Features Introduced in June 2019
Learn what’s new on Prisma™ Cloud in June 2019.
Features Introduced on June 22, 2019
Amazon GuardDuty Findings on IAM Users
To help you to find potential security issues —malicious activity and unauthorized behavior— that pertain to IAM Users who are identified in Amazon GuardDuty findings, you can now specify
hostfinding.type = 'AWS GuardDuty IAM' in a Config RQL query.
Azure Network Security Group Rule Actions
To help you audit Network Security Groups (NSGs) directly from the RedLock console, the resource explorer and the network explorer display how Azure NSGs are configured to enforce traffic in your Azure environment.
To display the information on the Azure NSG rule, both the resource explorer and the network explorer, now have a new
Actioncolumn, which indicates whether the NSG rule is set to
API Ingestion Update
Prisma Cloud has improved coverage for the following API service that you can query using RQL:
aws-elasticbeanstalk-environmentJSON is modified to include the response from the environment resources details in the
The following new policies are available in this release:
AWS EKS cluster control plane assigned to multiple security groups
Checks the number of security groups assigned to your AWS EKS cluster control plane and alerts if more than one security group is attached to the cluster.
AWS EKS cluster using the default VPC
Identifies AWS Kubernetes clusters which are configured with the default VPC instead of a custom VPC.
AWS EKS control plane logging disabled
Checks whether or not Kubernetes control plane logging for audit and diagnostic logs is enabled so that log data on your EKS cluster is directly written to CloudWatch Logs. This policy alerts you if logging is disabled.
AWS EKS cluster security group overly permissive to all traffic
Identifies security group rules that are attached to the cluster network and allow inbound traffic for all protocols from the public internet.
AWS EKS cluster endpoint access publicly enabled
Checks whether your Kubernetes cluster endpoint that enables the API server to communicate with all worker nodes within your cluster is publicly accessible. This policy alerts if you have not restricted public access to the Kubernetes cluster endpoint.
Features Introduced on June 6,2019
Learn what’s new on June 6, 2019.
Just-In-Time Provisioning for SSO Users
To successfully access the RedLock service using Single Sign-on (SSO), every user (administrator) requires a local account on Prisma Cloud. With Just-In-Time (JIT) Provisioning, you no longer are required to create the user in advance on Prisma Cloud. After successful authentication with your SSO Identity Provider (IdP), users are now automatically provisioned on Prisma Cloud with the specified role. From
, Enable JIT Provisioning and specify the SAML attributes you configured for your users on your IdP.
Coverage for Azure Container Registry Webhooks and Azure App Service Authentication
When you onboard your Azure subscriptions to Prisma Cloud, you can now ingest additional information from the Azure Container Registry webhooks and the Azure App Service to provide more visibility and context.
Create a custom role or modify an existing role to include the following permissions:
Bypass DNS Resolution for SAML
If you have deployed your IdP on an internal network, and do not need a DNS look up for the URLs defined on the SSO configuration settings, you can now disable it. To disable DNS look ups, clear the
Enforce DNS resolution for RedLock Access SAMLon
New API Ingestion
Prisma Cloud adds coverage for the following new services that you can use in RQL:
API Ingestion Updates
Details on the Updates
aws-iam-get-policy-versionAPI is modified to lists all IAM users, groups, and roles that the specified managed policy is attached to. With this change, this API now retrieves information about managed policies along with all IAM users, groups, and roles attached to the policies.
aws-rds-db-cluster-snapshotsAPI now includes a new JSON field
dbclusterSnapshotAttributesthat provides information the attributes in an RDS database cluster snapshot.
aws-kms-get-key-rotation-statusAPI now includes a new JSON field
policies. With this change, this API now retrieves KMS key rotation status along with the list of policies associated with the key.
aws-ecr-get-repository-policyis updated to include the IAM policy statement, which provides information on the operations performed on the ECR resource. With this change the JSON structure is fully revised.
If you have a custom policy that uses this API, modify the RQL in your policy to match the new JSON structure and ensure that the policy continues to work as expected.If you do not modify the policy, in the event that you update the settings for the ECR resource on AWS, your custom policy can no longer generate alerts. This occurs because Prisma Cloud will rescan the resource and retrieve data in the new JSON structure, and it will no longer match the conditions defined in the earlier format.
aws-sqs-get-queue-attributesis updated to include the policy statement, which provides information on the operations performed on the SQS resource. With this change the JSON structure is fully revised.
If you have a custom policy that uses this API, modify the RQL in your policy to match the new JSON structure and ensure that the policy continues to work as expected.If you do not modify the policy, in the event that you update the settings for the SQS resource on AWS, your custom policy can no longer generate alerts. This occurs because Prisma Cloud will rescan the resource and retrieve data in the new JSON structure, and will not match the conditions defined in the earlier format.
Recommended For You
Recommended videos not found.