image Tags Support
Image tags are now collected and presented for image IDs with multiple, different tags.
AKS Windows containerd Node Support
You can now install the Windows Container Defender on your Azure Kubernetes Service (AKS) Windows nodes with containerd runtime.
With Defenders deployed, you can view the running containers and images on
Radarand leverage the runtime defense capabilities on Prisma Cloud Compute for these containers; Vulnerabilities and Compliance scanning are not supported yet.
Harbor Registry Scanning Improvements
The Harbor Registry scanning performance is improved.
OpenShift Clusters Upgrade
Seamlessly upgrade the OpenShift clusters when Prisma Cloud Defender is installed. This update will solve the issue mentioned in https://access.redhat.com/solutions/5206691.
This will be supported starting with OpenShift 4.7, and Defenders v22.01.
Defenders on VMware Tanzu TAS Isolation Segments
Support for deploying Defenders on VMWare Tanzu TAS isolation segments (Network and Compute Isolation) is now available.
Remote VMware Tanzu Blobstores Scan
You can now scan remote VMWare Tanzu TAS blobstores located in a different cloud controller than the scanning Defender. This capability provides flexibility when defining the blobstore scanning Defenders, and eliminates the need to deploy Defenders in all TAS environments where you want to perform blobstore scanning.
Prisma Cloud Compute adds support for vulnerability scanning on running EC2 hosts on AWS. Agentless scans enable you to gain visibility into running or stopped vulnerable hosts in your cloud accounts without the need for deploying Defenders.
For your scaling needs and flexibility in protection modes, you can use Defenders and agentless scanning where convenient.
Licensing for agentless scan is 1 credit per host.
The AWS CFT for
Monitor and Protecton Prisma Cloud includes the additional permissions for Agentless scanning on EC2 for onboarded cloud accounts.
New Features in Host Security
Pre-Deployment Scan Support for Hosts on Azure and GCP
You can now scan virtual machine (VM) images on Azure and GCP to detect and harden against vulnerabilities, compliance issues, and malware at the pre-deployment stage. For example, if you have an image with the vulnerable version of the Apache log4j, the scan will detect and report this security issue before you deploy any hosts using the image.
Configure automatic scanning of the VM images for public, marketplace or private libraries across your Azure subscription or GCP projects on *
, and review the scan results on
Vulnerabilities and Compliance.
Collection of Cloud Provider Metadata for Windows Virtual Machines
Windows Defenders now collect and report cloud metadata the same way as Linux Defenders. Cloud metadata includes things such as the cloud provider where the Defender runs (for example, AWS), and the name of the host on which the Defender is deployed.
New features in WAAS
WAAS explorerdashboard on
provides an overview of protection coverage, web application and API security posture, usage statistics and insights
WAAS Event IDs
To enable findability, an Event ID will be assigned to all new WAAS events so you can reference and search within the
End users who are denied access to a web page can now view event IDs as part of WAAS block pages, and in a new HTTP response header (X-Prisma-Event-Id) when the option is enabled for an app on a WAAS rule on
Custom Rules-Extended Functionality
Allowaction is now available for WAAS custom rules. When allowed, requests override actions set by other protections such as application firewall, bot protection, API protection can be applied for traffic that matches WAAS and runtime rules.
The following transformation functions are available for creating custom rules - `lowercase`, `compressWhitespace`, `removeWhitespace`, `urlQueryDecode`, `urlPathDecode`, `unicodeDecode`, `htmlEntityDecode`, `base64Decode`, `replaceComments`, `removeCommentSymbols`, `removeTags`.
For API-based protection of gRPC messages, WAAS now supports inspection of gRPC messages.
Scanning for Unprotected Web Applications and APIs
Support for scanning unprotected web applications and APIs on hosts is now available.
Additionally, the scan for unprotected web applications and APIs for both container and hosts is enabled by default, and you have the option to now disable the scan on
API Observations Improvements
, the JSON body content is now added to the learning model.
Schemes will be presented as part of the observations and will be available for export in an Open API specification V3 JSON.
Compatibility and Supportability Notifications
End of Support Notifications
Information on Backward Compatibility
New features introduced in this release that will not be supported by older versions of Defenders.
Recommended For You
Recommended videos not found.