Features Introduced in July 2019

Learn what’s new on Prisma™ Cloud in July 2019.

Features Introduced on July 25, 2019

New Features

Feature
Description
Compliance Dashboard 2.0
The Compliance Dashboard is revamped to help you evaluate compliance posture over time! The rich visuals and the interactive charts will make it easier for you to assess how you’re doing against internal audit and regulatory compliance requirements, scrutinize the key areas where you’re falling short, and create a report, all in one streamlined workflow. The improvements provide more ways to break down compliance using new filters for compliance sections and requirements, a trend line chart to track compliance at intervals and its course in your landscape, and a sunburst chart to visualize your pass to fail ratio across different compliance standards.
The compliance dashboard will be deployed gradually and you not may see it right away. Please be patient, good things come to those who wait.
compliance-dashboard.png
Flow Logs Ingestion Update
After you enable flow logs, Prisma Cloud will ingest flow log data for the last seven days only. If flow logs become unavailable for any reason such as if you manually disable flow logs, or modify API permissions, or an internal error occurs, when access is restored logs from the preceding seven days only are ingested.
Deletion of GCP Organization and Master Service Account
If you no longer want Prisma Cloud to monitor a GCP organization, or you want to delete a GCP project that you onboarded using a master service account, you can now delete the organization or project on
Settings
Cloud Accounts
.
gcp-delete-proj-msa.png
Although the service stops ingesting data from the project or organization as soon as you delete it, all the data on your cloud resources is purged only after 24 hours. Therefore, if the deletion was unintentional you can onboard the account back within 24 hours to resume monitoring and retain the history on your cloud resources. The audit logs retain the activity history of the user who deleted the account, the name of the cloud account and when the action was performed.
In addition, when you delete a project on GCP, Prisma Cloud learns about it and automatically deletes the account from the list of monitored accounts on
Settings
Cloud Accounts
. To track the automatic deletion of the project, an audit log is generated.
RQL Enhancements for Functions
For Config RQL queries, view the results of the
_DateTime.
function as a column on the
Investigate
page, instead of locating and verifying the results within the resource JSON.
For example, the query
config where api.name = 'aws-ec2-describe-instances' addcolumn _DateTime.ageInDays(launchTime)
adds a column for
LaunchTime
and displays the results on the page.
rql_rlp-8381-3.png
Functions also support auto-suggest when you enter the prefix
_
in a json.rule or addcolumn attribute.
rql_rlp-8381.png
and
rql_rlp-8381-2.png
Saved Search for Identifying VM-Series Firewalls
Use the new saved search to list VM-Series Firewall instances that are deployed on your GCP, AWS, and Azure environments. You can use this saved search to easily create a policy and generate an alert if you want to ensure that your internet-facing workloads are secured with VM-Series firewalls.
config where api.name = 'gcloud-compute-instances-list' as X; config where api.name = 'gcp-compute-disk-list' as Y; filter '$.X.disks[*].source contains $.Y.name and ($.Y.sourceImage contains vmseries-bundle or $.Y.sourceImage contains vmseries-byol)' ; show X;

Policy Updates

Policy
Description
Azure AKS cluster pool profile count contains less than 3 nodes
Checks if there are fewer than 3 nodes within your AKS cluster pool profile and alerts you to it.
Azure AKS cluster Azure CNI networking not enabled
Checks your AKS cluster for the Container Networking Interface (CNI) plugin and generates an alert if it is not enabled.
Azure AKS cluster monitoring not enabled
Checks if monitoring is enabled for AKS clusters and alerts you if no configuration is found, or the monitoring add-on is disabled.
Azure AKS enable role-based access control (RBAC) not enforced
Checks whether your AKS cluster is RBAC enabled to grant users or groups access to only the resources they need.
Azure ACR HTTPS not enabled for webhook
Checks your Azure container registry webhooks for the use of the HTTPS protocol and alerts you to if it is not enabled.
Azure AKS cluster HTTP application routing enabled
Checks if your AKS cluster has the HTTP application routing add-on that creates publicly accessible DNS names for application endpoints and alerts you if it is enabled.
Config policy GCP HTTPS Load balancer SSL Policy not using restrictive profile
Identifies GCP HTTPS Load balancers that are not using a restrictive profile in SSL Policy to meet stricter compliance requirements.
GCP HTTPS Load balancer is configured with SSL policy having TLS version 1.1 or lower
Identifies GCP HTTPS Load balancers that are configured to use SSL policy with TLS version 1.1 or lower.

Features Introduced on July 11, 2019

New Features

Feature
Description
Support for the AWS Hong Kong region
Prisma Cloud can now monitor resources in the AWS Hong Kong region (ap-east-1).
aws-hong-kong.png
IP Address Modeling for Anomaly Alert Generation
To reduce false positives when detecting unusual user activity, Prisma Cloud has augmented UEBA modeling to incorporate IP address information.
Prisma Cloud relies on a third-party source for IP address to geo-location resolution to detect unusual user activity. Using the IP address to geo-location resolution can sometimes generate false positives in the Unusual User Activity policy when the same IP resolves to different locations at different points in time. With this modeling change, when there is unusual user activity from a previously unseen location for a known IP address, the service no longer generates anomaly alerts.
Microsoft Teams Integration
Create an Office 365 webhook integration on a Microsoft Teams channel and configure Prisma Cloud to send notifications to it. Sending RedLock alerts to a Microsoft Teams channel enables your DevOps and SecOps teams to investigate and remediate security incidents more promptly.
API Ingestion Updates
Prisma Cloud has added coverage for the GCP API service
gcloud-compute-global-forwarding-rule

Policy Updates

Policy Name
Description
GCP storage bucket is encrypted using default KMS key instead of customer-managed key
Identifies storage buckets that are encrypted with the default Google-managed keys. As a best practice, use Customer-managed keys to encrypt the data in your storage bucket and ensure full control over your data.
GCP load balancer target proxy is configured with default SSL policy instead of custom SSL policy
Identifies load balancer target proxies which are configured with default SSL policy instead of a custom SSL policy. As a best practice, using custom SSL policy to access load balancers gives you better control over SSL/TLS versions and ciphers.
GCP load balancer HTTPS target proxy is not configured with QUIC protocol
Identifies load Balancer HTTPS target proxies which are not configured with QUIC protocol. Enabling the QUIC protocol helps the load balancer target HTTPS proxies to establish connections faster, supports stream-based multiplexing, improved loss recovery, and eliminates head-of-line blocking.

Recommended For You