Features Introduced in June 2020
Learn what’s new on Prisma™ Cloud in June 2020.
Features Introduced on June 16, 2020
Threat Source and Unit 42 tags in Network RQL
In Network RQL, you can now filter for search results based on threat source, such as AutoFocus or Facebook ThreatExchange. And for AutoFocus, you can further query for specific tag groups using
threat.tag.groupthat reference genre for malware families as categorized by the Unit 42 threat research team. For example:
network where dest.publicnetwork IN ('Suspicious IPs') and threat.source IN ( 'AF' ) AND threat.tag.group = 'Cryptominer'
Prisma Cloud Business Edition on Azure China
Plugin Updates for scanning IaC templates
Saved Search Additions
Use the following Saved Search to easily create a policy and generate an alert if you want to check for:
New Policy and Policy Updates
AWS IAM roles with administrator access permissions
Identifies AWS IAM roles with administrator access privileges. Granting least privilege access is recommended as a security best practice.
AWS IAM groups with administrator access permissions
Identifies AWS IAM groups with administrator access privileges.
GCP SQL Server instance database flag 'cross db ownership chaining' is enabled
Identifies GCP SQL Server instances that are enabled for cross database ownership, so that you can assess the security implications of this setting.
GCP SQL Server instance database flag ‘contained database authentication’ is enabled
Identifies SQL Server instances that are enabled for contained database authentication, as this poses a security risk because control over access to the server is no longer limited to members of the system or security administrators.
Prisma Cloud Default Policies—No longer available
Due to the delay in generating the associated alerts, the following Prisma Cloud default policies are no longer available:
These policies are being removed to optimize performance and to address the time to alert delays due to the large volume of data that these policies parse.
Features Introduced on June 2, 2020
Custom Header Support for Webhook Integration
To enable support for additional data such as the API key or access token of your application in a Webhook integration, Prisma Cloud supports key-value pairs in a custom header.
If you had previously set up a Webhook integration, the Auth Token you had configured is now sent as a custom header in the payload.
Business Unit Report on Open Alerts
To share a report on the status of your cloud assets and how they are doing against Prisma Cloud security and compliance policy checks, you can generate an on-demand or schedule a
Business Unit Report. The report enables your business stakeholders to keep track of the total number of assets and how many of them have passed or failed against the enabled policies, and monitor how they’re doing on a regular basis.
You can opt to create a summary report which shows you how you’re doing across all your business units. The detailed report allows you to get more granular on each of the cloud account in the report.
GCP Seoul Region Support
Prisma Cloud can now monitor resources deployed in the Seoul region. To review the list of supported regions, use the
Cloud Regionfilter on the
APIs to ingest the following services:
Ingesting Tags for AWS Resources
To enable filtering using tags in RQL, the following AWS APIs ingest tag information on your cloud resources:
Saved Search Additions
Use the following
Saved Searchesto easily create a policy and generate an alert if you want to check for:
New Policies and Policy Updates
Anomaly Policies to Detect Network Evasion or Resource Misuse
Five new Anomaly policies are available to help you detect:
AWS MQ is publicly accessible
Identifies AWS MQ brokers that are publicly accessible from the internet. As a best practice, ensure that AWS MQ brokers are not accessible from the Internet to minimize security risks and exposure of sensitive data.
AWS MFA is not enabled on Root account
Identifies root accounts that do not enforce Multi Factor Authentication (MFA) on the AWS public cloud. Because root accounts have privileged access to all AWS services, enabling MFA reduces the risk of root accounts credentials being compromised.This policy does not apply to AWS GovCloud accounts because you cannot enable MFA on AWS GovCloud (US) root accounts.
Recommended For You
Recommended videos not found.