Features Introduced in February 2022
Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in February 2022.
The host, container, and serverless capabilities on the
Compute
tab are being upgraded on Prisma Cloud Enterprise Edition on February 27, 2022. When upgraded, the version will be 22.01.857.
New Features in Prisma Cloud Compute
Feature | Description |
New Features in the Core Platform | |
CVE Coverage Update | After updating to the enhanced intelligence feed in this release, you may see alerts on vulnerabilities in Prisma Cloud components and Defender images of releases 21.08 or older. The following vulnerabilities may cause an alert on previous releases: CVE-2021-38297, CVE-2021-41771 and CVE-2021-41772. We have determined that Prisma Cloud components are not impacted by these vulnerabilities. There is no risk to continue running any of the supported Prisma Cloud releases. To ensure these vulnerability alerts do not display, upgrade to the latest 22.01 release, where applicable. If you are not ready to upgrade right away, add an exception in the default Ignore Twistlock Components rule (under *) to suppress these vulnerability alerts. |
Intelligence Stream Update | The Intelligence Stream updates include vulnerability information for SUSE SLES 12 and 15. |
Support for Operating Systems | This release includes support for:
|
Enhanced Scoping for Vulnerability Tags | For enhanced exception and metadata reporting on vulnerabilities, Prisma Cloud allows you to granularly tag vulnerabilities based on CVE ID, package, and resources. Use the page to assign a tag to a CVE for a single package, or for all the packages affected by it. You can assign a tag to a specific resource such as ubuntu:18.04, resources defined using wildcards (for example, ubuntu:*), and to multiple resources across your environment. For container images, when you assign the tag to a base image, Prisma Cloud automatically assigns the tag to all its descendant images. |
Organization-Level Credentials for GCP | You can now use your organization-level credentials to enable Prisma Cloud to find and scan all projects in your GCP organization resource hierarchy. With the support for organization-level credentials, capabilities such as cloud discovery and registry scanning are simplified and you do not need to create credentials for each project. |
Log DNS Queries in Forensics | To investigate incidents and events that occur in your environment, the forensics capabilities with recording DNS queries are extended to include containers, hosts, and App-Embedded Defenders. |
Cortex XDR Integration | Cortex XDR is now a native alert provider to which Prisma Cloud Compute can send runtime audits and incidents. With this integration, you can now create a new profile on and send alerts to Cortex XDR.  |
Simplified Certificate Management for Console-Defender Communication | Console-Defender communication certificates are now automatically rotated one year before expiration. During the year after rotation and until expiration of the old certificates, Console communicates with Defenders using both the old and new certificates. This allows the entire deployment to continue functioning without the need for immediate redeployment of the Defenders.
 |
PII/Sensitive Information Sanitization for Runtime Events | You can now you can filter sensitive information included within Runtime events, such as commands run inside protected workloads, and ensure that it is not included in the Runtime findings (including Forensics, Incidents, Audits.) on. For protecting user privacy as well as ensuring that logs comply with relevant regulations (PCI, GDPR, HIPAA, amongst others), you have two options to scrub your sensitive Runtime data in Prisma Cloud Compute,
 |
Splunk Integration | You can now send alerts from Prisma Cloud Compute Edition Console to Splunk and consolidate alert notifications to enable your operations teams. The alert integration with Splunk uses the Splunk HTTP Event Collector and the _json source type. This enhancement is in addition to the existing Prisma Cloud Enterprise Edition integration with Splunk. |
Quicker Vulnerability Alerting | To supplement the existing vulnerability alerting mechanism, you can now send alerts as soon as new vulnerabilities are detected when:
|
Extended RBAC Across Prisma Cloud Views | RBAC capabilities across Prisma Cloud enable you to limit data only to specify users and groups based on the Resource List and Collections assignments. These enhancements restrict views after the first scan. |
New Features in Container Security | |
Kubernetes auditing enhancements for EKS and AKS | Kubernetes auditing, which ingests audit data from Kubernetes clusters to help you identify risks and security events, now supports AWS EKS clusters and Azure AKS clusters.The configuration settings on are enhanced to include AWS and Azure, in addition to the existing GCP support. Additionally, you can configure Kubernetes auditing policy rules more granularly using a cluster filter and apply rules to specific clusters. The AWS CFT on Prisma Cloud includes the additional permissions for EKS Auditing for onboarded cloud accounts. See to update the CFT stack.  |
CIS Benchmarks Support | CIS Benchmarks was extended to cover:
The newly-added compliance checks are set to ignore on preexisting compliance rules, regardless of severity. |
Compliance for containerd Containers | All CRI runtime compliance checks are now applicable for containerd containers also. This feature is not supported on Bottlerocket OS. |
Multiple Image Tags Support | Image tags are now collected and presented for image IDs with multiple, different tags.  |
AKS Windows containerd Node Support | You can now install the Windows Container Defender on your Azure Kubernetes Service (AKS) Windows nodes with containerd runtime. With Defenders deployed, you can view the running containers and images on Radar and leverage the runtime defense capabilities on Prisma Cloud Compute for these containers; Vulnerabilities and Compliance scanning are not supported yet. |
Harbor Registry Scanning Improvements | The Harbor Registry scanning performance is improved. |
OpenShift Clusters Upgrade | Seamlessly upgrade the OpenShift clusters when Prisma Cloud Defender is installed. This update will solve the issue mentioned in https://access.redhat.com/solutions/5206691. This will be supported starting with OpenShift 4.7, and Defenders v22.01. |
Defenders on VMware Tanzu TAS Isolation Segments | Support for deploying Defenders on VMWare Tanzu TAS isolation segments (Network and Compute Isolation) is now available. |
Remote VMware Tanzu Blobstores Scan | You can now scan remote VMWare Tanzu TAS blobstores located in a different cloud controller than the scanning Defender. This capability provides flexibility when defining the blobstore scanning Defenders, and eliminates the need to deploy Defenders in all TAS environments where you want to perform blobstore scanning. |
Agentless Security | Prisma Cloud Compute adds support for vulnerability scanning on running EC2 hosts on AWS. Agentless scans enable you to gain visibility into running or stopped vulnerable hosts in your cloud accounts without the need for deploying Defenders.  For your scaling needs and flexibility in protection modes, you can use Defenders and agentless scanning where convenient. Licensing for agentless scan is 1 credit per host. The AWS CFT for Monitor and Protect on Prisma Cloud includes the additional permissions for Agentless scanning on EC2 for onboarded cloud accounts. |
New Features in Host Security | |
Pre-Deployment Scan Support for Hosts on Azure and GCP | You can now scan virtual machine (VM) images on Azure and GCP to detect and harden against vulnerabilities, compliance issues, and malware at the pre-deployment stage. For example, if you have an image with the vulnerable version of the Apache log4j, the scan will detect and report this security issue before you deploy any hosts using the image. Configure automatic scanning of the VM images for public, marketplace or private libraries across your Azure subscription or GCP projects on , and review the scan results on under Vulnerabilities and Compliance . |
Collection of Cloud Provider Metadata for Windows Virtual Machines | Windows Defenders now collect and report cloud metadata the same way as Linux Defenders. Cloud metadata includes things such as the cloud provider where the Defender runs (for example, AWS), and the name of the host on which the Defender is deployed. |
New features in WAAS | |
WAAS Explorer | The new WAAS explorer dashboard on provides an overview of protection coverage, web application and API security posture, usage statistics and insights |
WAAS Event IDs | To enable findability, an Event ID will be assigned to all new WAAS events so you can reference and search within the Event Monitor .End users who are denied access to a web page can now view event IDs as part of WAAS block pages, and in a new HTTP response header (X-Prisma-Event-Id) when the option is enabled for an app on a WAAS rule on Defend WAAS .<Rulename> Advanced settings |
Custom Rules-Extended Functionality | The Allow action is now available for WAAS custom rules. When allowed, requests override actions set by other protections such as application firewall, bot protection, API protection can be applied for traffic that matches WAAS and runtime rules.The following transformation functions are available for creating custom rules - lowercase, compressWhitespace, removeWhitespace, urlQueryDecode, urlPathDecode, unicodeDecode, htmlEntityDecode, base64Decode, replaceComments, removeCommentSymbols, removeTags. |
gRPC Support | For API-based protection of gRPC messages, WAAS now supports inspection of gRPC messages. |
Scanning for Unprotected Web Applications and APIs | Support for scanning unprotected web applications and APIs on hosts is now available. Additionally, the scan for unprotected web applications and APIs for both container and hosts is enabled by default, and you have the option to now disable the scan on . |
API Observations Improvements | On , the JSON body content is now added to the learning model. Schemes will be presented as part of the observations and will be available for export in an Open API specification V3 JSON. |
Compatibility and Supportability Notifications | |
End of Support Notifications | Operating Systems
Orchestrators
Serverless Runtimes
Other
|
Information on Backward Compatibility | New features introduced in this release that will not be supported by older versions of Defenders.
|
