Prisma™ Cloud Release Notes
    : Features Introduced in September 2022
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Release Notes
    5. Prisma Cloud Compute Release Information
    6. Features Introduced in September 2022
    Download PDF

    Prisma™ Cloud Release Notes

    Features Introduced in September 2022

    Table of Contents

    Features Introduced in September 2022

    Learn about the new Compute capabilities on Prisma™ Cloud Enterprise Edition (SaaS) in September 2022.
    The host, container, and serverless capabilities on the
    Compute
     tab are being upgraded on Prisma Cloud Enterprise Edition on October 2, 2022. When upgraded, the version will be 22.06.213.

    New Features in Prisma Cloud Compute

    Feature
    Description
    HTTPS Proxy Support for Agentless Scanning
    Agentless scanning now supports connections over an HTTPS proxy server. If you use custom certificates for authentication, you can now configure custom certificates for the connection to Console when using Agentless scanning.
    Support for Embedding a Defender in a CloudFormation Fargate Task
    Prisma Cloud Compute now supports embedding a Defender to a CloudFormation Fargate task in the YAML format, in addition to the JSON format. You can use a full CloudFormation template that contains other objects in addition to the Fargate task to generate a protected Fargate task definition.
    Use the Console (
    Compute
    Manage
    Defenders
    Deploy
    Defenders
    ) or the APIs (/api/22.06/defenders/fargate.yaml, /api/22.06/defenders/fargate.json) to complete the workflow.
    Cloud Native Network Segmentation
    The Cloud Native Network Firewall (CNNF) is now renamed as Cloud Native Network Segmentation (CNNS) in
    Compute
    Radars
    Settings
     , and you can create policies for enforcing Layer 4 communication from hosts and containers on
    Compute
    Defend
    CNNS
    .
    Update for CVE-2022-36085
    As part of the 22.06.213 release, Prisma Cloud has rolled out an update to the vulnerability data stream for CVE-2022-36085. After updating to the enhanced intelligence feed, you may see alerts on vulnerabilities in Prisma Cloud components and Defender images of releases 22.06 or older versions. We have determined that Prisma Cloud components are not impacted by these vulnerabilities. There is no risk to continue running any of the supported Prisma Cloud releases.

    Addressed Issues

    ISSUE
    DESCRIPTION
    PCSUP-10988
    Fixed an internal error that failed to refresh the vulnerability statistics under
    Compute
    Monitor
    Vulnerabilities
    Vulnerability Explorer
    .
    PCSUP-10841
    Fixed an issue with permissions in the AWS Gov template for agentless scanning.
    PCSUP-10791
    Fixed an issue with editing WAAS rules. On upgrade to 22.06, you could not update or modify WAAS rules configured to protect the same port for multiple protocols, such as TLS, HTTP2, and gRPC.With this fix, such rules can now be modified.
    PCSUP-10632
    Fixed an issue that caused Defender to incorrectly report the Host OS as SLES15SP1 instead of SLES15.
    PCSUP-10507
    Fixed two issues with Defenders running on containerd/CRI-O nodes:
    Defenders attempted to scan host file systems during image scans for containers that changed to the host mount namespace. This issue is fixed.
    Defenders attempted to scan the host filesystem as some parent directory was a symlink. The issue was fixed by ignoring the images scans running from the host namespace to avoid false binary detections.

    Supported Host Operating Systems and Orchestrators

    Review the full system requirements for all supported operating systems and orchestrators.
    TYPE
    DESCRIPTION
    Additional Orchestrators on x86 Architecture
    • Google Kubernetes Engine (GKE) version 1.24.2 with containerd version 1.6.6
    • Elastic Kubernetes Service (EKS) version 1.6.6
    • Azure Kubernetes Service (AKS) with containerd version 1.6.4+azure-4 running on Linux
    • AKS version 1.24.3 running with containerd version 1.6.6+azure on Windows
    • Lightweight Kubernetes (k3s) version v1.24.4+k3s1 with containerd v1.6.6-k3s1
    • Openshift version 4.11 with CRIO /1.24.1
    • Rancher Kubernetes Engine (RKE) version 1.24.4+rke2r1 with containerd 1.6.6-k3s1

    End of Support Notifications

    Notices
    Maven system dependencies
    With the End of Support for Maven system dependencies, Defender injection for Java functions is now implemented using the bundle as a Maven internal repository. With this update,
    <systemPath>
     dependency is no longer used.
    Compile dependency in Gradle 7.0
    With the End of Support for compile dependency in Gradle 7.0, Defender injection for Java functions is updated to an implementation dependency using an internal repository.

    Breaking Change Notification

    Breaking Change in Lagrange
    On upgrade to the next release, code named Lagrange that is planned for the end of this CY, if you have configured an alert profile on
    Compute
    Manage
    Alerts
     and enabled
    Image vulnerabilities (registry and deployed)
     and
    Immediately alert for deployed resources
    , you will now receive immediate alerts for vulnerable registry images along with immediate alerts for deployed images.
    The volume of immediate alerts that are generated maybe much higher than what you’ve seen in the previous releases because support for immediate alerting for registry images is being added in Lagrange. With this change, the
    Image vulnerabilities (registry and deployed)
     option is being separated into two:
    Deployed images vulnerabilities
     and
    Registry images vulnerabilities
    , and both these triggers will be automatically enabled on upgrade, if the original trigger was enabled in the alert profile.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.