Features Introduced in May 2019
Learn what’s new on Prisma™ Cloud in May 2019.
Features Introduced on May 23,2019
Learn what’s new on May 23, 2019.
CSV Download of Config Data
You can now download details in a CSV format to analyze Config events offline. Enter your RQL query on the Investigate page on the Redlock admin console to download the results as a .zip file.
Tenable Integration for GCP accounts
RedLock service now supports the Tenable integrationon Google Cloud Platform.This integration provides additional context around vulnerabilities identified in your GCP workloads to help you prioritize alerts. For example, you can address high severity vulnerabilities on hosts that are internet facing and are receiving malicious traffic ahead of other types of hosts.
CLI Variables for Automated Remediation
Auto Suggestion for
json.ruleattribute in Event RQL
To help you easily build Event RQL queries, you can see automatic suggestions for the attribute
json.rulewhen used with the
operationattribute. Auto suggest works with the operators
Auto suggestion is not available for array objects.
cloud.typeattribute to refine your search results.
Prisma Cloud now ingests the following new Azure services to help build Config queries:
Classification of Microsoft Azure ELBs
Microsoft Azure Load Balancers are now classified as
AWS Lambda Function is not assigned to access within VPC
Identifies the AWS Lambda functions which do not have access within the VPC.
GCP Project audit logging is not configured properly across all services and all users in a project
Identifies the GCP projects in which cloud audit logging is not configured properly across all services and all users.
Features Introduced on May 9,2019
Learn what’s new on May 09, 2019.
RedLock Service in New Regions
Prisma Cloud is now available in the Australia & New Zealand (ANZ) region. You can select this region, when you sign up for the service from the AWS Marketplace or the Palo Alto Networks Marketplace. In addition, Prisma Cloud is also available on AWS GovCloud. You can request a RedLock tenant on AWS GovCloud, when you sign up for the service from the Palo Alto Networks Marketplace.
Operators in Event RQL
You can now use the operators
Does not Contain,
Does not existwith Event RQL queries.
API Ingestion Update
userAttribute Rename in Event RQL
userattribute in Event RQL is renamed to
subjectto represent both users and instances.
roleAttribute in Event RQL
Support for Strings with Space Separators
You can now use RQL to search for strings that include white space as a separator. This capability helps you find values with space, such as in keys, key value pairs, or security groups. For example, if your key name is
test 4081and it has the value
tag with space, use this query.
config where cloud.type = 'aws' AND api.name = 'aws-ec2-describe-security-groups' AND json.rule = "tags[*] size greater than 0 and tags[?(@.key=='test 4081')].value contains \"tag with space\""
Network Alert Workflow Update
GCP Kubernetes cluster size contains less than 3 nodes
Checks the size of your cluster pools and alerts if there are fewer than 3 nodes in a pool.
GCP Kubernetes cluster Istio Config not enabled
Checks your cluster for the Istio add-on feature and alerts if it is not enabled.
GCP Kubernetes cluster not in redundant zones
Alerts if your cluster is not located in at least 3 zones.
GCP Kubernetes cluster Application-layer Secrets not encrypted
Checks your cluster for the Application-layer Secrets Encryption security feature and alerts if it is not enabled.
GCP Kubernetes cluster intra-node visibility disabled
Checks your cluster's intra-node visibility feature and generates an alert if it's disabled.
AWS SSM Parameter is not encrypted
Identifies the AWS SSM Parameters which are not encrypted.
AWS Cloudfront Distribution with S3 have Origin Access set to disabled
Identifies the AWS CloudFront distributions which are utilizing S3 bucket and have Origin Access Disabled.
AWS CloudFront Distributions with Field-Level Encryption not enabled
Identifies CloudFront distributions for which field-level encryption is not enabled.
Features Introduced on May 2, 2019
Learn what’s new on May 02, 2019.
Auto Enable New RedLock Default Policies
When you save this selection, you can choose whether to automatically enable all existing and future policies that match the criteria, or only enable policies future policies that match the criteria.
You can now globally enable all RedLock Default policies of
Asset Inventory Details for all Cloud Accounts
Aggregate Connection Count for Network Queries
Network Query (RQL) attributes to aggregate connection counts for both ingress and egress traffic are now available to help you detect an attempt to perform a port scan or port sweep, or identify hosts that are establishing multiple SSH connections from one or more external IP addresses, or to detect an attempt to set up a large number of egress connections on the crypto ports of a host.
dest.outboundpeersto count distinct outbound IP addresses to which a resource is establishing connections. And use
dest.outboundportsto count the outbound ports to which a resource is establishing connections. Both outboundpeers and outboundports support numeric operators (<, =, >).
For example, the following RQL helps you detect resources that have established outbound connections on 2 or more ports to external destinations including web servers or Databases:
The network visualization graph on Investigate gives you the ability to drill-down for details.
Mandatory Account Group Selection
Link to Configure Integrations from an Alert Rule
While configuring RedLock Alert Notifications if you want to send notification to an external integration, you can now use the inline link to set up the integration. This usability enhancement makes it easier for you to configure external integrations just in time with the creation of the alert rule.
Count(X)Attribute in Config Queries
The new Config Query attribute
Count(X)allows you to aggregate search results by account or by region.
displays results grouped by account because the API is global.
displays results grouped by region because the API is regional.
GCP Kubernetes Engine Clusters not configured with network traffic egress metering
Identifies Kubernetes Engine Clusters which are not configured with network traffic egress metering.
GCP Kubernetes Engine Clusters have Alpha cluster feature enabled
Identifies Google Kubernetes Engine (GKE) clusters that are enabled for alpha clusters.
GCP Kubernetes Engine Clusters network firewall inbound rule overly permissive to all traffic
Identifies Firewall rules attached to the cluster network which allows inbound traffic on all protocols from the public internet.
GCP Kubernetes Engine Clusters legacy compute engine metadata endpoints enabled
Identifies Kubernetes Engine Clusters for which legacy compute engine metadata endpoints are enabled.
Recommended For You
Recommended videos not found.