: Features Introduced in June 2023

Features Introduced in June 2023

Table of Contents

Features Introduced in June 2023

Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in June 2023.
The host, container, and serverless capabilities on the
tab are being upgraded starting on June 25, 2023. When upgraded, the version will be 30.02.123.

New Features in Prisma Cloud Compute

CVE Coverage Update
As part of the 30.00 release, Prisma Cloud has rolled out updates to its vulnerability data for Common Vulnerabilities and Exposures (CVEs) in the Intelligence Stream. The new additions are as follows:
Container Runtime Types in Defender Deployment Workflow
The Defender deployment workflows now support Docker, CRI-O, and Containerd container runtime types.
When installing a Defender using twistcli, pass the --container-runtime flag with the selecttion for the runtime that you use - docker, cri-o, or containerd.
Support custom compliance checks
Added support for custom compliance checks on clusters running containerd runtime.
Added Support for Managed Identities in Azure
Added support for Azure Managed Identities to authenticate any Azure resources that support AD authentication without adding keys in Prisma Console. To use this authentication method, add an Azure role with required permissions to scan the resources under
Manage > Cloud accounts
Support for New Operating Systems
Windows Server 2016
Reinstating the support for Defenders on Windows 2016. For details on the extended support from Microsoft, see the Microsoft documentation.
Added new NAT gateway IP addresses
Prisma Cloud is adding new NAT IP addresses for the Compute SaaS Console Region in GCP. The egress IPs for connections from The Compute SaaS Console to the internet in us-east 1 (South Carolina) are: and
Make sure to add these IP addresses to your allow list. These IP addresses will be added to the documentation.
New Features in Agentless Security
Encrypted volumes support in GCP with hub mode
This feature adds the capability to scan encrypted volumes in GCP with agentless scanning when using hub mode.
New Features in Host Security
Change in the format of runtime events information used in notification webhooks
Replaced the aggregated and rest macros with the following macros:
  • aggregatedAlerts: Returns the aggregated audit events in JSON format. It represents the same data as the old aggregated macro but in JSON format instead of text.
  • dropped: Returns the number of alerts that were dropped after the aggregation buffer has reached its limit.
This change fixes an issue where some of the aggregated alerts were missing fields like ContainerID, Namespace, and User.
The aggregated and rest macros are still available but are being deprecated after the two upcoming releases following our deprecation notice policy. For existing settings of alert providers, you must edit the alert structure and use the new macros.

API Changes

Add Backward Compatibility to api/v1/cloud/discovery/entities
API endpoint is now available as a supported and backward-compatible route to view the cloud discovered entities.
Monitor the status of an OnDemand and Regular registry scan
The new API endpoint
is available to view the progress of onDemand and regular ongoing registry scans. Set the request parameter
to true to view progress of an ongoing on-demand scan. By default,
is set to false and shows the progress of a regular scan.

Breaking Changes in API

Defender APIs modified to support the containerd runtime
The following APIs have been enhanced to include support for the containerd runtime in addition to the existing Docker and CRI-O runtimes:
The cri boolean parameter (in the common.DaemonSetOptions schema) in the above endpoints has been replaced by the common.ContainerRuntime schema in the 30.02 release, as shown below:
Old (30.01 and earlier releases)
Example request schema showing
set to a boolean value
for Docker and CRI-O:
{ "consoleAddr":"", "namespace":"twistlock", "orchestration":"kubernetes", "selinux":false, "cri":true, "privileged":false, "serviceAccounts":true, "istio":false, "collectPodLabels":false, "proxy":null, "taskName":null, "gkeAutopilot":false }
New (in release 30.02)
From 30.02, you can set the following values for container runtime:
  • containerd
  • crio
  • docker
Example request schema showing
is replaced with
{ "consoleAddr":"", "namespace":"twistlock", "orchestration":"kubernetes", "selinux":false, "containerRuntime":"containerd", "privileged":false, "serviceAccounts":true, "istio":false, "collectPodLabels":false, "proxy":null, "taskName":null, "gkeAutopilot":false }
You must update existing scripts that use either of the two endpoints when you upgrade to 30.02 or a future release.

Deprecation Notice

Cloud Native Network Segmentation (CNNS) Deprecation
The ability to create CNNS policies that Defenders use to limit traffic from containers and hosts is being deprecated. The configuration settings on the console (
Compute > Defend > CNNS
) and the corresponding APIs for CNNS will be removed in the next major release. Radar has a container and a host view, where you can view the network topology for your containerized apps and hosts respectively, and this will continue to be available.
List of deprecated API endpoints:
Macros for Runtime Events Webhooks
The aggregated and rest macros will be deprecated. For the existing webhook alerts, you can edit the custom JSON body and replace #aggregated macro with #aggregatedAlerts and #rest macro with #dropped.

Recommended For You