Features Introduced in April 2020

Learn what’s new on Prisma™ Cloud in April 2020.

Features Introduced on April 21, 2020

New Features

Feature
Description
Permission Groups to support granular RBAC for Compute
Prisma Cloud administrator who require access to the Compute tab or the Compute APIs, you can have granular access and visibility to perform their job functions. The new
System Admin
,
Only for Compute capabilities
permission group restricts access to only the Compute tab and enables access to the capabilities for protecting your host, containers,and serverless functions without access to the rest of the Prisma Cloud UI or API.
system-admin-compute-role.png
The
Build and Deploy Security
is another permission group that enables you to restrict access to the DevOps users who need access to a subset of Compute capabilities and/or API access to run IDE, SCM and CI/CD plugins for Infrastructure as Code and image vulnerabilities scans.
Account-Based RBAC for Compute
Visibility to Prisma Cloud Defender data on the
Compute
tab now corresponds to the AWS, Azure, or GCP cloud accounts that each administrator is allowed to view.
Custom Email Notification Templates
From the Notification Template Hub on Prisma Cloud, you can add a custom email template for alert notification emails. You can customize the message content and include a link in the email notification.
(
Beta
) Coverage for the MITRE ATT&CK Framework
Prisma Cloud adds support for MITRE ATT&CK, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, as a compliance standard. The MITRE ATT&CK Cloud Matrix for Enterprise support on Prisma Cloud maps policies to identify and protect you from cloud-based attack techniques on AWS, Azure, and GCP.
compliance-standard-mitre-attack.png
Saved Search Addition
The saved search for AWS VPC nearing availability limit enables you to detect if the VPCs per region has reached 80% of the resource availability limit. You can then easily create a policy and generate an alert when the threshold is reached.
Granular list of Permissions for GCP
If you want to create a custom role for onboarding your GCP project or organization on Prisma Cloud, you can now use the list of granular permissions required for successfully onboarding the account.
Unusual User Activity Alerts Enhanced for Service Group Context
If a user typically uses a set of services, and Prisma Cloud detects a new service being used, the alert details include additional context on the anomaly. It alerts you on what was unusual about the activity, and whether the service accessed belongs to the same or a different service group.
unusual-user-activity-service-group.png
API Ingestion
APIs to ingest the following services:
  • AWS Elastic Beanstalk updates to ingest
    aws-elasticbeanstalk-configuration-settings
  • AWS Organization
    aws-organization

Policy Updates

Policy
Description
Policy Updates
The Recommendation instructions for the
Azure Load Balancer diagnostics logs are disabled
is updated.
The
AWS S3 bucket not configured with secure data transport
policy is enhanced to check whether bucket is exposed publicly before checking on whether it uses secure data transport.

Features Introduced on April 7, 2020

New Features

Feature
Description
Keyword Search the JSON Payload Within Event Window
On the Prisma Cloud management console, you can now search the event payload within the JSON directly in the event window, without having to copy the payload to a clipboard.
search-within-payload.png
Additional Context for IP Addresses in Usual User Activity Alerts.
For alerts triggered by the unusual user activity anomaly policy on Prisma Cloud, you now have additional context on whether the IP address matched on a threat feed. The
Additional Context
column displays the category for the IP address so that you can quickly figure out which alerts to pay attention to and act on.
suspicious-IP-context.png
API Ingestion Update
Azure
  • The
    azure-postgresql-server
    API augments the postgresql ingestion to bring in JSON data about the firewall rules.
    azure-postgres-ingestion-update.png
AWS
  • The new API is added to ingest AWS Database Migration Service —
    aws-dms-replication-instance
    .
  • To enable auto-remediation for AWS CloudTrail, you must update the CFT and enable permission for the newly added permissions:
    • ec2:ModifySnapshotAttribute
    • cloudtrail:UpdateTrail

New Policies and Policy Updates

Policy
Description
Azure Monitoring log profile is not configured to export activity logs
Identifies Azure accounts that do not have at least one monitoring log profile configured to export all activity logs.
Policy Updates
Remediation CLI is added to
GCP Storage log buckets have object versioning disabled
policy, and this policy is now a
Remediable
Prisma Cloud Default policy.

Recommended For You