Features Introduced in April 2019

Learn what’s new on Prisma™ Cloud in April 2019.

Features Introduced on April 25, 2019

Learn what’s new on April 25, 2019.

New Features

Features
Description
PagerDuty Integration
Integrate the Prisma Cloud with PagerDuty to aid with alerting, on-call scheduling, escalation policies and incident tracking to increase uptime of your apps, servers, websites and databases. Sending Prisma Cloud alerts to the PagerDuty service enables your incident response teams to investigate and remediate the security incidents more promptly.
AWS Security Hub Integration (Beta)
Integrate the Prisma Cloud with AWS Security Hub for centralized visibility into security and compliance risks of your cloud assets on the AWS Security Hub console. When you enable this integration, as Prisma Cloud monitors your assets on your AWS cloud, it sends alerts on resource misconfigurations, compliance violations, network security risks, and anomalous user activities directly to the Security Hub console so that you have a comprehensive view of your cloud assets deployed on your AWS accounts.
API Ingestion
Prisma Cloud now ingests the following new services to help build Config queries for investigating and analyzing data:
  • aws-ec2-autoscaling-launch-configuration
  • aws-elasticbeanstalk-environment
  • aws-cognito-identity-pool
  • aws-vpc-dhcp-options
  • aws-rds-db-cluster-snapshots
  • aws-ssm-paramater
To successfully ingest the data required for these new APIs, Prisma Cloud role needs some additional permissions.
elasticbeanstalk:ListTagsForResource
cognito-identity:ListTagsForResource
cognito-idp:ListTagsForResource
ssm:GetParameters
ssm:ListTagsForResource
Update your CloudFormation template to make sure that Prisma Cloud service has necessary permissions.
For a complete list of AWS APIs ingested by Prisma Cloud, see AWS APIs ingested by Prisma Cloud.

Policy Updates

Policy
Description
GCP Kubernetes Engine Clusters not configured with private nodes
Identifies Kubernetes Engine Clusters which are not configured with private nodes.
GCP Kubernetes Engine Clusters using the default network
Identifies GCP Kubernetes Engine Clusters which are configured with the default network.
GCP Kubernetes Engine Clusters have Binary authorization disabled
Identifies GCP Kubernetes Engine Clusters which have disabled binary authorization.
AWS DynamoDB encrypted using AWS owned CMK instead of AWS managed CMK
Identifies the DynamoDB tables that use AWS owned CMK (default) instead of AWS managed CMK (KMS) to encrypt data.

Features Introduced on April 18, 2019

Learn what’s new on April 18, 2019.

New Features

Features
Description
New Regions Supported on GCP
Prisma Cloud now ingests data from two new cloud locations for Google Cloud Platform (GCP)— Hong Kong and Switzerland. You can now use these two regions in the
cloud.region
filter when writing RQL queries.
gcp-regions.png
Creation of ServiceNow Security Incident tickets
When you integrate Prisma Cloud with ServiceNow, you can now directly create a Security Incident ticket (sn_si_incident table) for an alert. To create Security Incident tickets, instead of incident tickets on ServiceNow, when you
Enable Security Incidents
, Prisma Cloud verifies that you have installed the Security Incident Response plugin on ServiceNow.
servicenow-enable-security-incidents.png

Policy Updates

Policy
Description
AWS EC2 instances with Public IP and associated with Security Groups have Internet Access
Identifies AWS EC2 instances with Public IP and associated with Security Groups have Internet Access
AWS EC2 instances allowing public IP in subnets
Identifies the EC2 instances which are allowing public IP in their subnets.
AWS CloudFormation Template contains globally open resources
Identifies CloudFormation template that when launched will result in resources allowing global network access.
Azure Resource Group does not have a resource lock
Identifies Azure Resource Groups that do not have a lock set.
Azure Container Registry does not use a dedicated resource group
Identifies ACRs that reside in resource groups that contains non-ACR resources.
Azure Container Registry using the deprecated classic registry
Identifies an Azure Container Registry (ACR) that is using the classic SKU.
Azure Key Vault secrets have no expiration date
Identifies Azure Key Vault secrets that do not have an expiry date
Azure Key Vault Keys have no expiration date
Identifies Azure Key Vault keys that do not have an expiration date.

Features Introduced on April 12, 2019

Learn what’s new on April 12, 2019.

New Features

This release of Prisma™ Cloud includes these improvements:
Features
Description
Webhooks Integration
To extend support for external integrations, Prisma Cloud can now integrate with webhooks and pass information to any third-party integrations that are not natively supported on Prisma Cloud. With a webhook integration you can configure Prisma Cloud to send information to the webhook as an HTTP POST request, as soon as an alert is generated. And if you have internal services or applications that subscribe to the webhook, these subscribing clients can get data immediately in the JSON format and you can see Prisma Cloud alerts in your own application. And with the webhooks integration you can use existing workflows for security management.
Prisma Cloud on the Palo Alto Networks Marketplace
You can now purchase or try the Prisma Cloud service from the Palo Alto Networks Marketplace. You can either purchase or evaluate the Enterprise edition or just purchase the Business edition and start securing your cloud infrastructure.
Prisma Cloud on the AWS Marketplace
You can now purchase or try the Prisma Cloud service from the AWS Marketplace. The ability to launch Prisma Cloud from the AWS Marketplace, along with the VM-Series firewall and Panorama, enable you to use API-based and inline enforcement to protect and manage your resources in the AWS cloud.
Saved Searches for Custom Policy
  • Use the Prisma Cloud default Saved Search
    AWS Route53 in Use
    to create custom policies. This saved search returns hosted zones for AWS Route53.
  • Use the Prisma Cloud default Saved Search
    Too Many IAM Users with S3-Delete Privilege
    to create custom policies. This saved search lists any IAM user who has permissions to delete S3 buckets.
AlertID Attribute in Event RQL
The new Event Query attribute
alert.id
allows to view alert details on the
Investigate
tab. For example, the query
event where alert.id IN (‘P-8444’, ‘P-8421’, ‘P-8420’)
enables you to visualize the alert details for a set of alerts such as P-8444, P-8421, and P-8420 in this example.
Notifications for Auto-Remediated Alerts
For an alert rule that is configured for automated remediation, you can now receive notifications when an incident is auto-remediated.
Single Sign-On (SSO) Configuration Layout Redesign
The SSO configuration settings on
Settings
SSO
is redesigned for usability. The options to enable SSOare grouped in to three sections—general configuration settings to set up SSO, settings for enabling SSO and local authentication for selected administrative users, and the SAML errors.
sso-redesign.png

Policy Updates

POLICY
DESCRIPTION
AWS SQS queue encryption using default KMS key instead of CMK
Identifies SQS entries which are encrypted with default KMS keys and not with Customer Master Keys (CMKs).
AWS CloudFront web distribution with default SSL certificate
Identifies CloudFront Web distributions which have a default SSL certificate to access CloudFront content.
AWS CloudFront web distribution with geo restriction disabled
Identifies CloudFront web distributions which have geo restriction feature disabled.
AWS SNS subscription is not configured with HTTPS
Identifies SNS subscriptions using HTTP instead of HTTPS as the delivery protocol in order to enforce SSL encryption for all subscription requests.
AWS Network ACLs with Outbound rule to allow All Traffic
Identifies ACLs that have an outbound rule to allow traffic on all protocols.
AWS Network ACLs with Inbound rule to allow All Traffic
Identifies ACLs that have an inbound rule to allow traffic on all protocols.

Features Introduced on April 5, 2019

Learn what’s new in the April 5, 2019 release.

New Features

This release of Prisma™ Cloud includes these improvements:
Features
Description
Support for Microsoft Azure NSG flow logs V2 (Beta)
Prisma Cloud now supports Microsoft Azure Network security group (NSG) Flow Logs version 2 in addition to the existing support for NSG flow logs version 1. If you have enabled NSG flow logs version 2 in your subscription, you can now view the byte and packet counts and session state information. You can also see these details reflected in the network graph visualization and detailed activities table on the Prisma Cloud administrative console.
GCP Public IP Address Classification
Prisma Cloud now ingests and classifies public IP addresses from Google Cloud Platform as GCP IPs. You can also use this classification to write RQL Network Queries such as
network where cloud.account = 'Demo Account' AND source.publicnetwork = 'GCP IPS' AND bytes > 0
Japanese Localization of the Prisma Cloud Admin Console
You can now set the language preference to Japanese to view the main menus and labels in the Japanese language.
japanese-localization.png
AWS CloudFormation Template Permissions Update
The CloudFormation templates for creating the Prisma Cloud AWS Read-Only and Read/Write roles have been updated to be more granular for Amazon Glacier.
The permission
glacier:Get*
is replaced with these:
  • glacier:GetDataRetrievalPolicy
  • glacier:GetVaultAccessPolicy
  • glacier:GetVaultLock
  • glacier:GetVaultNotifications
You can update these permissions manually or update the CloudFormation template.

Policy Updates

POLICY
DESCRIPTION
AWS CloudFront web distribution with AWS Web Application Firewall (AWS WAF) service disabled
Identifies Amazon CloudFront web distributions which have the AWS Web Application Firewall (AWS WAF) service disabled.
AWS CloudFront web distribution that allow TLS versions 1.0 or lower
Identifies AWS CloudFront web distributions which are configured with TLS versions for HTTPS communication between viewers and CloudFront.
AWS SNS topic with server-side encryption disabled
Identifies Amazon Simple Notification Service (SNS) topics that have server-side encryption disabled.
AWS Application Load Balancer (ALB) listener that allow connection requests over HTTP
Identifies Application Load Balancer (ALB) listeners that are configured to accept connection requests over HTTP instead of HTTPS.
AWS SNS topic encrypted using default KMS key instead of CMK
Identifies Amazon Simple Notification Service (SNS) topics that are encrypted with the default AWS Key Management Service (KMS) keys.

Recommended For You