Features Introduced in August 2019
Learn what’s new on Prisma™ Cloud in August 2019.
Features Introduced on August 22, 2019
Simplified Cloud Account Onboarding for First-Tme Users
The Cloud Account Onboarding tours are designed to help you onboard your cloud accounts on AWS, Azure, and GCP and simplify the first step for cloud monitoring and governance. The guided experience helps Prisma Cloud administrators with the System Administrator and Cloud Provisioning Administrator roles automate some of the configuration options for quicker onboarding.
HITRUST Compliance Standard for AWS
With the support for the Health Information Trust Alliance (HITRUST) security control framework, Prisma Cloud enables you to audit how you are doing on this healthcare regulatory requirement.
Use the policy checks included in the HITRUST Version 9.2 compliance standard to ensure that your AWS workloads that store, process, transmit, and analyze protected health information are securely handling sensitive data.
Principal ARN Check for Prisma Cloud Monitored AWS Accounts
_AWSCloudAccount.isRedLockMonitoredfunction is enhanced to check for the Principal ARN in addition to the Account ID specified in the policy trust document and verify whether the AWS Principal ARN belongs to an account that is monitored by Prisma Cloud. The RQL is
config where api.name = 'aws-iam-list-roles' AND json.rule = ‘_AWSCloudAccount.isRedLockMonitored(role.assumeRolePolicyDocument.Statement[*].Principal.AWS) is true’
With this enhancement, when you use this RQL in a custom policy, an alert is generated when a cross-account role allows access to an AWS account that belongs to an AWS account—third-party or other AWS accounts you own—that is not monitored by Prisma Cloud.
Resource Attribution on Azure
Prisma Cloud correlates data available in resource configurations and audit events to you identify who (which user) made changes to specific Azure resources. You can use this capability to investigate these changes using the Resource Explorer on the Prisma Cloud administrative console.
Resource attribution is supported for events related to the following Azure resources:
API Ingestion Updates
Prisma Cloud has added coverage for the API:
GCP load balancer sensitive configuration updates
Detects sensitive configuration updates such as the deletion or modification of a GCP load balancer and SSL policies.
Features Introduced on August 9, 2019
Prisma™ Cloud Launch
RedLock has a new name
Prisma Cloud, sports a bold new look that is cohesive with other products in the Prisma™ suite, and is on the Palo Alto Networks hub from where you can seamlessly access all your Palo Alto Networks services and apps.
As a part of this change, the URL for accessing the administrator and API console for Prisma Cloud is updated to replace redlock.io with prismacloud.io. For example, the URLs now are https://app.eu.prismacloud.io and https://api.eu.prismacloud.io.
For access to the Prisma Cloud administrator console, you now have two options—Palo Alto Networks Customer Support Portal (CSP) credentials, or SSO using a third-party IdP.
If you do not use a third-party IdP, you have a single set of credentials for accessing the Prisma Cloud admin console, the Palo Alto Networks Customer Support Portal (CSP), and other instances of Prisma Cloud with multi-tenant deployments. As a part of this change, Prisma Cloud does not support a local username and password any longer; however, if you have an existing automation, it will continue to work. Palo Alto Networks recommends that you use Access Keys (see below).
With a third-party IdP, you can continue with the IdP-initiated authentication flow for access to Prisma Cloud, and have separate credentials for accessing the Palo Alto Networks Customer Support Portal (CSP).
To access the Prisma Cloud API for external integrations and automation, you can now generate an access key for authenticating API calls. Access keys enable you to meet the audit and compliance requirements for your enterprise and protect against compromise in the event one or more keys are compromised. As a system administrator, you can disable/revoke a valid API key to reduce the effects of an accidental exposure, and enforce key rotation as a security best practice.
Navigation Path Updates on the Administrative Console
As a part of the new look for Prisma Cloud, the navigation is a vertical drop-down.
Secureis renamed as
Alertsnow groups all alert-related configuration elements with a new
Overviewwhere you can view all alerts, and
Notification Templatesthat have moved from