Features Introduced in January 2022

Learn what’s new on Prisma™ Cloud Microsegmentation in January 2022.
Review the new Microsegmentation features in the January releases.
Standardization of Tag Names
To drive consistency in tag-naming conventions, Prisma Cloud will add prefixes to standardize the ingestion of tags based on the source.
On AWS, all user defined tags will be tagged as cloud:aws:<user_tag>Example: cloud:aws:app=
On Azure, all user defined tags will be tagged as cloud:azure:<user_tag>Example: cloud:azure:app=
On GCP, all user defined tags will be tagged as cloud:gcp:<user_tag> The tags will retain the existing capability to indicate if it pertains to an instance or a project.Example: cloud:gcp:instance:app= or cloud:gcp:project:app=
On K8s, all user defined tags will be tagged as k8s:<user_tag>Example: k8s:app=
On Docker, all user defined tags will be tagged as docker:<user_tag>Example: docker:app=
For Enforcer tags (all user defined tags will be tagged as enforcer:<user_tag>Example: enforcer:app=
We recommend that you modify all your existing rulesets to use the new standardized tag format, to allow or deny communication and access to resources.
This will enable you to be ready for the specific release where the new tag format will be enforced, and support for existing tags will be removed in a future release.
Application Profiling Enhancements
The application profiling capabilities on the
App Dependency Map
are enhanced to support:
Flow direction awareness—Identifies whether flows are unidirectional—only source "A" can initiate connections against destination "B"— or bidirectional.
Protocol/port awareness—Recommends what protocol/ports to enable for the ruleset.
Improved Ruleset naming suggestions—Suggests more unique tags to name each ruleset, to help make it more descriptive of the purpose of the ruleset.
Support for the Kubernetes API Server
You can now deploy the Kubernetes API server when installing the Enforcer, so that you can use the kubectl Command Line Interface (CLI) or Helm charts to access the Prisma Cloud Identity-Based Microsegmentation API. If your automation and DevSecOps teams rely on kubectl, you can use the API server to access the Microsegmentation API.
After deploying the API server with the
flag during the Enforcer installation, you can review the available API resources with the command
kubectl api-resources --api-group=network.prismacloud.io

Recommended For You