Prisma™ Cloud Release Notes
    : Features Introduced in July 2023
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Release Notes
    5. Prisma Cloud Compute Release Information
    6. Features Introduced in July 2023
    Download PDF

    Prisma™ Cloud Release Notes

    Features Introduced in July 2023

    Table of Contents

    Features Introduced in July 2023

    Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in July 2023.
    The host, container, and serverless capabilities on the
    Compute
     tab are being upgraded starting on July 16, 2023. When upgraded, the version will be 30.03.122.

    New Features in Prisma Cloud Compute

    Feature
    Description
    Enhancements
    Package URL (pURL) Format Support for Vulnerabilities
    Prisma Cloud now adds package URLs (pURL) for packages and vulnerabilities while scanning the images using twistcli. This helps to reliably reference the same software package using a simple and expressive syntax and conventions based on familiar URLs.
    As you scan images with twistcli, you can filter the CVEs based on the pURL format in the CVE viewer.
    Registry Scan Scale Support Increased to 100k Images
    Registry image scan limit has been increased to 1,000,000 from 100,000 for all image types.
    Support for GitLab Container Registry
    Added support for scanning GitLab Container Registry without using admin credentials to manage and get a full list of all container registries/images.
    New Features in Agentless Security
    Malware Support through Wildfire Integration
    Added enhanced malware agentless scanning through an integration with Palo Alto Networks Advanced WildFire, the industry’s leading malware scanning feed. Malware scanning is supported across all Cloud Service Providers for Linux and Windows hosts and Linux container images, covering files suspected as Malware or Grayware. Malware scanning supports ELF binaries in Linux and supports binaries and shared libraries in Windows, providing comprehensive protection.
    Scan Errors Visibility Improvements in Agentless Scanning
    To get the most out of agentless scanning, this update categorizes issues during the agentless scan process, provides detailed information on their nature, source, and troubleshooting steps, and offers a seamless user interface experience. Easily understand and resolve issues, improving scan coverage and streamlining your scanning process.
    As a side effect, this update might display erroneous scan details, that would be auto-remediated by a maximum of 2 agentless scan cycles.
    Added Support for Parallel Agentless Scans of Accounts/Regions
    Added the ability for agentless scanning to scan accounts and regions within those accounts in parallel.
    The changes include the following enhancements.
    • The UI shows the status of an ongoing scan for specific accounts. For example scanning or completed.
    • You can see the general progress of an ongoing scan on the Compute Cloud Accounts page instead of in the progress bar.
    • Your hub account is treated as an account dedicated for agentless scanning, which is used only to scan other accounts, and no longer scans itself.
    • You can manage the agentless scanning configuration centrally for all target accounts in the hub account configuration. You aren’t required to duplicate the configuration across all target accounts. For example, you can set custom networking configuration only on the hub account.
    New Features in Host Security
    Enhanced the Syslog to include the same fields as the API
    Added fields to enhance the syslog output in alignment with the API call responses. Fields were added for container runtime audits, host runtime audits, container incidents, and host incidents.

    API Changes

    CHANGE
    DESCRIPTION
    Registry Settings API supports GitLab Container Registry
    Starting with 30.03, you no longer need to add GitLab Container Registry through Docker V2 registry which required administrative permissions to scan all images.
    You can now directly add GitLab Container Registry in the POST, settings/registry endpoint by using the new schema gitlabRegistrySpec in the request body.
    To add, you must specify the following parameters:
    • version
      : Specify the value
      gitlab
       for GitLab Container Registry.
    • registry
      : Specify the GitLab registry URL address. Example, for native registries, you can specify the address as "https://registry.gitlab.com"
    • credentialID
      : Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has atleast the
      read_api
       scope.
    • gitlabRegistrySpec
      : Specify at least one of the following fields:
    • userID
      : Specify your GitLab user ID to add all registries associated with it.
    • projectIDs
      : Specify the project IDs to add all registries associated with a GitLab project.
    • groupIDs
      : Specify the group ID to add all registries associated with a GitLab group.
    • excludedGroupIDs
      : Specify the top-level group IDs that you don’t want to add.
    Old (30.02 and earlier releases)
    Example request body schema:
    {
    "version": "2",
    "registry": "",
    "credentialID": "<GitLab Token>",
    "repository": "library/ubuntu",
    "tag": "16.04",
    "os": "linux",
    "cap": 5,
    "scanners": 2,
    "collections": ["All"]
}
    New (in release 30.03)
    Example request body schema showing
    gitlabRegistrySpec
     that contains the
    userID
     to add and scan all registries associated with it:
    {
    "version":"gitlab",
    "registry":"https://registry.gitlab.com",
    "namespace":"",
    "repository":"",
    "tag":"",
    "credentialID":"<GitLab Token>",
    "os":"linux",
    "harborDeploymentSecurity":false,
    "collections":["All"],
    "cap":5,
    "scanners":2,
    "versionPattern":"",
    "gitlabRegistrySpec":{"userID":"14631394"}
}

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.