Features Introduced in March 2020

Learn about the exciting new features introduced on Prisma Cloud in March 2020.

Features Introduced on March 24, 2020

Features Introduced on March 10, 2020

Features Introduced on March 24, 2020

New Features

This release of Prisma™ Cloud includes these improvements:

Features	Description
`(Beta)` AutoFocus Integration on Prisma Cloud	With the Prisma Cloud Enterprise Edition license, threat feeds from AutoFocus, the cloud-based threat intelligence service from Palo Alto Networks are now available to you. When Prisma Cloud identifies a suspicious IP address, the threat feeds will enable you to classify and view more information on the malicious IP addresses with which the suspicious IP address is communicating, and detect activity such as bit coin mining and the bad actors that expose them to risk. You can take advantage of the threat feeds without making any configuration changes on Prisma Cloud.

Granular Licensing Data in CSV Format	To view data on hourly or daily licensed workloads on Prisma Cloud, you can now download data on license usage in one zip file that includes individual files for each cloud type that Prisma Cloud monitors - AWS, Alibaba, Azure and GCP. For a time period of 3 days or less, you can download hourly usage data, and data on daily usage for a time period greater than 3 days. This granularity enables you to review usage on a account group level and manage internal charge backs within your enterprise.
User Attribution for Azure Storage Blob Containers	Prisma Cloud now ingests data on the creation and revision date of an Azure storage blob container. With user attribution, you can now monitor who made changes using the Audit Trail in the Resource Explorer for events related to Azure Storage Blob Containers on the Prisma Cloud administrative console.
Geo-Location for Port Scan And Port Sweep Alerts	The alerts associated with an port scan and port sweep activity triggered by an external entity, now include geo-location data to help you identify the location of the IP address from which the attack originates.
API Ingestion Update	Prisma Cloud now ingests the following new services to help build Config queries for investigating and analyzing data: aws-ec2-elastic-addresses aws-sagemaker-notebook-instance
Permissions Update for ServiceNow Integration	The Prisma Cloud integration with ServiceNow, no longer requires you to grant the itil or the sn_si.admin roles to the user account. Review the updated list of permissionsrequired.
Saved Search Additions	Use the following Saved Search to easily create a policy and generate an alert if you want to check for: Azure SQL server audit action groups in auditing policy are not set properly Ensure a log metric filter and alarm exist for Management Console sign-in without MFA AWS Log metric filter and alarm does not exist for usage of the root account

Features Introduced on March 10, 2020

New Policies and Policy Updates

New Features

This release of Prisma™ Cloud includes these improvements:

Features	Description
Support for Multi-Tenant Demisto Deployments	When you enable the Demisto integration on Prisma Cloud, you can now add the tenant name of a Demisto instance that is a part of a multi-tenant deployment.
API Ingestion Update	Prisma Cloud now ingests the following new services to help build Config queries for investigating and analyzing data: azure-sql-managed-instance aws-elbv2-target-group aws-apigateway-client-certificates

New Policies and Policy Updates

POLICY	DESCRIPTION
AWS Elastic Load Balancer v2 (ELBv2) with listener TLS/SSL is not configured	Identifies AWS Elastic Load Balancers v2 (ELBv2) that have TLS/SSL listener disabled, and therefore do not receive traffic over a secure channel with a valid SSL certificate.
Ensure a log metric filter and alarm exist for Management Console sign-in without MFA	Monitors the AWS accounts that do not have a log metric filter and alarm for AWS management console authentication failures, when you do not have MFA enabled.
AWS Log metric filter and alarm does not exist for usage of the root account	Identifies AWS accounts that do not have a log metric filter and alarm for monitoring the use of the privileged root account for login.
Azure SQL server audit action groups in auditing policy are not set properly	Identifies Azure SQL servers that are not enabled with AuditActionGroups to capture critical activities performed on these servers.
AWS CloudTrail logging is disabled	Identifies AWS CloudTrail for that do not maintain an audit trail of activities across different services.
Policy Updates	The AWS Config Recording is disabled policy RQL is updated to include the count function. With this change, instead of generating an alert at the account level, the policy generates alerts for each region where AWS config recording is not enabled to detect changes to resource configuration. The updated RQL is config where cloud.type = 'aws' AND api.name = 'aws-configservice-describe-configuration-recorders' AND json.rule = 'status.recording is true and status.lastStatus equals SUCCESS and recordingGroup.allSupported is true' as X; count(X) less than 1
Policy Updates	The following remediable policies have updates to the remediation CLI that require additional permissions: Azure App Service Web app authentication is off Azure App Service Web app doesn't redirect HTTP to HTTPS Azure App Service Web app doesn't use latest TLS version Azure App Service Web app doesn't require Client Certs Azure App Service Web app doesn't have a Managed Service Identity Azure App Service Web app doesn't use HTTP 2. The additional permissions required are: “Microsoft.Web/sites/config/write" , and "Microsoft.Web/sites/write"